Last week in AI | 16 March

2026-03-16 · Source: Thoughtworks Insights · Field: Technology & Digital — Artificial Intelligence & Machine Learning, Cybersecurity & Data Privacy · Depth: Intermediate, quick

Summary

The "Last week in AI" brief for March 16, 2026, covers key AI releases and persistent challenges. OpenAI launched GPT-5.4 with significant enterprise and general knowledge improvements. Anthropic's Claude Code introduced a "/loop" command for scheduled tasks and automated code review, while Google deepened Gemini integration across Workspace apps. However, security and stability remain critical concerns. McKinsey's internal AI platform "Lilli" was compromised in two hours by autonomous agents exploiting unauthenticated API documentation, granting full database access. High-blast radius outages at Amazon and ongoing availability issues with other providers suggest instability is a trade-off for rapid AI engineering innovation. Analysis also showed LLMs often generate "plausible code" rather than functionally correct code, highlighting the need for automated performance tests and explicit instructions. The brief also discussed a shift towards command-line interfaces, proposing a CLI vault for secure agent access to protect environment variables and API keys, and emphasizing workflow effectiveness.

Key takeaway

For AI Engineers deploying autonomous agents or integrating new LLMs, you must prioritize robust security and validation. The compromise of McKinsey's "Lilli" and the "plausible code" issue from LLMs highlight critical vulnerabilities. Implement CLI vaults to secure agent access to sensitive credentials like API keys and environment variables. Additionally, integrate automated performance tests and explicit instructions into your workflows to ensure functional correctness and prevent security exploits, rather than relying on implicit AI knowledge.

Key insights

AI advancements like GPT-5.4 and Claude Code require robust security, explicit instructions, and rigorous testing to counter inherent vulnerabilities and instability.

Principles

• Rapid AI innovation often sacrifices stability.
• Implicit knowledge degrades AI agent effectiveness.
• Secure agent access needs explicit gateways.

Method

A CLI vault routes agent access through a secure gateway, preventing direct access to environment variables and API keys, enhancing security for autonomous agents.

In practice

• Implement automated performance tests for LLM-generated code.
• Provide explicit instructions to guide AI agent behavior.
• Investigate CLI vaults for securing agent access.

Topics

• GPT-5.4
• Claude Code
• Google Gemini
• AI Security
• Autonomous Agents
• LLM Code Generation

Best for: CTO, VP of Engineering/Data, Executive, AI Engineer, MLOps Engineer, Director of AI/ML

Related on AIssential

• Issue #122 - The 12-Step Blueprint for Building an AI Agent. Part I — Effective AI agent development prioritizes systems engineering over prompt engineering for production readiness.
• Using LLMs to secure source code — LLMs streamline vulnerability discovery, shifting the bottleneck to verification, triage, and patching.
• [AINews] Everything is Conductor — The AI ecosystem is rapidly converging on agent-first development, driving innovation in tooling, infrastructure, and autonomous systems.
• The Developer’s Guide to LLM Security — LLM and agentic AI security introduces novel vulnerabilities requiring new architectural and testing approaches.
• Just use GPT-5.4 xhigh — The AI landscape is rapidly evolving with advanced models, agentic workflows, and specialized tools for development and security.
• Three AI coding agents leaked secrets through a single prompt injection. One vendor's system card predicted it — AI agent runtime environments, not just models, are critical attack surfaces for prompt injection vulnerabilities.

Open in AIssential →

Editorial summary, takeaway, and curation by AIssential. Original article published by Thoughtworks Insights.