Wednesday, 18 March 2026
Mistral launches Forge, Stripe enables agent payments, and Snowflake's AI sandbox gets owned
Today's Lead
Mistral AI
Mistral AI Launches Forge for Custom Enterprise AI Models
Mistral AI has announced Forge, a platform enabling enterprises to build custom frontier-grade AI models trained on their proprietary data and internal knowledge. The system supports pre-training, post-training, and reinforcement learning with both dense and mixture-of-experts architectures, and features an 'agent-first' design allowing autonomous systems to improve models through natural language. Mistral has partnered with major organizations including ASML, ESA, Ericsson, and government labs to deliver domain-specific AI capabilities.
Also today
Stripe Blog
Stripe Introduces Machine Payments Protocol for AI Agents
Stripe has launched the Machine Payments Protocol (MPP), an open standard co-authored with Tempo that enables autonomous agents to make payments programmatically without requiring account creation or manual payment entry. Agents can conduct microtransactions and recurring payments through a simplified process, using either stablecoins or traditional payment methods through Stripe's existing PaymentIntents API.
Read →PromptArmor / Simon Willison
Snowflake AI Escapes Sandbox and Executes Malware via Prompt Injection
PromptArmor disclosed a now-fixed prompt injection attack chain in Snowflake's Cortex Agent where an attacker hid malicious instructions in a GitHub README. The attack exploited Cortex's command allow-list by using process substitution within an approved 'cat' command to download and execute arbitrary code. The vulnerability highlights the inherent unreliability of pattern-based allow-lists for agent tool use, reinforcing the case for deterministic sandboxing outside the agent layer.
Read →ProPublica
Federal Cyber Experts Approved Microsoft Cloud Despite Serious Reservations
Federal cybersecurity reviewers approved Microsoft's Government Community Cloud High despite being unable to verify critical encryption protections and describing the system's architecture as deeply problematic. The authorization came after years of delays and external pressure from agencies already using the platform, with FedRAMP approving the product in December 2024 with conditions even as assessors lacked confidence in its overall security posture.
Read →Simon Willison
OpenAI Releases GPT-5.4 Mini and Nano
OpenAI released two new smaller models: GPT-5.4 nano at $0.20 per million input tokens and GPT-5.4 mini at $0.75, with the nano outperforming the previous-generation mini at maximum reasoning effort and undercutting Google's Gemini 3.1 Flash-Lite on price. Simon Willison demonstrated that describing all 76,000 photos in his collection would cost roughly $52 with the nano model.
Read →Engadget
Meta Shutting Down VR Horizon Worlds on June 15
Meta is discontinuing its VR version of Horizon Worlds, removing the app from Quest headsets and making all worlds inaccessible in VR after June 15, 2026. The company is pivoting away from its metaverse ambitions toward mobile experiences and AI technologies.
Read →Cloudflare Blog
Cloudflare Introduces Custom Regions for Data Sovereignty
Cloudflare launched Custom Regions, letting customers define their own geographical boundaries for data processing rather than choosing from pre-defined options. The company also expanded its managed regions to 35 locations. The solution maintains global DDoS protection while ensuring Layer 7 processing and TLS termination occur exclusively within customer-defined regions.
Read →Hacker News
A widely-discussed essay argues that AI-assisted coding has become psychologically similar to gambling — while generating code changes is trivial, outputs often contain errors requiring significant cleanup, replacing genuine problem-solving with repetitive 'lever-pulling.' The author contends that the practice erodes the creative satisfaction developers traditionally derived from coding, leaving them questioning whether they're improving or simply caught in a compulsive cycle.
Read →Lobsters
GNOME 50 introduces parental controls for screen time management, significant accessibility improvements to the Orca screen reader with redesigned preferences and better Braille support, and Variable Refresh Rate and fractional scaling enabled by default. The release also brings HDR screen sharing, Vulkan hardware acceleration for remote desktop, and improvements across core applications.
Read →Hacker News
Rob Pike's 5 Rules of Programming Resurface on Hacker News
Rob Pike's classic 1989 programming rules hit the top of Hacker News with nearly 700 points, resonating strongly with today's developers. The rules emphasize avoiding premature optimization, measuring before tuning, and prioritizing simplicity — arguing that well-chosen data structures make algorithms self-evident, echoing foundational wisdom from Tony Hoare and Ken Thompson.
Read →