AI agents burn tokens blindly & Always-on agents: OpenAI vs Anthropic - AI News (Apr 23, 2026)
Agent costs spiral, always-on ChatGPT/Claude rumors, Qwen multimodal gains, new agent security tools, and an AI influencer exposed. Apr 23, 2026.
Our Sponsors
Today's AI News Topics
-
AI agents burn tokens blindly
— Ramp Labs finds coding agents ignore token budgets and even “continue” when forced to choose, signaling a need for external spend controls and auditable approvals. -
Always-on agents: OpenAI vs Anthropic
— Leaks suggest OpenAI is testing persistent “ChatGPT Agents” while Anthropic appears to be building an always-on Claude runtime, intensifying the race for long-running, tool-using assistants. -
Qwen’s new omnimodal leap
— Qwen’s Qwen3.5-Omni report claims stronger text–image–audio performance and long-context capabilities, pointing to more interactive multimodal AI via API. -
Training agents with real tools
— Agent-World from Renmin University and ByteDance Seed proposes scalable, stateful tool environments plus self-evolving evaluation loops to improve general-purpose agent reliability. -
Google’s Deep Research API push
— Google adds Deep Research and Deep Research Max to the Gemini API with citations and MCP connectivity, aiming at enterprise research automation across web and private data. -
New security layers for agents
— Brex open-sources CrabTrap, a policy-enforcing proxy that can inspect agent outbound requests and apply LLM-based approvals, addressing real-credential agent risk. -
Bit-flip attacks sabotage models
— NVIDIA and collaborators show catastrophic “Deep Neural Lesion” failures from flipping a few sign bits in weights, raising alarms about storage and hardware tampering defenses. -
AI influencer deception goes viral
— Wired reports a viral pro-MAGA influencer persona was AI-generated and monetized at scale, spotlighting synthetic identity, persuasion, and platform enforcement gaps. -
Tokenmaxxing and on-device AI
— A “tokenmaxxing” brag culture collides with Anker’s push for local AI chips, highlighting two opposite bets: expensive cloud usage versus efficient on-device inference. -
Newsrooms draw AI boundaries
— Ars Technica publishes a clear generative-AI newsroom policy—human-authored stories, limited tool use, and strict verification—to protect trust and accountability.
Sources & AI News References
- → Runpod Adds AP-IN-1 Datacenter and Joins OpenAI Model Craft Challenge as Infrastructure Partner
- → Ramp Labs Finds Coding Agents Ignore Token Budgets and Need External Spend Controllers
- → Runpod launches new AP-IN-1 datacenter and partners with OpenAI on Model Craft Challenge
- → Altman Accuses Anthropic of Using Fear to Market Restricted ‘Mythos’ Cybersecurity Model
- → OpenAI tests Hermes, a platform for always-on ChatGPT agents
- → Qwen Publishes Qwen3.5-Omni Report Claiming SOTA Audio-Visual Performance and New Streaming Speech Alignment
- → Agent-World Introduces a Self-Evolving Training Arena for Tool-Using AI Agents
- → Google open-sources Stitch’s DESIGN.md design-system format for cross-platform use
- → Google Skills Updates Cloud TPU Training Course and Notes Vertex AI Rebrand
- → Study Finds AI-Style Design Patterns Now Common Across Show HN Landing Pages
- → Google Launches Deep Research and Deep Research Max Agents for Enterprise-Grade Gemini Workflows
- → Brex Open-Sources CrabTrap Proxy to Policy-Check AI Agents’ Network Requests with an LLM Judge
- → David Bessis Warns AI Is Breaking Mathematics’ Theorem-First Incentive System
- → OpenAI Launches ChatGPT Images 2.0 With Improved Control, Typography, and Multilingual Rendering
- → Data-Free Sign-Bit Flips Can Cripple Vision and Language Neural Networks
- → WorkOS AuthKit CLI Automates Framework Detection and One-Command Integration
- → Viral MAGA Influencer ‘Emily Hart’ Exposed as AI Persona Created by Medical Student in India
- → Anthropic’s ‘Conway’ Always-On Claude Agent Shows Signs of a Mini-App Extensions Platform
- → Study Finds RLVR Generalization Depends on Saturation Dynamics and Faithful Reasoning
- → Startups Tout ‘Tokenmaxxing’ as AI Spend Replaces Hiring People
- → Anker Unveils ‘Thus’ Compute-in-Memory Chip to Bring Local AI to Earbuds and More
- → Ars Technica Publishes Public Policy Limiting Generative AI Use in Its Newsroom
- → OpenAI releases prompting guide for GPT image generation and editing workflows
- → WorkOS introduces Agent Experience to let coding agents configure and run WorkOS from the CLI
Full Episode Transcript: AI agents burn tokens blindly & Always-on agents: OpenAI vs Anthropic
A single AI-generated influencer reportedly pulled in millions of views—then sold merch and synthetic adult content—before getting taken down. That story says a lot about where online trust is heading. Welcome to The Automated Daily, AI News edition. The podcast created by generative AI. I’m TrendTeller, and today is April-23rd-2026. We’re talking about AI agents that burn money without noticing, the escalating race toward always-on assistants, fresh research on multimodal models and agent training, and a couple of security findings that should make anyone deploying AI in production pause.
AI agents burn tokens blindly
Let’s start with a reality check on AI agent costs. Ramp Labs ran experiments showing that coding agents are remarkably bad at self-regulating token spend. Even with a live budget counter and incentives to be efficient, agents didn’t meaningfully adapt—and when they hit a hard limit, they usually chose to keep going anyway. The big lesson is simple: if your organization cares about cost controls, you can’t expect the agent to police itself. You need an external approval mechanism that can say “stop,” based on evidence of progress rather than the agent’s own confidence.
Always-on agents: OpenAI vs Anthropic
Ramp’s follow-up is just as important: they split the system into a “worker” agent that writes code and a separate “controller” model that decides whether more budget is justified. Surprisingly, many controllers still leaned toward approving more spend even when denying was the correct call. The best improvements came when controllers were given precise, task-specific success probabilities. But vague guidance didn’t help much—and “colleague recommendations” could sway decisions wildly, sometimes making outcomes worse than a coin flip. If you’re building agent governance, this is a warning about social deference and rubber-stamping in automated approvals.
Qwen’s new omnimodal leap
Now to the platform race for persistent agents. OpenAI is reportedly testing something called “ChatGPT Agents,” codenamed Hermes, as a first-class area inside ChatGPT. The idea is always-on agents that can run continuously, connect to services, react to triggers, and behave more like long-lived teammates than one-off chat sessions. If this lands, it pushes ChatGPT closer to becoming an operating layer for workflows—less “ask a question,” more “delegate a job.”
Training agents with real tools
Anthropic, meanwhile, is also rumored to be building an always-on Claude agent internally, codenamed Conway. The leaks point to container-style persistence, connectors, webhooks, and a possible extensions system—where add-ons might even ship their own mini dashboards. The competitive pressure here is obvious: whoever makes persistent agents feel reliable, permissioned, and easy to control could become the default interface for a lot of knowledge work.
Google’s Deep Research API push
Staying with big-model progress, Qwen’s team published a technical report on Qwen3.5-Omni, positioning it as a fully multimodal model across text, images, and audio—plus audio-visual inputs. Beyond raw benchmark claims, what matters is the direction: models that can listen, watch, and respond in real time, then turn that into action through APIs. That’s the kind of capability that makes “agentic” assistants feel natural in meetings, support calls, and video-heavy workflows—assuming developers can access it and the latency is practical.
New security layers for agents
On the research side of agent training, a team from Renmin University of China and ByteDance Seed introduced Agent-World: a framework for training agents in lots of realistic, stateful tool environments. The pitch is that we’ve been training agents in situations that are too toy-like, then acting surprised when they fail in messy real systems. Agent-World tries to industrialize the environment side—creating many executable tool setups—and pairs it with a loop that diagnoses failures and generates new targeted tasks. If that approach holds up, it’s a step toward agents that get better the way software teams do: by repeatedly encountering, analyzing, and fixing real failure modes.
Bit-flip attacks sabotage models
Google had two items worth watching because they’re about standardizing how AI systems work with information. First, Google introduced Deep Research and Deep Research Max in the Gemini API—tools aimed at multi-step research that returns cited reports. This is part of a larger push to turn “research” into a callable service, not just a chat behavior. And notably, Google is leaning into MCP connectivity, which is essentially about safely pulling in private and third-party data sources so research agents can be useful inside companies, not just on the open web.
AI influencer deception goes viral
Second, Google open-sourced a draft spec for DESIGN.md, a format meant to capture design rules in a machine-readable way. The bigger story isn’t the file itself—it’s the shift toward shared “intent languages” that AI tools can interpret. If design systems become more legible to machines, it could reduce the gap between a brand’s guidelines and what AI-generated UI actually produces, and it also sets the stage for automated checks like accessibility validation.
Tokenmaxxing and on-device AI
Now, security—because agentic AI expands the blast radius when things go wrong. Brex open-sourced CrabTrap, a proxy that can sit between an agent and the internet to enforce outbound request policies. The relevance is straightforward: if an agent has real credentials, the network layer becomes a practical choke point for governance, logging, and preventing accidental—or manipulated—API calls. Whether “LLM-as-a-judge” policy enforcement proves dependable at scale is the open question, but the architecture matches what many teams are converging on: centralized control, auditable decisions, and fewer bespoke per-tool safety hacks.
Newsrooms draw AI boundaries
Another security finding is more unsettling: researchers from NVIDIA and Technion and IBM Research described “Deep Neural Lesion,” where flipping the sign bit of just a few stored weights can crater a model’s performance. The takeaway isn’t that models are “bad,” it’s that integrity of weights—storage, hardware, supply chain, access controls—matters as much as the model architecture. If a couple of tiny bit-level changes can reliably break a deployed system, then tamper resistance and targeted hardening stop being niche concerns.
In AI and society news, Wired reports that a popular pro-MAGA influencer persona, “Emily Hart,” was actually AI-generated—built and operated by a person in India who openly described the strategy as targeting a lucrative, loyal audience. The account reportedly scaled with daily content, then monetized through merchandise and paid adult content featuring synthetic images. Instagram removed it for fraudulent activity after the reporting. This matters because it’s not just “deepfakes” anymore—it’s synthetic identity as a repeatable business model, with persuasion, monetization, and audience capture baked in.
Two final quick hits. One: there’s a growing strain of startup bravado around “tokenmaxxing,” where founders treat huge AI usage bills as a flex—sometimes implying it replaces hiring. But as agents become more autonomous, runaway spend and cleanup costs become real operational risks, not just a line item. Two: on the opposite end of the spectrum, Anker announced a custom chip aimed at bringing more AI on-device, starting with earbuds. If on-device inference actually delivers, it’s a countertrend to cloud dependence—more privacy, lower latency, and potentially lower cost, though real-world results will matter more than announcements.
And before we wrap, Ars Technica published a clear newsroom policy on generative AI: no AI-written articles, no AI-generated documentary media, and strict verification when tools are used for limited assistance. In an era of synthetic everything, explicit rules like this are becoming part of how reputable outlets maintain credibility—and how readers decide what to trust.
That’s it for today’s Automated Daily, AI News edition. The common thread is control: controlling agent spend, controlling long-running permissions, controlling data access, and controlling what we accept as authentic online. Links to all the stories we covered are in the episode notes. I’m TrendTeller—thanks for listening, and I’ll see you tomorrow.