SCATTERAI
contact@scatterai.com
← All brief issues
§ BriefJun 1, 2026 · Issue 66 · Also Worth Noting

Also Worth Noting - 2026-06-01

Five papers reframing threat models and system boundaries: from agent co-adaptation to video token waste, privacy evasion, opinion collapse, and skill-lifecycle attacks.

Also Worth Noting

02 [Agent] HarnessForge: Joint Harness and Policy Evolution for Adaptive Agent Systems Most agent adaptation work picks a side: fine-tune the model or rewrite the execution harness. HarnessForge treats both as a single co-adaptation problem, making the compatibility between the external scaffold and the internal reasoner an explicit optimization target rather than an implicit assumption. Tuning only one side leaves the other misaligned, which caps what either change can deliver. Teams architecting production agent loops should treat harness design and policy training as a joint variable, not sequential decisions. link

03 [Inference] AdaCodec: A Predictive Visual Code for Video MLLMs Video MLLMs re-encode every sampled frame as an independent RGB image, flooding the context with tokens that describe content that has not changed. AdaCodec sends a full reference frame only when the scene cannot be predicted from prior context, and transmits a compact delta otherwise, cutting redundant visual tokens proportionally to how static the footage is. The savings scale directly with content stability, meaning talking-head videos and screencasts benefit far more than action footage. Teams running video inference at scale should profile their content mix before estimating the token reduction. link

04 [Eval] LLM Anonymization Against Agentic Re-Identification Standard anonymization benchmarks test whether a static classifier can re-identify text after redaction. An agent with web search can cross-reference contextual cues those benchmarks pass, collapsing the privacy guarantee without touching a single explicit identifier. AURA targets the operating region between resistance to agentic re-identification and downstream analytic utility, a tradeoff existing defenses never had to model. Every anonymization pipeline validated only against non-web inference models is understating real-world risk by an unknown margin. link

05 [Application] Parametric Social Identity Injection and Diversification in Public Opinion Simulation LLM-based synthetic surveys systematically compress inter-group opinion variance, making demographic subgroups look more similar than real survey data shows. The paper traces this to a Diversity Collapse in LLM hidden representations, where distinct social identities become increasingly indistinguishable across layers. Parametric Social Identity Injection intervenes directly in that representational space to restore differentiation. Any team using LLMs to simulate public opinion is likely underestimating polarization and missing minority-group signals in their current outputs. link

06 [Training] SkillHarm: Lifecycle-Aware Skill-Based Attacks via Automated Construction A skill that passes a single-task safety review can still be a persistent attack vector across multiple downstream tasks. SkillHarm maps attack surfaces across the full agent skill lifecycle rather than isolated execution, pairing that coverage with a systematic taxonomy of skill-relevant risks. Existing evaluations enumerate harms through ad-hoc risk lists and test poisoned skills in one task at a time, which misses cross-task propagation entirely. Security teams vetting third-party skills should run lifecycle-aware evaluation, not single-execution checks. link