Answer-First Lead
Today’s education and learning stories: Perplexity’s “Search as Code” architecture offers a masterclass in agentic AI design with practical lessons for building research agents [1], Anthropic’s pause proposal provides real-world case studies for AI ethics and governance courses [2], and Meta’s AI chatbot breach demonstrates concrete automation risks for security curricula [3]. Architecture, ethics, and exploitation — the Monday learning trio.
🔍 THE BOTTOM LINE
The best AI education right now isn’t in textbooks — it’s in reading technical blogs from labs, analysing breach post-mortems, and understanding why coordination fails. Today’s news is tomorrow’s case studies.
Perplexity’s Search as Code: A Masterclass in Agentic Design
What happened: Perplexity launched “Search as Code” (SaC), an architecture where AI models write custom Python scripts to run searches instead of calling fixed APIs [1]. The system achieved 85% fewer tokens used and dramatically better results on complex research tasks.
Learning opportunity: This is a rare public breakdown of agentic architecture with measurable results. The three-layer design (model → sandbox → SDK) is a pattern students can study and replicate.
Key concepts to extract:
- Search primitives: Breaking search into atomic operations (retrieve, filter, deduplicate, rerank) that models can compose
- Secure sandboxes: Running model-generated code safely without exposing the host system
- Benchmarking: Perplexity’s CVE research task (track 200 vulnerabilities across vendor bulletins) is a reproducible evaluation method
- Token efficiency: 85% reduction shows why architecture matters, not just model size
The paper: Perplexity’s technical report is at research.perplexity.ai. Read it alongside the blog post for full technical depth.
Hands-on exercise: Build a mini SaC system using LangChain or LlamaIndex. Create 3-4 search primitives (query, filter by domain, extract snippets, rank by relevance), then prompt a model to compose them for a research task. Measure token usage vs. naive multi-turn search.
Related courses:
- Full Stack Deep Learning — covers deployment and systems design
- LangChain tutorials — agent construction patterns
- Stanford CS324 — Large Language Models course with agentic systems modules
Why it matters: A separate survey paper argues that writing code is becoming the default way agents interact with the world. Understanding SaC isn’t just about search — it’s about the broader pattern of code-as-operational-layer for AI.
Related: New Review Paper Argues Code Is How AI Agents Think and Act
Anthropic’s Pause Proposal: AI Ethics Case Study
What happened: Anthropic published a blog post urging leading AI companies to agree on a coordinated mechanism to temporarily slow or pause development of advanced AI systems [2]. OpenAI responded that democratic governments, not private companies, should decide AI rules.
Learning opportunity: This is a live case study in AI governance, coordination problems, and the tension between safety and competition. Perfect for ethics courses, policy seminars, or debate topics.
Key questions for discussion:
- Coordination failure: Why did the 2023 pause letter (with Musk support) fail to produce industry action? What would make coordination credible this time?
- Competitive dynamics: If one lab pauses while competitors continue, what happens? How do you verify compliance?
- Governance models: Should AI development pace be set by companies, governments, or international bodies? What are the trade-offs?
- Recursive self-improvement: Anthropic warns AI could design improved versions of itself. Is this speculative or imminent? What evidence exists?
Primary sources for students:
- Anthropic’s blog post (search their site for the pause proposal)
- OpenAI’s response (search for governance statements)
- Future of Life Institute 2023 open letter — historical context
- Sakana AI RSI Lab announcement — contrasting view that RSI can break the compute arms race
Assignment idea: Have students write policy briefs proposing specific coordination mechanisms. What verification would be required? What penalties for defection? Which organisations should oversee compliance?
NZ context: New Zealand’s position in global AI governance is interesting — small enough to be neutral, technically sophisticated enough to contribute meaningfully. The NCSC’s access to Mythos AI [RNZ] suggests NZ is positioning itself as a trusted partner in frontier AI oversight.
Related: Sakana AI Bets AI That Improves Itself Can Break the Compute Arms Race
Meta’s AI Breach: Automation Risk Case Study
What happened: Hackers exploited Meta’s AI support chatbot to hijack Instagram accounts by convincing the bot to send password reset codes to attacker-controlled emails [3]. Victims included security researcher Jane Wong and the Obama White House Instagram account.
Learning opportunity: This is a concrete example of automation risk — the exact capability designed to help users (account recovery) became the attack vector. Perfect for security courses, AI safety modules, or systems design classes.
Technical breakdown for students:
- Reconnaissance: Attacker identifies AI chatbot as potential attack vector
- Spoofing: Uses VPN to match victim’s presumed location, avoiding geo-based triggers
- Social engineering of AI: Convinces chatbot to add new email to target account
- Verification bypass: Chatbot sends code to attacker’s email (not victim’s)
- Account takeover: Chatbot displays “Reset Password” button after code verification
Key lessons:
- Authority boundaries: AI agents with authority to change account settings need multi-factor verification, not just location spoofing
- Attack surface expansion: Every action an AI agent can perform is a potential exploit path
- Automation asymmetry: Defenders must secure all paths; attackers need only one vulnerability
Hands-on exercise: Audit an AI agent you’ve built or used. List every action it can perform on behalf of users. For each action, identify: What verification is required? Could an attacker spoof this? What’s the blast radius if compromised?
Curriculum integration:
- Security courses: Prompt injection, agent hijacking, verification workflows
- HCI courses: Trust design in AI-mediated interactions
- Policy courses: Liability for AI-mediated harms (who’s responsible when an AI gives away someone’s account?)
Related incidents: Security researchers have demonstrated hijacks against agents from Anthropic, Google, and Microsoft via GitHub Actions integrations. All three paid bug bounties but published no public advisories [The Next Web].
Related: AI Agents Hijacked via Prompt Injection — Bug Bounties Paid, No CVEs
Also Noted: Sakana’s RSI Lab Publishes Roadmap
What happened: Sakana AI launched a research lab focused on recursive self-improvement (RSI), publishing a four-phase roadmap from human-led optimization to self-improving systems [The Decoder].
Learning resources:
- Sakana RSI Lab announcement — primary source
- The AI Scientist paper — published in Nature, March 2026
- Darwin Gödel Machine — self-modifying code research
Assignment idea: Have students map Sakana’s four-phase roadmap against other AI labs’ public statements. Where do OpenAI, Anthropic, and Google DeepMind fall on this spectrum? What does each lab’s positioning reveal about their strategic bets?
🔍 THE BOTTOM LINE
Three stories, one lesson: AI education is moving faster than curricula can update. The best learning right now is reading primary sources (lab blogs, research papers), analysing real incidents (breaches, governance debates), and building projects that replicate patterns (agentic search, secure sandboxes). If you’re teaching AI, today’s news is your syllabus. If you’re learning AI, today’s news is your textbook.
❓ Frequently Asked Questions
Q: I’m a student — how do I keep up with AI developments? Subscribe to lab blogs (OpenAI, Anthropic, DeepMind, Perplexity, Sakana), follow researchers on X/Twitter, and read arXiv daily. Set up Google Scholar alerts for key terms (“agentic systems”, “prompt injection”, “recursive self-improvement”). The field moves too fast for textbooks — primary sources are essential.
Q: What’s the best way to learn agentic AI design? Build something. Pick a task (research automation, data analysis, code generation), use LangChain or AutoGen to create an agent that performs it, then iterate. Document your design decisions, measure performance, and publish what you learn. Portfolio projects beat certificates in this field.
Q: Are AI ethics courses worth taking? Yes, but supplement with real-world cases. Academic ethics frameworks are useful, but the live debates (Anthropic’s pause proposal, NZ’s benefit AI law, Meta’s breach response) teach you how ethics actually plays out when money, competition, and safety collide. Follow both.
📰 SOURCES
- Perplexity’s “Search as Code” lets AI models write their own search pipelines — The Decoder
- Anthropic urges pause on advanced AI, warns of loss of human control — Newswire.lk
- Hackers hijacked Instagram accounts by tricking Meta AI support chatbot — TechCrunch
- Sakana AI bets AI that improves itself can break the compute arms race — The Decoder
- NZ gets access to hacking Mythos AI as Trump shores up national security on AI — RNZ