🔨 The Anvil

Tuesday, July 14, 2026

12 stories · Standard format

Generated with AI from public sources. Verify before relying on for decisions.

🎧 Listen to this briefing or subscribe as a podcast →

The US-Iran conflict is moving into a highly volatile new phase as a naval blockade on the Strait of Hormuz is reinstated and Tehran locks out UN nuclear inspectors. Meanwhile, the rapid deployment of AI coding agents is exposing entirely new attack surfaces, with researchers demonstrating how seemingly harmless image files can now execute malicious code.

Iran Conflict

US Reinstates Naval Blockade as Iran Bars UN Nuclear Inspectors from Damaged Sites

As the US-Iran military exchange we've been tracking extends into a third night, President Trump has announced the reinstatement of a naval blockade on the Strait of Hormuz, effective Tuesday. Simultaneously, Iran stated it will not grant IAEA inspectors access to its nuclear facilities damaged during the recent conflict, citing US breaches of the prior ceasefire agreement.

The dual moves of a naval blockade and the denial of nuclear inspections push the conflict from a regional military exchange into a high-stakes standoff. Barring the IAEA will intensify international concerns about Iran's nuclear program, while the blockade directly threatens a critical artery for global oil supply.

Verified across 21 sources: Institute for the Study of War · The New York Times · NPR · CNN · ABC News · ABC News · Reuters · Reuters · Al Jazeera · The Guardian · Hindustan Times · Al Jazeera · Newsday · The Guardian · Al Jazeera · Al Jazeera · Al-Monitor · Sky News · Anadolu Agency · 1Lurer · Koha.net

AI Developments

'Ghostcommit' Attack Hides Malicious Prompts in Images to Steal Secrets from AI Agents

Researchers from the University of Missouri-Kansas City have detailed 'Ghostcommit,' a novel attack technique disclosed on Saturday where malicious prompt injection instructions are hidden inside an image file (e.g., a PNG). When an AI coding agent processes a repository containing the image, it can be tricked into executing the hidden commands, such as exfiltrating sensitive data from `.env` files. The attack exploits a common blind spot, as both human developers and AI code reviewers typically do not inspect image files for malicious code.

This vulnerability reveals a fundamental flaw in the security model of current multimodal AI development tools. For product builders, it demonstrates that the attack surface has expanded beyond just code. Security practices must now account for non-code assets, and AI agent permissions need to be strictly sandboxed to prevent them from accessing sensitive files, regardless of the trigger. This moves beyond a simple patch and requires a re-evaluation of agent security architecture.

Verified across 5 sources: Security Boulevard · BleepingComputer · GitHub · ASSET Research Group · Suriq.io Blog

Check Point: AI Now 'Operating' Cyberattacks, Not Just Assisting

According to the annual AI Security Report from Check Point Research released Tuesday, AI has graduated from being an assistant to an 'operator' in cyberattacks. The report finds that threat actors, from nation-states to cybercriminals, are using commercial AI models to autonomously build malware and run entire intrusion campaigns. These attacks leverage agentic architectures for sophisticated techniques like indirect prompt injection and large-scale data exfiltration.

This marks a significant escalation in the cyber threat landscape. The ability for AI to conduct attacks with minimal human oversight means intrusions can occur at machine speed, rendering human-paced defensive responses obsolete. This necessitates a strategic shift toward AI-powered defense systems that can detect and counteract autonomous threats in real time.

Verified across 2 sources: Check Point Research · Nextgov/FCW

AI Coding & Design Tools

'Friendly Fire' Attack Tricks AI Code Reviewers Into Running Malware

Research from the AI Now Institute, published last Wednesday, demonstrates the 'Friendly Fire' attack, where AI code reviewers like Claude Code and Codex can be manipulated into executing malicious binaries while auditing untrusted code libraries. The attack exploits the 'auto-mode' settings common in AI agents, which grants them pre-authorization to run shell commands to perform their tasks. The researchers note this is a fundamental design flaw rather than a simple bug, and no vendors have issued a response or CVE.

This research exposes a critical paradox: the very tools used to enhance security can become a primary vector for compromise. For any team using AI-assisted development, this is a direct call to action. It strongly suggests that agentic tools should never be run with auto-approved execution privileges on untrusted code, and that their operations should be strictly confined to isolated, sandboxed environments to prevent them from becoming a backdoor.

Verified across 1 sources: ByteIota

Claude Fable 5 Holds Top Spot for Coding in July Benchmarks

According to a Monday report from MorphLLM, Anthropic's Claude Fable 5—which was redeployed globally on July 1 following the export ban we tracked—remains the top-performing model for coding tasks, maintaining the 95% verified SWE-bench score we've noted previously. It is followed by OpenAI's GPT-5.5 and Anthropic's own Claude Opus 4.8. The report emphasizes the growing necessity of measuring cost-per-completed-task rather than simple per-token pricing, a crucial metric as agentic workflows scale.

We've been tracking the performance of these models, and this latest data reaffirms Fable 5's lead in the critical coding domain. For a product builder, the shift in focus to task-based cost analysis is key. It provides a more accurate way to budget for AI development and select the most economically viable model for complex, multi-step agentic tasks, moving beyond simple API call pricing.

Verified across 1 sources: MorphLLM

Cursor Hires Design Lead from Anthropic as AI Agent Race Heats Up

In a sign of escalating competition for top AI product talent, Cursor has hired Jenny Wen, the former design lead for Anthropic's Claude and Cowork products, as its new Head of Design. The move, reported Monday, comes as Cursor reportedly develops a general-purpose AI agent named 'Sand' aimed at non-developers, putting it in more direct competition with Anthropic's Cowork and OpenAI's ChatGPT Work.

This hire underscores a critical shift in the AI arms race: user experience is becoming a key battleground. As foundational model capabilities begin to converge, differentiation will increasingly come from superior design and workflow integration. Poaching a top designer from a direct rival signals that the war for talent is now as much about product and design as it is about core research.

Verified across 2 sources: Cryptopolitan · Tech Times

Retail Circularity & Reverse Logistics

Urban Outfitters Partners with Reskinned for Apparel Take-Back Program

Urban Outfitters has launched a take-back scheme in the UK, partnering with the recommerce platform Reskinned. Customers can return used Urban Outfitters clothing in exchange for a £10 voucher. Reskinned will manage the entire reverse logistics process, including collecting, sorting, repairing, and ultimately reselling the garments through its own marketplace.

This partnership is a prime example of a major retailer opting to 'buy' rather than 'build' its circularity infrastructure. By leveraging a specialized third-party, Urban Outfitters can quickly enter the growing recommerce market without the significant operational investment required for reverse logistics. This model is becoming a popular strategy for brands to address sustainability demands while focusing on their core retail business.

Verified across 1 sources: Retail Gazette

AI Supply Chain & Logistics

AI Supply Chain Platform Auger, from ex-Amazon CEO, Raises $50M

Auger, a supply chain software startup founded by former Amazon consumer CEO Dave Clark, has raised $50 million in a Series B round led by Eclipse. The company is developing what it calls an 'autonomous operating system' for global supply chains, designed to unify fragmented enterprise systems and automate decision-making for logistics, forecasting, and procurement.

This significant funding validates the market's appetite for sophisticated AI to solve deep-rooted supply chain problems. Clark's Amazon background suggests an approach focused on leveraging data and automation at immense scale. For the industry, Auger represents a well-funded attempt to build the AI-native, unified platform that many legacy systems have failed to deliver.

Verified across 1 sources: Logicity

Spokane & North Idaho

Spokane Transit Authority Faces Pushback on Tax Renewal Amid $240M Reserve

As Spokane County voters prepare for the August primary, the Spokane Transit Authority's (STA) proposal to renew a 0.2% sales tax is meeting resistance. The STA argues the tax is essential for maintaining service, but opponents, including the Spokane Business Association, point to the agency's $240 million in financial reserves as evidence it is overfunded and the tax is unnecessary, particularly as other public safety tax increases are being considered.

This is a classic local governance debate pitting public service funding against fiscal accountability. The core of the issue is whether the STA's large reserves are a sign of prudent long-term planning for major projects or an indication of over-taxation. The outcome will have a direct impact on the future of Spokane's public transit system.

Verified across 3 sources: The Spokesman-Review · KHQ · KHQ

Post Falls Rotary Club Launches Campaign to Preserve Historic Water Tower

The Rotary Club in Post Falls, Idaho, has launched a community campaign to preserve the city's historic water tower, a local landmark for over a century. The Post Falls City Council has already allocated seed funding for the restoration project, which aims to secure the structure and enhance the surrounding area.

This effort highlights the importance of preserving local historical identity in a rapidly developing region. The collaboration between a civic group and the city government demonstrates a community-led commitment to maintaining cultural heritage in the Inland Northwest.

Verified across 1 sources: Coeur d'Alene Press

Design Engineering

Open-Source Documentation Framework 'Blume' Launches

An OpenAI developer has released Blume, a new open-source documentation framework that generates AI-ready documentation sites from Markdown files with zero configuration. Now at version 1.0.3, the framework is built with TypeScript and Astro, outputs static HTML for performance, and is designed to be easily integrated into development workflows.

Blume addresses a persistent pain point in software development: keeping documentation in sync with code. By offering a zero-config, AI-ready solution, it lowers the barrier to creating and maintaining high-quality docs, improving the developer experience and making it easier for AI agents to understand and interact with a codebase.

Verified across 1 sources: TechAIApp

Newport Beach & Orange County

Federal Government Seeks Industry Input on California Coastal Management

The Trump administration is seeking input from industries like offshore oil, spaceport infrastructure, and desalination on the California Coastal Management Program. This federal review, coming months after plans for new offshore drilling were announced, is alarming environmental groups and local officials who fear it's a move to weaken the state's long-standing coastal protections.

This federal review could lead to a significant power shift, prioritizing industrial development over environmental protection and local control along the California coast. For Orange County and other coastal communities, this threatens to upend decades of environmental policy established under the Coastal Act.

Verified across 1 sources: inewsource


The Big Picture

US-Iran Conflict Enters New Phase with Naval Blockade and Nuclear Inspection Denial The fragile ceasefire has completely collapsed, with the US reinstating a naval blockade of the Strait of Hormuz and Iran retaliating with strikes across the region. Critically, Tehran has now barred IAEA inspectors from its damaged nuclear facilities, a significant move that will increase international concerns about its nuclear program.

Security Researchers Expose AI Coding Agents' Blind Spots Multiple new attack vectors for AI coding assistants have been detailed. The 'Ghostcommit' attack shows how malicious prompts can be hidden in image files to exfiltrate data, while the 'Friendly Fire' technique demonstrates how AI code reviewers can be tricked into running malware. These discoveries highlight fundamental design flaws, not just patchable bugs.

Retailers Embrace Outsourced Recommerce and AI-Powered Clearance Major retailers like Urban Outfitters are partnering with specialized platforms like Reskinned to handle reverse logistics, while others like Bealls are using AI to dynamically price and manage clearance inventory. This shows a dual strategy for managing the end-of-life product cycle: outsourcing the complexity of resale and using AI to maximize margin on liquidation.

Venture Capital Pours Into AI Model Infrastructure and Supply Chain A major funding round for OpenRouter ($113M), which acts as a universal API for various LLMs, and a significant raise for Auger ($50M), an AI-powered supply chain platform from a former Amazon exec, signal strong investor conviction in the foundational layers of the AI ecosystem, from model access to real-world deployment.

Local Tax and Infrastructure Debates Heat Up in Spokane and Orange County Spokane is facing a contentious vote over renewing a sales tax for its transit authority, with debates over the agency's large financial reserves. Meanwhile, in Orange County, a federal review of coastal management policies is raising alarms, and Newport Beach is cracking down on beach setups, highlighting ongoing local tensions over public resources and development.

What to Expect

2026-07-20 Next.js plans its first security patch under its new formal security release process.
2026-08-01 Spokane County voters will decide on several key tax initiatives, including one for the Spokane Transit Authority.
2026-08-04 Primary election day in Spokane County.
2026-11-01 Idaho voters will decide on a ballot initiative to restore abortion access.

Every story, researched.

Every story verified across multiple sources before publication.

🔍

Scanned

Across multiple search engines and news databases

462
📖

Read in full

Every article opened, read, and evaluated

184

Published today

Ranked by importance and verified across sources

12

— The Anvil

🎙 Listen as a podcast

Subscribe in your favorite podcast app to get each new briefing delivered automatically as audio.

Apple Podcasts
Library tab → ••• menu → Follow a Show by URL → paste
Overcast
+ button → Add URL → paste
Pocket Casts
Search bar → paste URL
Castro, AntennaPod, Podcast Addict, Castbox, Podverse, Fountain
Look for Add by URL or paste into search

Spotify isn’t supported yet — it only lists shows from its own directory. Let us know if you need it there.