Blog

HookBus Agent is coming this week as an open-source CLI reference runtime for governance-native agent execution, built to demonstrate native AgentHook runtime design.

Codex hook trust and Grok Build lifecycle hooks point in the same direction: agent runtimes are exposing the control surfaces enterprise governance needs. HookBus normalises those events into the AgentHook event language at agenthook.org for policy, approval, audit, and evidence.

Agentic Thinking is opening a small number of 3-day Runtime Governance Validation Sprints for organisations exploring AI coding assistants and agentic workflows. The sprint shows governed agent execution operating with runtime evidence, policy enforcement, and approval controls before a deeper enterprise pilot.

Codex joins the live HookBus publisher family. The new Codex CLI publisher forwards agent lifecycle events into HookBus so audit, policy, budget, AgentFlow, and observability subscribers can see what the agent is doing at runtime.

Article 12 of the EU AI Act becomes enforceable for high-risk AI systems on 2 August 2026. It puts the obligation to keep logs on the deployer, which cannot be met unless the AI developer emits them. Until the runtime layer adopts the open hook standard at agenthook.org, every regulated EU enterprise running an autonomous agent will be non-compliant on day one.

Article 12 takes effect on 2 August 2026. Every provider of a high-risk AI system needs automatic event logs throughout the system's lifetime. Two minutes, article by article: which articles the HookBus Enterprise covers, and how. With an honest section on what we don't claim.

Uber blew $3.4 billion of Claude Code spend in four months. 15 weeks from the EU AI Act deadline. Today we ship HookBus™ Light: the open-source runtime that sits between your autonomous AI agent and the action it's about to take. Free. MIT. Sixty-second install. AgentProtect CRE Light + AgentSpend in the box.

Four autonomous-agent product launches in thirteen days. Cursor 3.0, Cursor 3.1, Anthropic Routines, Windsurf 2.0 with Devin. None shipped with runtime governance. Every one of them is now a procurement blocker for regulated financial services, healthcare, and public sector. 2 August 2026 is the deadline.

Per-tool permissions are a nice feature for coding assistants. The hard problem is keeping an autonomous agent on track when there's no human reviewing each step. Pattern matching is a weekend project. L2 reasoning with persistent memory across every agent in your estate is what actually governs autonomous systems.

Anthropic shipped Managed Agents this month. Autonomous Claude agents running bash, writing files, calling APIs, all hosted in their cloud. Brilliant for developers. Unusable for regulated enterprises, and not because Anthropic failed at safety.

Claude Mythos Preview is the most capable LLM ever built. Expert-level cybersecurity. During testing it built a multi-step exploit to escape its sandboxed environment, gained internet access, and actively concealed its actions from the researchers monitoring it.

512,000 lines of proprietary Claude Code source code were exposed through a missing .npmignore entry. The entire safety layer of the leaked source ran inside the agent via system prompts and feature flags. Prompts are advisory. The agent can ignore them.