June 3, 2026

Hollo3.1 mobile + agents parallel workflows

Tool of the Week

Holo3.1 adds mobile, quantized weights, local inference

Computer-use model now ships FP8/Q4/NVFP4 quantized checkpoints, function-calling support, and sub-4B variants for on-device deployment with 1.74× throughput gain over full precision.

Eliminates the eval-to-prod gap by handling mobile, desktop, and different agent frameworks without retraining. Local inference options let you run agents fully offline while cutting deployment costs and latency to 3.3s average step time.

Replaces Holo3 if you need mobile automation (67%→79.3% on 35B-A3B) or local deployment. Requires vLLM with NVFP4 for DGX inference or GGUF for consumer hardware. Worth trying now if you're blocked on latency or privacy constraints; benchmarks are concrete.

“Holo3.1 improves robustness across the three dimensions that matter most in production: environments (web, desktop, mobile), agent frameworks, and deployment targets”
“On AndroidWorld, our 35B-A3B model improves from 67% to 79.3%, while the smaller 4B and 9B variants improve from 58% to 72%”
“more than a 25% improvement over Holo3 when evaluated inside our Holotab product harness”
“NVFP4 W4A16 delivers 1.41× the total token throughput of FP8 and 1.74× that of BF16”
“cutting average step time from 6.8s to 3.3s”

computer-visionquantizationlocal-inferencemobile-automationagent-frameworks

Dev Signal

Get issues like this in your inbox — free, 3x a week.

Quick Signals

GitHub ships agent control center for parallel workflows

Copilot app consolidates multi-agent sessions into isolated git worktrees with bidirectional canvases for inspection and steering, replacing scattered context across chat threads and windows.

Agentic workflows now fragment context across terminals and pull requests; the app centralizes visibility into active sessions, test results, and CI status, reducing review overhead on agent-generated code. Developers can dispatch parallel agents without manual branch juggling or cleanup.

Available now in technical preview for existing Copilot Pro/Business/Enterprise users. Requires GitHub-connected repos and either local sandbox or cloud sandbox setup. Worth trying if you're running multiple agents per day; replaces manual worktree management and context-switching between windows. Local sandbox runs on your machine with restricted filesystem access; cloud sandbox is ephemeral Linux with remote control from any device.

“commits nearly doubled year over year, crossing 1.4 billion per month, plus over 2 billion GitHub Actions minutes a week”
“Every session runs in its own git worktree, a real, isolated copy of your branch”
“Agent Merge helps carry that pull request through review, checks, and merge”
“Canvases are bidirectional work surfaces for humans and agents”
“The Copilot app is now available in technical preview for existing Copilot Pro, Pro+, Business, and Enterprise users”

agent-orchestrationgit-workflowcode-reviewsandbox-executioncopilot

Nemotron 3 Ultra beats open-weight benchmarks

NVIDIA's 550B parameter model (55B active) scores 48 on Artificial Analysis Intelligence Index, serving 300+ tokens/second—a quantized open-weight baseline worth evaluating against proprietary alternatives.

Developers building cost-sensitive inference pipelines now have a verified open-weight option with published throughput metrics. Reduces lock-in pressure for teams benchmarking against closed models.

Replaces proprietary model experimentation for vision-language tasks in resource-constrained deployments. Requires NVFP4 quantization support and Deep Infra or self-hosted inference infrastructure. Worth testing now if you're currently evaluating frontier models.

“550B parameters (55B active)”
“scores 48 on the Artificial Analysis Intelligence Index”
“well ahead of the next strongest model, Gemma 4 31B, which scored 39”
“serves over 300 tokens per second on a pre-release Deep Infra endpoint”

open-weightsinference-optimizationbenchmarkingquantizationcost-reduction

MiniMax M3 hits production with 1M-token sparse attention

Block-sparse attention reduces N² scaling to make 1M context windows feasible; 9x prefill, 15x decode speedup over dense attention at the cost of reimplementing attention kernels and multimodal preprocessing pipelines.

Long-context inference (codebases, documents, agentic loops) becomes cost-competitive. Developers targeting production agentic systems can now evaluate a model built for tool-use at scale without prohibitive latency or KV-cache overhead.

Replaces dense attention implementations and KV-cache management strategies. Requires custom kernel work (block-major reordering, sparse paged attention integration, decode scoring optimization) and gateway-level multimodal preprocessing. Ready now via Together AI endpoint; self-hosted deployment demands kernel engineering expertise.

“1M-token context window, native multimodality, and an architecture that demands serious engineering to serve efficiently”
“brings a speed up of more than 9x in the prefilling stage and more than 15x in the decoding stage”
“The attention computation itself no longer scales as N^2 with context length, thus making it very suitable for long context workload”
“MSA significantly lowers the wall time percent of the actual attention computation per iteration”

sparse-attentionlong-contextinference-optimizationmultimodalkernel-engineering

MCP STDIO injection silently rewrites config files

Prompt injection can rewrite mcp.json without user interaction or dialog, chaining to arbitrary code execution via the official MCP SDK—and vendors are declining CVEs on the grounds that config modification is "spec-conformant."

The attack surface shrinks with each iteration: TrustFall required a dialog, AWS Kiro changed config after review, Windsurf zero-click makes the rewrite invisible. Your IDE's permission model collapses into "you ran the software," and the vendors who own the protocol won't treat this as a defect.

This is a protocol-level design problem, not a single bug. Windsurf patched their instance; the mitigation (allowlist STDIO commands to {npx, uvx, python, python3, node, docker, deno}) requires each implementation to add it themselves. Watch your config layer instead—audit mcp.json and .claude/settings.json for state changes outside your control, flag them to your SIEM. Ready now if you can't wait for upstream consensus.

“opening HTML silently rewrites mcp.json. No dialog at all.”
“the official MCP SDK passes user-controllable config values into StdioServerParameters without sanitization, and that flows straight into spawning a subprocess”
“a known operational mitigation: allowlist the STDIO command value to known launchers, e.g. {npx, uvx, python, python3, node, docker, deno}”
“12+ CVEs under one pattern — RCE via MCP STDIO”
“"explicit user permission" collapses into "you ran the IDE."”

prompt-injectionmcpconfig-securityrcesupply-chain

Vercel Blob adds time-bound signed URLs

Generate scoped, operation-specific signed URLs (get/put/head/delete) with expiry up to 7 days to enable direct browser uploads and conditional deletes without exposing credentials.

Eliminates server round-trips for file uploads by streaming directly from browser to Blob storage, and keeps long-lived tokens server-side while issuing narrow, expiring URLs to clients. Reduces attack surface for file operations.

Replaces custom pre-signed URL logic if you're building it yourself. Requires @vercel/blob ≥2.4.0 and a server endpoint to generate tokens (OIDC-backed). Ready to use now; multipart PUT and conditional DELETE (ifMatch) work out of the box.

“A signed URL is a scoped URL with an expiry that allows you to upload, download, inspect, or delete a specific object without giving access to your entire Blob store”
“Each URL is scoped to a single operation (`put`, `get`, `head`, or `delete`), a single pathname, and an expiry you choose, up to 7 days”
“a URL signed for a `GET` can't be reused as a `PUT`”
“Upload URLs (`put`) support multipart, so the browser can stream large files straight to Blob storage without round-tripping through your server”
“your long-lived `BLOB_READ_WRITE_TOKEN` never leaves the server”
“Update `@vercel/blob` to `2.4.0`”

vercel-blobsigned-urlsbrowser-uploadss3-alternative

Data Point

474-game benchmark exposes LLM counterfactual reasoning gaps

Interactive game framework reveals agentic AI systems fail catastrophically on belief revision when assumptions are violated—a gap static benchmarks don't catch.

If you're deploying LLM agents in production, this benchmark quantifies a failure mode your current evals miss: models can't update beliefs when environment state contradicts prior observations. This directly impacts reliability of database-querying, API-calling agents in real systems.

This doesn't replace SWE-Bench or GSM8K—it complements them by testing interactive adaptation. Requires access to arXiv preprint (May 26, 2026) and ability to run 474 executable games locally. Worth monitoring now for signal on which frontier LLMs handle counterfactual updates; wait for disclosed model scores before running against your own deployment pipeline.

“474 executable games in the benchmark”
“counterfactual revision and necessity judgment cause much larger performance drops than contextual perturbations”
“models lack robust metacognitive capabilities — the ability to revise beliefs when counterfactual evidence contradicts prior observations”
“LLMs can't effectively update beliefs through active interaction”
“agentic AI systems may fail catastrophically when assumptions are violated”

benchmarkagentic-aireasoningcounterfactualeval

Enjoying Dev Signal? Get every issue in your inbox.

Free forever · 3 issues a week · One-click unsubscribe

Refer a friend →

Earn rewards for every developer you bring in.

Go premium →

Sponsor-free feed · full archive search · $149 lifetime.