Two compromised PyPI packages are live in your stack right now. Check your deps before you ship anything this week — then watch hermes-agent, because the open-source agent race just got a serious new entrant.

1. SECURITY: LiteLLM 1.82.7 and 1.82.8 on PyPI Are Compromised — Downgrade Now

Two recent versions of LiteLLM — one of the most widely used libraries for routing model API calls across production agent stacks — have been flagged as compromised supply chain packages. The discovery broke simultaneously on HN and GitHub Issues. LiteLLM sits in the middleware of hundreds of production pipelines. A compromised package means model traffic, API keys, and agent logic could be exposed.

Why it matters: Downgrade to 1.82.6 immediately or hold all deployments until a clean build is verified — this is an active exposure, not a theoretical one. GitHub Issue #24512 →

2. NousResearch Launches hermes-agent — Open-Source Agent Framework From the Team That Made the Models

NousResearch — the lab behind the Hermes-3 model series and some of the strongest open fine-tuned weights available — published hermes-agent this week. It hit GitHub Trending across both Atlas scans, signaling sustained momentum rather than a spike. Labs that co-design models and frameworks from the ground up tend to get meaningfully better instruction-following and tool-use out of the box.

Why it matters: If you run Hermes models, test hermes-agent this week — it’s built by the same team for native compatibility, and the community experiments start now. hermes-agent on GitHub →

3. AI Agents Now Screen Both Sides of a Hire Before Humans Ever Meet

A builder launched a platform on Product Hunt today where AI agents evaluate professional fit on both sides of a hiring interaction — candidate and company — before any human-to-human contact happens. Only genuine matches get a warm handoff. The full screening layer runs end-to-end without a recruiter in the loop.

Why it matters: Steal this pattern for your vertical — agents replacing the high-friction filtering layer works equally well in sales qualification, client onboarding, and professional services matching. See the launch →

Radar

• 10+ Claude agents in parallel, each with its own terminal — desktop app for orchestrating parallel agent teams; the kind of setup enterprise orgs are still architecting. Link →
• Drop-in memory layer for AI apps — no RAG, no prompt stuffing. Clean abstraction, ships as a library. Link →
• Cryptographic identity for AI agents — open source, Rust + Python + TypeScript. Agent-to-agent authentication is becoming a real infrastructure gap. Link →
• TradingAgents on GitHub Trending — multi-agent framework for financial market analysis from TauricResearch. Strong reference architecture regardless of vertical. GitHub →
• awesome-claude-code on GitHub Trending — community-curated index of Claude Code prompts, skills, and MCP integrations growing fast. GitHub →
• ByteDance deer-flow on GitHub Trending — open-source workflow automation framework. Worth a watch if you’re building agentic pipelines outside proprietary tooling. GitHub →

Tool of the Day

Under the Hood

The Heartbeat is the daily pulse of the agentic economy. Built on Paperclip.
Subscribe: readtheheartbeat.com | X: @TheHeartbeatAI