Sources

We just announced the first release of Datasette Agent , a new extensible AI assistant for Datasette. I’ve been working on my LLM Python library for just over three years now, and Datasette Agent represents the moment that LLM and Datasette finally come together. I’m really excited about it! Datasette Agent provides a conversational interface for asking questions of the data you have stored in Datasette. Add the datasette-agent-charts plugin and it can generate charts of your data as well. The…

datasette-agent-sprites 0.1a0 simonwillison.net

Release: datasette-agent-sprites 0.1a0 A Datasette Agent plugin for running commands in a Fly Sprites sandbox. Tags: sandboxing , datasette , fly , datasette-agent

datasette-agent-charts 0.1a2 simonwillison.net

Release: datasette-agent-charts 0.1a2 “View SQL query” buttons below rendered charts. Tags: datasette , datasette-agent

datasette-agent 0.1a3 simonwillison.net

Release: datasette-agent 0.1a3 “View SQL query” buttons for both visible tables and collapsed SQL result tool calls. Don’t display empty reasoning chunks Improved handling of truncated responses - table still displays to the user even if the SQL results were truncated when showing the agent. See Datasette Agent, an extensible AI assistant for Datasette . Tags: datasette , datasette-agent

datasette-agent-charts 0.1a1 simonwillison.net

Release: datasette-agent-charts 0.1a1 More color! Bar and waffle charts without a color column are shaded by magnitude with a sequential color scheme; color columns holding text values use the observable10 categorical scheme. #2 Now checks execute-sql permission before running the query to find the column names. Charts now display interactive tooltips. Fixed a bug where waffleY charts were not described to the agent. Tags: datasette , datasette-agent

Giving Agents Computers — Ivan Burazin, Daytona latent.space

We chat with Daytona’s CEO about their insane 74% MoM Growth, 850K Daily Runs, Bare Metal Sandboxes, RL Evals, and the New Agent Cloud

References

n1n.ai analysis of Datasette Agent explore.n1n.ai

It first selects relevant tables to avoid ‘schema stuffing’… then generates and executes SQL. A key feature is its ‘self-healing’ capability: if a generated query fails, the agent analyzes the error message and attempts to rewrite the SQL autonomously.

QueryPanel — NL-to-SQL in production 2026 querypanel.io

In the more rigorous BIRD-INTERACT benchmark—which tests multi-turn SQL conversations and error recovery—all models struggle, with Claude-3.7-Sonnet hitting 17.78% and GPT-5 scoring just 8.67% on full agentic tasks.

HiddenLayer — The Lethal Trifecta hiddenlayer.com

If an agent possesses access to private data, exposure to untrusted tokens, and an exfiltration vector, an attacker can use a hidden prompt injection in a document to force the agent to find sensitive data and leak it to an external server.

Noma Security — critique of Rule of Two noma.security

They point to ‘two-out-of-three’ failures where an agent with only untrusted input and state-change capabilities was tricked into wiping a local filesystem without needing to exfiltrate data.

Northflank — Fly Sprites alternatives review northflank.com

Sprites provide a 100GB persistent root filesystem backed by object storage… a standout technical feature is the checkpoint/restore capability, which captures the entire system state in roughly 300ms.

Simon Willison — LLM 0.32a0 refactor notes simonwillison.net

The core change in version 0.32 is a major refactor that replaces the legacy prompt-response model with a sequence-of-messages abstraction… heavily influenced by the development of Datasette Agent.

Northflank blog (Daytona vs E2B) northflank.com

E2B is widely considered the gold standard for running untrusted code because it utilizes Firecracker microVMs, providing hardware-level isolation with a dedicated kernel per session… Daytona and Cloudflare Sandboxes primarily use Docker-based containers that share the host’s kernel.

Medium — ‘CLI-Based Agents vs MCP: The 2026 Showdown’ lalatenduswain.medium.com

CLI-based agents proved to be 10x to 32x more token-efficient than those using MCP for identical GitHub tasks… MCP clients typically load an entire server’s tool schemas (often tens of thousands of tokens) into the context window before execution.

PRNewswire — Daytona $24M Series A prnewswire.com

Daytona raises $24M Series A led by FirstMark Capital… strategic investments from Datadog and Figma Ventures… customers include LangChain, Turing, Writer and SambaNova. SambaNova reports the partnership saved roughly 200 hours per week in infrastructure maintenance and six months of total engineering time.

Modal blog — Applied Compute & RL modal.com

When scaling a workload from 10 to 1,000 nodes, storage throughput often fails to keep pace, causing CPUs to remain idle despite ‘spiky’ demand. Modern RL workflows are bringing the CPU-to-GPU ratio closer to 1:1 as simulation environments become more compute-intensive.

Unicorner Newsletter — Daytona profile read.unicorner.news

Some users have labeled it ‘fake open source,’ pointing out that while the CLI is accessible, the control plane is proprietary or requires a cloud account for full functionality. Independent reviews have documented persistent workspace creation failures and API timeouts.

Koyeb — Top sandbox platforms 2026 koyeb.com

Apple’s EULA mandates that macOS run only on Apple-branded hardware and limits each host to a maximum of two concurrent virtual machines… Apple imposes a 24-hour ‘cooldown’ period before a license can be reassigned, and virtualized memory snapshots are pinned to the specific physical machine, preventing migration between host servers.

Sources

References

Jack Sun, writing.