The latest news on OpenClaw, AI agents, and automation
The first large-scale independent trust audit of browser-based tools found that 63% of the top 100 Chrome extensions and 10 leading AI browser agents introduce meaningful security and data exposure risks. Only 9 of 108 extensions earned 'Highly Trusted' status, while 43% have access to every website a user visits.
By The New Claw TimesLua has raised €4.9M ($5.8M) in seed funding led by Norrsken22 to build a full-stack platform where companies deploy and manage AI agent workforces alongside human teams. Revenue has grown roughly 30% week-over-week since the October 2025 launch, and more agents were built on the platform in February 2026 than in all prior months combined.
2 min readOpenClaw's latest release implements kernel-level rejection of dangerous configuration flags, preventing AI models from disabling security controls even after a successful prompt injection. The update blocks config.patch calls targeting flags like dangerouslyDisableDeviceAuth, marking an architectural shift from trusting model alignment to enforcing system-level policy boundaries.
2 min readFastGPT patched two NoSQL injection vulnerabilities on April 17 that, chained together, gave attackers unauthenticated root admin access and persistent account control over the 26,500-star AI agent building platform. The attack required nothing more than a crafted JSON payload with a MongoDB query operator.
3 min readCBS News ran a consumer risk editorial on AI shopping agents during its morning news cycle on April 17, featuring Boston Consulting Group, Tasklet's CEO, and security researchers all saying the same thing: agents can shop for you, but the trust layer is not ready. The piece contrasts these warnings with Amazon, Walmart, and Amex racing to deploy agentic commerce products.
Cerebras Systems filed for a NASDAQ IPO on Friday under ticker CBRS, targeting a May 2026 listing at a $22-28 billion valuation. The filing dropped one day after OpenAI committed $20 billion over three years for Cerebras-powered servers, the largest non-Nvidia AI infrastructure contract on record.
India's government announced the formation of the AI Governance and Economic Group (AIGEG) on April 17, a high-level inter-ministerial body chaired by Electronics and IT Minister Ashwini Vaishnaw. AIGEG will coordinate AI policy across ministries as companies deploy autonomous agents in banking, payments, and supply chains without a dedicated regulatory framework. The body's mandate includes reviewing existing AI mechanisms, studying emerging risks, identifying regulatory gaps, and developing a deployment roadmap for the next decade.
HBR published research on April 17 analyzing Meituan's Xiaomei AI agent as the leading real-world deployment of what it calls an 'orchestrator plus execution agent.' Launched in late 2025, Xiaomei completes food delivery transactions from natural language intent with zero screen interaction. The research examines why Chinese platforms are 12 to 18 months ahead of Western counterparts in commercial agent deployment, and what design patterns the rest of the industry is converging toward.
A VentureBeat three-wave survey of 108 enterprises, Gravitee's survey of 919 executives, and Arkose Labs' 2026 report converge on the same finding: enterprises are deploying AI agents far faster than they are building the security infrastructure to monitor them. 88% reported AI agent security incidents in the last 12 months. 82% of executives believe their policies protect them. Only 21% have runtime visibility into agent actions. 97% of security leaders expect a material agent-driven incident within 12 months. Only 6% of security budgets address the risk.
Cloudflare and GoDaddy announced a strategic partnership on April 17 to build the identity and access control layer for AI agents on the open web. GoDaddy is integrating Cloudflare's AI Crawl Control into its hosting platform for its 21 million+ small business customers. Cloudflare launched isitagentready.com, a tool that scores any website on how well it supports AI agents, and a Cloudflare Radar dataset tracking agent standards adoption across the internet. Both companies are backing GoDaddy's Agent Name System (ANS), an open standard using DNS and PKI to give AI agents verifiable identities.
Anthropic's Claude Opus 4.7 is the first generally available frontier model built around production agent primitives. Task budgets let developers cap token spend on autonomous loops. A new xhigh effort level sits between high and max for cost-performance tuning. The model autonomously devises verification steps before reporting tasks complete. It leads GPT-5.4 and Gemini 3.1 Pro on knowledge work and agentic coding benchmarks, but the margins are razor-thin, and competitors still win on agentic search and multilingual tasks. Pricing stays at $5/$25 per million tokens. The real story: Anthropic is shipping the operational guardrails that make long-running autonomous agents financially and technically viable in production.
7 min readA critical authentication bypass in nginx-ui's MCP integration is being actively exploited to take over Nginx servers without credentials. CVE-2026-33032, codenamed MCPwn by Pluto Security, exposes 12 MCP tools to any network attacker through a single missing middleware call. The fix was 27 characters. The implications reach every team bolting MCP onto production infrastructure.
8 min readPalo Alto Networks completed its acquisition of Koi on April 15, formally defining Agentic Endpoint Security as a new product category. The same week, researchers demonstrated OpenAI Codex autonomously rooting a real Samsung Smart TV, and Norton launched the first consumer security product designed to monitor AI agent behavior in real time. Three events, one conclusion: the endpoint has changed, and the security stack must change with it.
7 min read