The New Claw Times

The latest news on OpenClaw, AI agents, and automation

Tag

Articles tagged: open-source

142 articles

Deep Dive May 20, 2026
7 min read

The On-Device Agent Stack: How Edge-Native AI Is Splitting the Agent Market in Two

The agent market is fracturing along a hardware line. One side runs agents in the cloud, backed by Anthropic's SpaceX Colossus deal and Google's Gemini Spark. The other trains and deploys models natively on phones, Mac minis, and industrial edge devices. NXP shipped the first agentic AI framework for edge hardware at CES 2026. Oppo open-sourced an Android agent that keeps perception, memory, and action on the physical device. South Korea's Out of Set just raised seed funding to bypass cloud model compression entirely. The edge AI market is projected to hit $37.5 billion this year. This is the infrastructure split that will define which agents people actually trust.

Deep Dive May 19, 2026
9 min read

Oppo's X-OmniClaw Brings Edge-Native AI Agents to Android, and the Architecture Choices Matter More Than the Demo Reels

Oppo's Multi-X team open-sourced X-OmniClaw, an Android agent framework that runs perception, memory, and app control on the physical device instead of a cloud-hosted phone clone. The architecture diverges sharply from how Google, Samsung, and OpenAI are approaching mobile agents, and the design tradeoffs reveal a deeper split in how the industry thinks about where intelligence should live.

News May 18, 2026
3 min read

Agentic AI Foundation Reaches 180 Members After Adding Stripe, TRON, GoDaddy, and the U.S. Army

The Agentic AI Foundation added 43 new members in Q2, including Stripe, TRON, GoDaddy, Atlassian, the U.S. Army, and Sandia National Laboratories. Total membership now stands at 180 organizations spanning payments, blockchain, cybersecurity, and government. The expansion signals that open agent standards are becoming operational infrastructure, not just a technical conversation.

News May 16, 2026
3 min read

Hermes Agent Overtakes OpenClaw on OpenRouter's Daily Inference Rankings with 224 Billion Tokens

Nous Research's Hermes Agent processed 224 billion tokens on OpenRouter on May 10, overtaking OpenClaw's 186 billion to claim the daily inference lead for the first time since OpenClaw's late-2025 launch. The shift followed Hermes v0.13.0's release and coincides with OpenClaw's ongoing security challenges. OpenClaw still leads the cumulative all-time chart at 9.17 trillion tokens against Hermes's 6.35 trillion.

News May 15, 2026
2 min read

Tencent Cloud Open-Sources Four-Tier Agent Memory Engine That Cuts Token Consumption 61% on OpenClaw

Tencent Cloud's database team released TencentDB Agent Memory under MIT License, a four-tier memory architecture that reduced OpenClaw agent token consumption by 61.38% and improved task pass rates by 51.52% in continuous long-horizon sessions. The engine replaces brute-force context stuffing with hierarchical compression: raw dialogue at L0, atomic facts at L1, scene blocks at L2, and persistent user profiles at L3.

News May 15, 2026
3 min read

Hermes Agent vs OpenClaw: AutoGPT's Production Comparison Exposes Two Fundamentally Different Agent Architectures

AutoGPT ran both Hermes Agent and OpenClaw in production for months and found they answer fundamentally different questions. Hermes, built by Nous Research, writes and refines its own skill files through a self-improvement loop that compounds over time. OpenClaw connects to 20+ messaging platforms with voice support and companion apps. The choice comes down to whether you need an agent that gets smarter or one that reaches everything.

News May 15, 2026
3 min read

BrowserAct Open-Sources Two Agent Skills That Give AI Direct Access to the Live Web

Singapore-based ECOCREATE TECHNOLOGY open-sourced two free agent skills on GitHub that solve a fundamental gap in AI agent infrastructure: reliable web access. browser-act gives agents a stealth browser with anti-detection, CAPTCHA solving, and session isolation. browser-act-skill-forge lets agents build reusable tools for any website automatically. Early users report 93% less token consumption and 90% fewer error loops compared to hand-written scrapers.

News May 14, 2026
3 min read

Red Hat Launches Agentic Skills Repository at Summit 2026, Turning RHEL and OpenShift Into Governed Agent Platforms

Red Hat unveiled a dedicated AI skills repository at Red Hat Summit, packaging two decades of infrastructure operations knowledge into structured skill packs that give AI agents step-by-step workflows for OpenShift, virtualization, and site reliability engineering. The release includes Red Hat Desktop with isolated agent sandboxing, a trusted software factory, and Fedora Hummingbird Linux for rolling-release agent development.

Deep Dive May 12, 2026
7 min read

Hermes Agent's Self-Improving Skill Loop Crystallizes the Architectural Split With OpenClaw

Nous Research's Hermes Agent now writes its own reusable skill files after completing complex tasks, refines them on subsequent runs, and compounds performance over time. The feature crystallizes a fundamental architectural split in the open-source agent market: OpenClaw optimizes for breadth of reach across 50+ channels, while Hermes optimizes for depth of autonomous learning. With Hermes now processing 224 billion daily tokens on OpenRouter versus OpenClaw's 186 billion, the divergence is no longer theoretical.

News May 11, 2026
3 min read

Hermes Agent Overtakes OpenClaw to #1 on OpenRouter with 224 Billion Daily Tokens

Nous Research's Hermes Agent claimed the #1 position on OpenRouter's global daily rankings as of May 10, processing 224 billion daily tokens to OpenClaw's 186 billion. The ranking shift follows months of architectural divergence between the two open-source agent platforms: OpenClaw optimizes for multi-channel reach, while Hermes centers on persistent memory and self-improving execution loops.

News May 10, 2026
3 min read

Gopher Security Maps Post-Quantum Cryptography Roadmap for AI Agent Infrastructure

Gopher Security's new roadmap lays out a phased approach to hardening AI agent infrastructure against quantum threats, starting with shadow AI audits and hybrid ML-KEM encryption, and ending with zero-knowledge proofs for verifying agent behavior without exposing model logic. The core argument: MCP's near-universal adoption has made the agent-to-tool handshake the most attractive attack surface in enterprise AI.

News May 10, 2026
2 min read

Fake OpenAI Repository Hit #1 on Hugging Face Trending While Distributing Infostealer Malware

A malicious Hugging Face repository impersonating OpenAI's Privacy Filter project reached #1 on the platform's trending list and accumulated 244,000 downloads before removal. HiddenLayer researchers discovered the campaign on May 7, finding that the repository's loader.py delivered a Rust-based infostealer targeting browser credentials, cryptocurrency wallets, and SSH keys.

Deep Dive May 6, 2026
6 min read

CLI-Anything Exposes a Structural Blind Spot: No Security Scanner Can Detect Malicious AI Agent Instructions

CLI-Anything generates SKILL.md files that AI coding agents execute with full system privileges. Snyk found 13.4% of ClawHub skills contain critical security flaws. Cisco confirmed no mainstream scanner has a detection category for this attack class. The entire security industry built tools for code and dependencies, not for the instruction layer where agents actually operate.

News April 30, 2026
2 min read

Microsoft Open-Sources Agent Framework on GitHub with Python and .NET Support, Migration Paths from Semantic Kernel and AutoGen

Microsoft released its Agent Framework as open-source on GitHub, providing a unified infrastructure for building and orchestrating AI agents across Python and .NET. The framework includes graph-based workflows, MCP server integration, and migration guides from both Semantic Kernel and AutoGen, signaling Microsoft's bet on framework-agnostic developer adoption over proprietary lock-in.

News April 30, 2026
3 min read

Mistral Releases Medium 3.5 and Moves Coding Agents to the Cloud with Async Remote Execution

Mistral AI released Medium 3.5, a 128B dense model scoring 77.6% on SWE-Bench Verified, alongside remote coding agents that run in the cloud while developers step away. The Vibe CLI can now spawn isolated cloud sessions that work through long tasks in parallel, open pull requests on GitHub, and notify developers when finished. A new Work mode in Le Chat extends the same agent to multi-step productivity workflows across email, calendar, and connected tools.

News April 29, 2026
2 min read

JetBrains Ships Skill Manager to Make AI Agent Capabilities Portable Across IDEs and Projects

JetBrains launched Skill Manager and a curated Skill Repository for its AI Assistant, creating an IDE-level layer where developers install agent skills once and reuse them across projects and supported agents. The repository includes security screening for prompt injection and data exfiltration. Currently works with Codex and Claude Agent in AI Assistant Chat, with CLI and other ACP agents coming.

News April 29, 2026
3 min read

OpenAI Releases Symphony, an Open-Source Spec That Turns Issue Trackers Into Autonomous Codex Agent Orchestrators

OpenAI published Symphony, an open-source spec and Elixir reference implementation that turns project management boards like Linear into control planes for Codex coding agents. Agents pull tasks from issue trackers, run in isolated workspaces, monitor CI, resolve merge conflicts, and prepare pull requests for human review. Internal teams saw landed pull requests increase 500% in three weeks.

News April 29, 2026
2 min read

NVIDIA Releases Nemotron 3 Nano Omni, a 30B-Parameter Multimodal Model That Runs on a Single GPU

NVIDIA released Nemotron 3 Nano Omni, an open-weight multimodal model that unifies vision, audio, and language in a single architecture. With 30 billion parameters but only 3 billion active per inference pass, it runs on a single GPU while claiming 9x throughput over comparable open models. Companies including Foxconn, Palantir, and Docusign are already adopting or evaluating it.

News April 28, 2026
3 min read

Runlayer Achieves Full AARM Conformance as Agent Runtime Security Specification Hits 40 Companies

Runlayer announced full Extended Conformance with the AARM open specification for securing AI agent actions at runtime. The Vanta-backed specification, which now counts 40 conformant companies and a 14-member Technical Working Group including Elastic, Darktrace, Truist, and IEEE, defines what runtime security systems must do to protect autonomous agents in production.

News April 26, 2026
3 min read

Tencent Cloud Open-Sources Cube Sandbox, a Hardware-Isolated Runtime for AI Agents With Sub-60ms Cold Start

Tencent Cloud released Cube Sandbox under Apache 2.0 on April 21, giving any developer a production-grade, hardware-isolated runtime for AI agents. Built on RustVMM and KVM, the sandbox cold-starts in under 60 milliseconds, runs 2,000+ instances on a single host, and natively supports the OpenAI Python SDK and E2B SDK. MiniMax already runs hundreds of thousands of concurrent sandboxes on the platform for agentic reinforcement learning training.

News April 24, 2026
2 min read

Alibaba's Qwen 3.6 Model Family Tops Six Coding and Agent Benchmarks

Alibaba shipped the Qwen 3.6 model family across April 20-22, including a proprietary Max-Preview variant that ranks first on six coding and agent benchmarks and an open-weight 27B dense model under Apache 2.0. The Max-Preview uses a mixture-of-experts architecture activating only 3 billion of 35 billion total parameters per inference, competing on cost efficiency against GPT-5.4 and Claude Opus 4.7.

News April 24, 2026
3 min read

DeepSeek Releases V4 Preview with 1 Million Token Context and Open-Source Weights

DeepSeek launched preview versions of its V4 model family on April 24, featuring 1 million token context as default across both V4-Pro (1.6T total parameters, 49B active) and V4-Flash (284B total, 13B active). The open-source models are trained on Huawei Ascend chips and benchmark between GPT-5.2 and GPT-5.4 on reasoning tasks, with dedicated agent optimizations for Claude Code, OpenClaw, and OpenCode.

News April 23, 2026
2 min read

Photon Launches Spectrum, an Open-Source TypeScript SDK for Deploying AI Agents to iMessage, WhatsApp, and Telegram

Photon released Spectrum, an open-source TypeScript SDK that lets developers deploy AI agents to iMessage, WhatsApp, Telegram, Slack, and Discord with a single codebase. Developers write agent logic once and add platforms by changing one line. The SDK ships with sub-250ms message latency on Photon's edge network and has already processed over 400,000 messages in production through a matchmaking agent on iMessage.

News April 23, 2026
3 min read

Agent4Science Launches Reddit-Style Social Network Where Only AI Agents Can Post and Debate Research

Researchers at the University of Chicago launched Agent4Science, a Reddit-style social network where AI agents autonomously share, debate, and review scientific papers. Humans can observe but cannot participate. The platform has generated 40,000 comments from more than 150 agents across AI safety, deep learning, and related topics. It joins a growing wave of agent-exclusive platforms including Moltbook and EinsteinArena.

News April 22, 2026
3 min read

Moonshot AI's Kimi K2.6 Orchestrates 300 Sub-Agents Across 4,000 Coordinated Steps in Open-Source Release

Chinese AI lab Moonshot AI shipped Kimi K2.6, an open-source model that coordinates up to 300 sub-agents running thousands of parallel steps for hours or days without human intervention. One internal team ran a K2.6 agent autonomously for five straight days handling monitoring and incident response. The release exposes a critical gap: most enterprise orchestration frameworks were built for agents that run for seconds, not days.

News April 21, 2026
3 min read

Cloudflare Ships 30+ Products in Agents Week, Positioning Workers as the Default Agent Runtime

Cloudflare wrapped its first Agents Week with more than 30 product launches across five categories: compute primitives (Sandboxes GA, Artifacts versioned storage, Durable Object Facets), zero-trust security (Cloudflare Mesh, Managed OAuth, enterprise MCP governance), a full agent toolbox (Project Think SDK, voice agents, email service, AI Search, Agent Memory), prototype-to-production developer tools, and agentic web standards including an Agent Readiness score. The company is framing its Workers platform as 'Cloud 2.0,' purpose-built for a world where agents are the primary workload.

News April 21, 2026
3 min read

Shopify AI Toolkit Connects Coding Agents Directly to Live Store Operations Through Open-Source MCP Server

Shopify's open-source AI Toolkit gives coding agents like Claude Code and Cursor live access to store operations, API schemas, and documentation through a Model Context Protocol server. Agents can update products, adjust inventory, and change pricing on live stores without touching the dashboard. The toolkit supports five AI coding tools and includes 16 skill files covering the full Shopify platform surface.

News April 18, 2026
2 min read

NVIDIA Publishes Full Technical Report for Nemotron 3 Super, Its Open 120B Agentic Reasoning Model

NVIDIA dropped the full arXiv paper behind Nemotron 3 Super, its open-weight 120B model with 12B active parameters, 1M context window, and a hybrid Mamba-Transformer MoE backbone built specifically for multi-agent systems. The paper reveals how latent MoE, multi-token prediction, and native NVFP4 pretraining deliver over 5x throughput gains versus the previous Nemotron Super.

News April 18, 2026
3 min read

Cloudflare and GoDaddy Launch AI Agent Identity Standards for the Open Web With isitagentready.com and Agent Name System

Cloudflare and GoDaddy announced a strategic partnership on April 17 to build the identity and access control layer for AI agents on the open web. GoDaddy is integrating Cloudflare's AI Crawl Control into its hosting platform for its 21 million+ small business customers. Cloudflare launched isitagentready.com, a tool that scores any website on how well it supports AI agents, and a Cloudflare Radar dataset tracking agent standards adoption across the internet. Both companies are backing GoDaddy's Agent Name System (ANS), an open standard using DNS and PKI to give AI agents verifiable identities.

News April 17, 2026
3 min read

NanoClaw, Vercel, and OneCLI Ship Infrastructure-Level Approval Cards for AI Agents Across 15 Messaging Apps

NanoCo's NanoClaw framework now integrates Vercel's Chat SDK and OneCLI's credential vault to ensure AI agents cannot execute high-stakes actions without explicit human approval delivered as native interactive cards inside 15 messaging apps. The architecture moves trust enforcement from the application layer to the infrastructure layer, so agents never see real credentials and cannot override the approval requirement regardless of prompt.

News April 17, 2026
2 min read

Microsoft Foundry Toolkit for VS Code Reaches General Availability With Agent Builder, 100+ Models, and MCP Tool Approval

Microsoft's AI Toolkit for VS Code has been renamed to Foundry Toolkit and reached general availability. The GA release adds Agent Builder for low-code agent development, a catalog of 100+ models from OpenAI, Anthropic, Google, and local providers, configurable MCP tool approval, and one-click deployment to Microsoft Foundry Agent Service. An open-source agent-framework repository accompanies the release.

News April 17, 2026
3 min read

MiniMax Open-Sources M2 and Ships M2.7: An Agent-Native Model Priced at 8% of Claude Sonnet's Output Cost

Chinese AI lab MiniMax simultaneously open-sourced M2 and shipped M2.7 today, a 230B-parameter mixture-of-experts model family designed specifically for agentic workflows. M2's API costs $0.30 per million input tokens and $1.20 per million output tokens, roughly 8-10% of Claude Sonnet 4.6's pricing, while running at approximately twice the speed. NVIDIA featured M2.7 on its Technical Blog, an unusual endorsement for an open-source release from a Chinese lab.

News April 17, 2026
3 min read

Databricks Integrates AI Gateway Into Unity Catalog, Adds MCP Governance and Dollar-Level Cost Tracking for Enterprise Agents

Databricks merged its AI Gateway into Unity Catalog, giving enterprises the same permissions, auditing, and policy controls over AI agent workflows that they already apply to data access. The release adds MCP governance with on-behalf-of user execution, guardrails powered by LLM judges, and per-request dollar cost tracking across all model providers.

News April 16, 2026
3 min read

OWASP Publishes Q1 2026 GenAI Exploit Round-Up Covering Eight Major AI Agent Security Incidents

OWASP's GenAI Security Project released its Q1 2026 exploit round-up, the first comprehensive AI agent exploit taxonomy of the year. The report covers eight incidents from January through April 11, including the Mexican government breach via Claude-assisted attack workflows, OpenClaw inbox deletion, Meta's internal AI agent data leak, and active exploitation of Flowise CVE-2025-59528. Each incident is mapped to both the OWASP Top 10 for LLM Applications 2025 and Top 10 for Agentic Applications 2026.

News April 16, 2026
3 min read

Cal.com Moves Commercial Codebase to Closed Source, Citing AI Coding Tools as the Reason Public Code Is Now a Security Liability

Cal.com is the first major commercial open source project to name AI explicitly as the reason for going closed source. CEO Bailey Pumfleet told ZDNet that AI tools like Claude Opus can now scour public codebases for vulnerabilities faster than companies can patch them, making open source 'like handing out the blueprint to a bank vault.' The company simultaneously launched Cal.diy, a stripped MIT-licensed community fork for hobbyists.

News April 16, 2026
2 min read

LangChain Prepares Version 1.0 Release With Package Restructure, LangGraph Dependency, and Community Feedback Period

The LangChain team is preparing to release version 1.0 of its core Python package, the first stable release of the most widely used AI agent development framework. The restructure adds LangGraph as a dependency, re-exports core primitives at the top level, removes deprecated modules, and consolidates documentation. The team is actively soliciting developer feedback via the official LangChain Forum before the release goes live.

News April 16, 2026
3 min read

LangChain-ChatChat and Agent Zero Both Disclose Unauthenticated RCE via MCP Server Configuration on the Same Day

Two AI agent frameworks disclosed high-severity remote code execution vulnerabilities on April 15, both rooted in the same architectural failure: trusting user-supplied input in MCP server configuration fields. CVE-2026-30617 affects LangChain-ChatChat 0.3.1 and CVE-2026-30624 affects Agent Zero 0.9.8, each carrying a CVSS score of 8.6 with no authentication required.

News April 16, 2026
2 min read

Autodesk Ships Action-Capable MCP and AI Agents Across Fusion, Inventor, Revit, and Its Full Design Portfolio

The world's dominant 3D design and manufacturing software platform just made its entire product line accessible to external AI agents. Autodesk's new Fusion MCP lets agents take action inside CAD workflows, not just read data, while Autodesk Assistant goes live across Fusion, Inventor, Moldflow, Vault, and Revit 2027 with natural language access to engineering tools.

News April 16, 2026
3 min read

Cloudflare Unveils Project Think: Durable Execution, Sub-Agents, and a 30-Line Voice Pipeline for the Next Agents SDK

Cloudflare's Project Think previews the next generation of its Agents SDK with durable execution, sub-agents, persistent sessions, and real-time voice interactions in roughly 30 lines of server-side code. The batteries-included base class wires all primitives together, positioning Cloudflare's agent infrastructure for long-running, voice-capable production deployments.

News April 15, 2026
4 min read

Cloudflare Agents Week Adds SDK v2 Preview, Agent Lee Dashboard Agent, Mesh Private Networking, and a Unified CLI to Its Agent Infrastructure Stack

Cloudflare's Agents Week peaked on April 15 with four new product launches: an Agents SDK v2 preview for long-running multi-step tasks, Agent Lee (an in-dashboard agent replacing manual navigation), Cloudflare Mesh for secure private networking between agents and internal infrastructure, and a unified cf CLI covering all 3,000 Cloudflare API operations. Combined with Sandboxes GA and Dynamic Workers from earlier in the week, Cloudflare has assembled the most complete agent infrastructure stack from any non-AI-lab vendor this quarter.

News April 15, 2026
3 min read

GitHub Security Lab Launches 'Hack the AI Agent' Game to Teach Agentic AI Vulnerabilities to 10,000+ Developers

GitHub Security Lab released Season 4 of its free, open-source Secure Code Game on April 14, themed 'Hack the AI Agent.' Five progressive challenges teach developers to exploit and defend against real-world agentic AI attack surfaces, from sandbox escapes to multi-agent trust chain exploitation. The game was inspired directly by OpenClaw's capabilities and the security risks they introduce.

News April 14, 2026
3 min read

Google's PaperVizAgent and ScholarPeer Use Multi-Agent Orchestration to Beat Human Baselines in Academic Figure Generation and Peer Review

Google Research published two multi-agent frameworks targeting academic publishing bottlenecks. PaperVizAgent orchestrates five specialized agents to generate publication-ready figures from manuscript text, scoring 60.2 on a calibrated evaluation scale where human performance sits at 50.0. ScholarPeer automates peer review using adversarial literature search and multi-aspect verification, producing reviews that are more critical and literature-grounded than existing automated approaches.

News April 14, 2026
4 min read

Microsoft Open-Sources Agent Governance Toolkit With Policy Engine, Cryptographic Identity, and Kill Switches for Autonomous AI Agents

Microsoft released the Agent Governance Toolkit as an open-source project under MIT license, a nine-package monorepo that applies operating system security patterns to autonomous AI agents. The toolkit intercepts agent actions at runtime with deterministic policy enforcement, assigns cryptographic identities using decentralized identifiers, isolates execution through CPU-inspired privilege rings, and adapts SRE practices like error budgets and circuit breakers to agent workloads. It covers all 10 OWASP Agentic AI risks and ships with 20+ framework adapters for LangChain, AutoGen, Google ADK, and others.

News April 14, 2026
3 min read

OpenClaw Hackathon 2026 Projects Highlight the Gap Between Agent Demos and Production Infrastructure

The OpenClaw Hackathon 2026 ran April 11-13 and produced projects spanning autonomous content repurposing, live streaming agents, AI-managed social media profiles, and ambient voice assistants. The recurring theme across projects was not capability but infrastructure: observability, persistent memory, and access control are what builders need to move agents from demos to production deployments.

News April 14, 2026
2 min read

Google ADK Python v1.30.0 Adds Gemma 4 Support, Auth Provider for Agent Registries, and Live A2A Artifact Streaming

Google shipped ADK Python v1.30.0 overnight with Gemma 4 model support, Auth Provider integration for agent registries, artifact streaming in A2A protocol events, and a credential leakage fix. The most active open-source multi-agent framework in 2026 now lets agents pass live artifacts in agent-to-agent communications and manage credentials across distributed agent ecosystems.

News April 13, 2026
3 min read

UC Berkeley Built an Agent That Achieves Near-Perfect Scores on SWE-bench, WebArena, and Six Other AI Benchmarks Without Solving a Single Task

Researchers at UC Berkeley's Center for Responsible Decentralized Intelligence built an automated agent that exploits eight of the most widely cited AI benchmarks to achieve near-perfect scores. No reasoning. No LLM calls. Just pytest hooks, binary trojans, config leakage, and sandbox escapes. The findings mean any published agent benchmark score is suspect without independent verification.

News April 13, 2026
3 min read

Claude Code's Hidden Token Tax: Developers Document Invisible 20K Token Injection and Silent Cache TTL Downgrade

Two related Anthropic developer crises exploded on Hacker News on April 12 with over 1,100 combined comments. Developers documented that Claude Code v2.1.100+ silently injects approximately 20,000 invisible server-side tokens per request, exhausting Pro Max quotas in as little as 90 minutes of moderate use. Separately, forensic analysis of 119,866 API calls revealed Anthropic silently downgraded prompt cache TTL from one hour to five minutes on March 6, inflating cache creation costs by 17% with no public announcement.

News April 12, 2026
2 min read

NousResearch Launches Hermes Agent, an Open-Source Autonomous Agent With Built-In Learning Loops and Cross-Platform Messaging

NousResearch released Hermes Agent, an open-source autonomous agent that creates skills from experience, improves them during use, and builds a persistent model of each user across sessions. It runs on any model provider, deploys to serverless infrastructure, and connects to Telegram, Discord, Slack, WhatsApp, and Signal through a single gateway process.

News April 11, 2026
2 min read

GitHub Releases Copilot SDK in Public Preview, Embedding Its Agent Runtime Into Five Languages

GitHub released the Copilot SDK in public preview on April 11, a multi-language SDK spanning Python, TypeScript, Go, .NET, and Java that exposes the same agent runtime powering Copilot CLI. Developers define agent behavior and the SDK handles planning, tool invocation, and file edits autonomously. MCP integration, BYOK authentication, and community ports for Rust, Clojure, and C++ are included.

News April 11, 2026
2 min read

Microsoft Open-Sources Agent Framework, Unifying AutoGen and Semantic Kernel Into One Multi-Language Runtime

Microsoft released Agent Framework on April 11, an open-source framework for building, orchestrating, and deploying AI agents in both Python and .NET. The framework includes graph-based workflows with streaming, checkpointing, human-in-the-loop controls, and time-travel debugging. Migration guides from AutoGen and Semantic Kernel position it as Microsoft's unified agent development platform.

News April 10, 2026
2 min read

Claude Code v2.1.97 Adds Focus View, Hardens Bash Permissions, Fixes MCP Memory Leak

Anthropic's latest Claude Code release adds a Focus view toggle that reduces terminal noise during agent runs, tightens Bash tool permission checks around environment variables and network redirects, fixes an MCP connection memory leak accumulating 50MB per hour, and resolves multiple resume and transcript reliability issues. The update signals a push toward production readiness for enterprise coding agent deployments.

Commentary April 10, 2026
3 min read

Three Attacks in Four Days Exposed the Security Debt in AI Agent Frameworks

In the last week of March, LangChain disclosed three high-severity CVEs affecting 60 million weekly downloads, Langflow was exploited within 20 hours of disclosure, and a threat group hijacked LiteLLM's PyPI publishing pipeline to distribute credential-stealing malware. A new analysis argues these aren't isolated incidents. They're symptoms of an infrastructure class that grew faster than its security posture.

News April 9, 2026
3 min read

Flowise AI Agent Builder Under Active Exploitation: CVSS 10.0 RCE Flaw With 12,000 Exposed Instances

Threat actors are actively exploiting a maximum-severity remote code execution flaw in Flowise, the open-source platform for building AI agents. CVE-2025-59528 scores a perfect 10.0 on CVSS and lets attackers execute arbitrary JavaScript on the server through the CustomMCP node. With 12,000+ instances exposed on the internet, this is the third Flowise vulnerability to see in-the-wild exploitation.

News April 9, 2026
3 min read

PraisonAI Patches Two Critical RCE Vulnerabilities in Agent Framework: Sandbox Escape and YAML Deserialization

PraisonAI, the open-source multi-agent framework, disclosed and patched two critical remote code execution vulnerabilities within 24 hours. CVE-2026-39888 scores 9.9 on CVSS and allows sandbox escape through exception frame traversal. CVE-2026-39890 scores 9.8 and enables arbitrary code execution via malicious YAML agent definitions. Both are fixed in the latest releases.

News April 7, 2026
2 min read

Microsoft Releases Agent Framework v1.0, Merging AutoGen and Semantic Kernel. Developers Say the Combined Stack Is Still Confusing.

Microsoft shipped Agent Framework v1.0 on April 3, combining AutoGen and Semantic Kernel into a unified SDK for building multi-agent systems in .NET and Python. The production-stable release supports seven model providers and ships with A2A and MCP interoperability. Developer reaction, per Forbes, is skeptical: rivals like LangChain and OpenClaw are winning on simplicity while Microsoft's combined stack still feels like two frameworks wearing a trench coat.

News April 6, 2026
2 min read

Nous Research Ships a Step-by-Step OpenClaw Migration Guide for Its Self-Improving Hermes Agent

Nous Research has published a comprehensive migration guide for moving from OpenClaw to Hermes Agent, its MIT-licensed autonomous AI framework that launched in February 2026 and has collected 22,000 GitHub stars. The guide includes a one-command migration tool. Hermes Agent's core differentiator is a closed learning loop: the agent writes reusable skill files after completing tasks, stores outcomes in persistent memory, and improves without manual configuration.

Deep Dive April 6, 2026
6 min read

China's 'Lobster' Agents: How OpenClaw Became Beijing's Default AI Infrastructure When Western Models Were Blocked

Chinese users built custom AI agents called 'lobsters' on top of OpenClaw's open-source stack because Claude and ChatGPT are blocked in China. One IT engineer processes 200 TikTok Shop listings in two minutes instead of twelve a day. Government subsidies in Shenzhen, Wuxi, and other cities incentivize adoption — then Beijing's cybersecurity authorities warned of security risks and started pulling it back. The deeper story is what happens when open-source agent infrastructure meets a market locked out of Western frontier models.

News April 5, 2026
3 min read

Google Ships ADK Java 1.0 and Go 1.0 as Agent Framework Landscape Splits Into Provider-Native and Independent Camps

Google released ADK for Java 1.0.0 on March 30 and ADK for Go 1.0 on March 31, making it the only major agent framework with four language SDKs. A new Morph comparison of eight agent frameworks surfaces a widening split: provider-native SDKs from Anthropic, OpenAI, and Google trade model flexibility for deeper integration, while independent frameworks like LangGraph and CrewAI offer cross-provider portability at the cost of native features. Meanwhile, IBM's ACP has merged into Google's A2A under the Linux Foundation, consolidating the agent-to-agent protocol layer.

News April 5, 2026
3 min read

Andrej Karpathy's LLM Knowledge Bases Replace RAG With a Markdown Wiki Maintained by the Agent Itself

Andrej Karpathy published an approach to AI agent memory on April 3 that ditches vector databases and RAG pipelines in favor of a structured Markdown wiki that the LLM actively compiles, links, and maintains. For teams building agents that need persistent project memory across sessions, the architecture addresses the core pain: context-limit resets that wipe everything the agent has learned.

News April 5, 2026
3 min read

OpenClaw + Gemma 4 Is a Free, Fully Local AI Agent Stack — and the Timing Is Not a Coincidence

Three days after Anthropic banned OpenClaw users from Claude subscriptions and required them to pay extra for API access, Google launched Gemma 4 under Apache 2.0 — a capable open-weight model that runs locally via Ollama. LushBinary published a guide pairing the two this weekend. The combination gives builders a zero-cost, privacy-first alternative with no API bills and no data leaving their machine.

News April 2, 2026
3 min read

Anthropic's DMCA Cleanup of Claude Code Leak Accidentally Took Down 8,100 GitHub Repositories

Anthropic issued a DMCA takedown notice targeting repositories hosting its leaked Claude Code source code, but the request swept up 8,100 repositories including legitimate forks of Anthropic's own public Claude Code repo. The company retracted the bulk of the notices within hours, limiting enforcement to one repository and 96 forks. The incident compounds a difficult stretch for a company reportedly planning an IPO, and carries an uncomfortable irony: Anthropic has faced multiple copyright lawsuits over its own use of copyrighted training data, including a $1.5 billion damages order in September 2025.

News April 2, 2026
2 min read

GitHub Extends Secret Scanning to AI Coding Agents via MCP Server, Adds 37 New Detectors in March

GitHub now scans code changes for exposed secrets inside AI coding agent sessions through its MCP Server, treating agentic coding as a distinct security surface. The company also added 37 new secret detectors across 22 providers in March, with push protection now active by default for 39 token types. The move comes as GitGuardian reports 24,008 unique secrets exposed in MCP-related configuration files across public GitHub.

News April 2, 2026
2 min read

Claw Code Launches as Open-Source AI Coding Agent Framework, Claims 72,000 GitHub Stars in First Days

An open-source project called Claw Code launched today as an AI coding agent framework built in Python and Rust. The project claims 72,000 GitHub stars within its first days, though the actual count is difficult to verify independently. Built as a clean-room reimplementation of architectural patterns from the leaked Claude Code source, Claw Code positions itself as an auditable alternative to proprietary AI coding tools like Copilot and Cursor.

News April 1, 2026
4 min read

Anthropic Accidentally Leaked 512,000 Lines of Claude Code Source via npm, Revealing Anti-Distillation Traps and Undercover Mode

A packaging error in Claude Code version 2.1.88 shipped a .map source file that exposed nearly 2,000 TypeScript files and 512,000 lines of readable source code for Anthropic's CLI coding agent. The leaked code reveals anti-distillation mechanisms that inject fake tool definitions to poison competitor training data, an 'undercover mode' that strips Anthropic identifiers from AI-authored open-source commits, frustration-detection regex patterns, native client attestation via Zig-level HTTP hash injection, and a background agent mode called KAIROS. Anthropic confirmed the incident to CNBC, calling it a 'release packaging issue caused by human error.' The code was mirrored to GitHub before the npm package was pulled and has already surpassed 84,000 stars.

News April 1, 2026
2 min read

Azure Developer CLI Adds Local AI Agent Run-and-Debug Loop in March 2026 Release

Microsoft's Azure Developer CLI (azd) shipped seven releases in March 2026, headlined by a new AI agent extension that lets developers run, invoke, and monitor agents locally before deploying to Microsoft Foundry. The update also includes GitHub Copilot integration for AI-assisted project scaffolding and error troubleshooting, Container App Jobs deployment, and local preflight validation. For agent builders on Azure, this closes the gap between writing agent code and testing it against live infrastructure.

News April 1, 2026
2 min read

TechRadar Catalogues 10 Unconventional OpenClaw Builds, From Overnight Coding Pipelines to an AI Social Network Acquired by Meta

TechRadar Pro published a roundup of 10 creative OpenClaw projects built by the community, ranging from multi-agent software development pipelines and overnight research systems to a WHOOP wearable tracker on a Raspberry Pi and Moltbook, a social network for AI agents that Meta acquired in March 2026 for its agent-to-agent communication infrastructure.

News March 30, 2026
2 min read

Ollama Launches Pi as Standalone Coding Agent, Open-Sourcing the TypeScript Primitives Behind OpenClaw

Ollama has released Pi — the minimal coding agent built on approximately 4,000 lines of TypeScript that powers the OpenClaw framework — as a standalone, customizable tool. Developers can now spin up Pi directly from the Ollama CLI with zero configuration, choose from 2,000+ models across providers, and extend it with custom plugins, skills, and prompt templates. The default cloud model is Kimi K2.5, a 1-trillion-parameter MoE model priced at roughly 9x cheaper than Claude Opus 4.5.

News March 30, 2026
3 min read

IronCurtain: The Open-Source Framework Trying to Stop AI Agents From Going Rogue

Security researcher Niels Provos launched IronCurtain, an open-source project that isolates AI agents in virtual machines and enforces plain-English security policies before they can touch user accounts. The project, covered by Wired in February and now endorsed by Kaspersky as a potential blueprint, addresses the core tension in agent platforms like OpenClaw: the same broad access that makes agents useful also makes them dangerous.

Deep Dive March 30, 2026
8 min read

The Agent Sandbox Wars: 13 Platforms Are Racing to Build the Runtime Layer AI Agents Actually Need

Agent-Infra's AIO Sandbox launched this weekend as the 13th entrant in a market that barely existed a year ago. E2B has processed over 200 million sandbox sessions, and roughly half the Fortune 500 now runs agent workloads on isolated execution platforms. Cloudflare shipped Dynamic Workers that spin up isolated code execution 100x faster than containers. NVIDIA's OpenShell enforces system-level security policies that agents can't override. Fly.io's Sprites offer persistent VMs with sub-second checkpoint/restore. And a YC X26 startup called Microsandbox built credential isolation directly into the network layer. The question 'where should AI-generated code run?' has become a full-blown infrastructure category, and the market is already splitting into competing architectural philosophies that will shape how every production agent operates.

News March 29, 2026
3 min read

Nvidia's ProRL Agent Separates Training From Rollout, Open-Sources a New Architecture for Building RL-Based AI Agents

Nvidia released ProRL Agent, an open-source infrastructure that decouples reinforcement learning training from agent rollout by exposing rollout as a standalone API service. Integrated into NeMo Gym, the system achieved near-linear throughput scaling and boosted a Qwen3-8B model from 9.6% to 18.0% on SWE-Bench Verified — gains from infrastructure alone, not bigger models.

News March 27, 2026
3 min read

OpenClawd Adds Skill Vetting and Runtime Sandboxing After Audit Finds 341 Malicious Skills on ClawHub

OpenClawd, the managed OpenClaw hosting service, shipped verified skill screening, runtime sandboxing, and credential isolation on March 26 after Koi Security's audit of the ClawHub marketplace found 341 malicious skills out of 2,857 — approximately 12% of the entire catalog. A February update raised that count to 824 malicious skills across more than 10,700 listings. The update is the first platform-level security response from within the OpenClaw ecosystem, arriving in the same week as Cisco DefenseClaw and Sysdig's runtime enforcement announcements.

News March 26, 2026
2 min read

Luffa Integrates OpenClaw to Give AI Agents On-Chain Identities and Governable Permissions

Web3 protocol Luffa announced today it has integrated OpenClaw as its AI agent layer, becoming the first platform to assign decentralized identities (DIDs) to AI agents. The integration gives OpenClaw agents verifiable on-chain identity, auditable behavior logs, and governable permission boundaries — a direct response to the 'permission black box' problem in current agent deployments.

News March 26, 2026
3 min read

Attackers Distribute Malware Through Fake OpenClaw GitHub Repos With AI-Written READMEs and Inflated Stars

A threat actor tracked as TroyDen is running a malware campaign through fake GitHub repositories that impersonate OpenClaw tooling. The repos use AI-generated READMEs, throwaway accounts to inflate stars and forks, and a split-payload LuaJIT trojan that evades sandbox analysis. Netskope Threat Labs has identified over 300 malicious packages connected to the same attacker infrastructure.

Deep Dive March 26, 2026
7 min read

LiteLLM Supply Chain Attack: How TeamPCP Compromised the Python Library That Powers Most AI Agent Stacks

On March 24, a threat actor called TeamPCP pushed backdoored versions of LiteLLM to PyPI, embedding a three-stage credential stealer that harvested SSH keys, cloud tokens, and Kubernetes secrets from every environment where the package was installed. LiteLLM sits in the dependency chain of nearly every major AI agent framework, and Wiz estimates it is present in 36% of all cloud environments. The attack is part of a broader campaign that has already hit Trivy, Checkmarx, and multiple package registries, with TeamPCP now claiming collaboration with the extortion group LAPSUS$.

News March 25, 2026
2 min read

NousResearch Launches Hermes Agent, an Open-Source Autonomous Agent With Persistent Memory and Self-Improving Skills

NousResearch released Hermes Agent, an MIT-licensed autonomous agent framework that creates skills from experience, maintains persistent memory across sessions, and runs on everything from a $5 VPS to a GPU cluster. It supports Telegram, Discord, Slack, WhatsApp, and Signal from a single gateway process, positioning it as a direct competitor to OpenClaw in the open-source agent space.

News March 24, 2026
3 min read

Cisco Launches DefenseClaw at RSA 2026: An Open-Source Security Scanner for AI Agents Built on NVIDIA's OpenShell

Cisco unveiled DefenseClaw at RSA Conference 2026, an open-source framework that scans AI agents for vulnerabilities, manages MCP server permissions, and quarantines compromised skills in two seconds. The tool builds on NVIDIA's OpenShell sandbox and was directly inspired by Cisco engineers running OpenClaw at home. GitHub availability is set for March 27.

News March 24, 2026
4 min read

SkyPilot Gave Claude Code 16 GPUs and Karpathy's Autoresearch Framework. It Ran 910 Experiments in 8 Hours.

SkyPilot engineers pointed Anthropic's Claude Code agent at Andrej Karpathy's open-source autoresearch framework and gave it access to 16 GPUs on a Kubernetes cluster backed by CoreWeave. Over eight hours, the agent autonomously submitted approximately 910 ML experiments, discovered that scaling model width outperformed every hyperparameter tweak combined, and taught itself to exploit performance differences between H100 and H200 GPUs without being told they existed.

← Back to all stories