Agentic AI News

OpenClaw shipped v2026.3.31 on March 31st, and it’s one of the more substantive releases in recent months. Three security fixes over the prior stable version (v2026.3.28), a rethought approach to background task management, and two new platform integrations — including one that opens the China market. If you’re running OpenClaw in production, this release warrants a careful read before you upgrade. The Security Story: Trust Is No Longer Automatic The headline change in v2026.3.31 is a security model overhaul that makes implicit trust explicit across the stack. ...

One of the most widely-used JavaScript libraries in the world was silently backdoored today. Axios — the HTTP client with over 83 million weekly downloads — had two of its npm versions compromised in an active supply chain attack. And if you’re running OpenClaw 3.28 with the Slack plugin enabled, you need to act now. What Happened On March 31, 2026, attackers gained access to the npm credentials of Axios’s primary maintainer (“jasonsaayman”) and published two malicious versions: 1.14.1 and 0.30.4. Both versions inject a fake dependency called [email protected] that functions as a cross-platform Remote Access Trojan (RAT) dropper. ...

A carefully crafted malicious prompt could turn an ordinary ChatGPT conversation into a covert data exfiltration channel — silently leaking your messages, uploaded files, and AI-generated summaries without any warning. Check Point Research published full technical details on March 31, 2026 of a vulnerability that OpenAI patched on February 20, 2026. The Architecture of a Silent Exfiltration ChatGPT runs code in a sandboxed Linux environment with outbound web controls designed to prevent unauthorized data sharing. The controls block direct HTTP/HTTPS requests — but the researchers discovered a critical gap: DNS lookups were not subject to the same outbound restrictions. ...

A new critical vulnerability in OpenClaw — tracked as CVE-2026-32971 — allows attackers to obtain human approval for a benign-looking command while executing an entirely different, malicious payload. If you’re running OpenClaw before version 2026.3.11, patch now. The Vulnerability CVE-2026-32971 is a flaw in how OpenClaw’s node-host system.run approval mechanism displays shell commands to users. When the approval dialog is triggered, OpenClaw extracts and displays only a subset of the shell payload — the portion it considers “representative” — rather than the full argv that will actually be executed. ...

A critical vulnerability in OpenAI Codex — silently patched in February 2026 — allowed attackers to steal GitHub OAuth tokens through command injection, potentially compromising entire enterprise organizations sharing code repositories. Full public disclosure arrived March 31, 2026, thanks to research from Phantom Labs. The Vulnerability Phantom Labs, an identity security firm, discovered that OpenAI Codex was vulnerable to command injection in its shell execution environment. An attacker who could influence the commands sent to Codex — through crafted prompts, malicious repository content, or injected tool responses — could exfiltrate the GitHub OAuth token that Codex uses to authenticate with repositories. ...

It happened again — and this time the exposure was massive. On March 31, 2026, security researcher Chaofan Shou (@shoucccc) discovered that Anthropic’s Claude Code CLI had inadvertently published its entire source code inside a 60MB source map file (cli.js.map) bundled within its npm package. Within hours, the community had mirrored the code, opened GitHub repos cataloguing the exposure, and the story had broken across cybersecurity news outlets worldwide. This is reportedly the second time in a year that Claude Code’s source has leaked through the same vector. ...

For decades, being a great developer meant being able to write code. Today, Fortune argues, that’s changing — and the new premium skill isn’t writing. It’s supervising. In a piece published today, Fortune makes the case that AI agents and vibe coding are creating what they call a “Supervisor Class” — a new archetype of developer who derives their value not from syntax mastery, but from high-level judgment and the ability to direct autonomous systems effectively. ...

The wall between AI agents and your browser just came down. Opera announced today that Opera Neon — the company’s experimental AI-first browser — now supports the Model Context Protocol (MCP) as a native server. This means external AI clients — including Claude Code, ChatGPT, n8n, Lovable, and OpenClaw — can connect directly to a live Neon browser session, access your real-time web context, and take actions inside pages. No Playwright. No Selenium. No screenshots copied and pasted between apps. Just agents talking directly to your browser. ...

Shopify activated Agentic Storefronts for all eligible US merchants on March 24, 2026. Products from 5.6 million Shopify stores are now discoverable and purchasable inside ChatGPT, Microsoft Copilot, Google AI Mode, and the Gemini app — managed via a single toggle in the Shopify Admin. No separate integrations. No new apps. Products are already there. This is the biggest structural change to e-commerce distribution since Google Shopping launched in 2012. When someone asks ChatGPT for a standing desk under $400 this week, Shopify merchant products can show up in that answer. That’s not a roadmap item. It shipped. ...

The last two co-founders of xAI have departed. Manuel Kroiss and Ross Nordeen left the company in late March 2026, completing a cascade of exits that began in earnest when Tony Wu departed on February 10. All 11 original co-founders of Elon Musk’s AI startup are now gone. This is not a gradual organizational shift. In a company that turned three years old this year, the entire founding team has exited within a matter of weeks. The pace and completeness of the departures is unusual even by the standards of the current AI industry churn. ...