Agentic AI News

OpenAI is entering the enterprise security market in a serious way. On March 6, 2026, the company launched Codex Security — an AI security agent in research preview that doesn’t just find vulnerabilities, but confirms them with proof-of-concept exploits and proposes developer-ready patches. The agent was previously codenamed “Aardvark.” The new name signals intent: this is Codex — OpenAI’s flagship agentic coding system — applied specifically to the application security workflow. ...

If you use Claude Code in your development workflow, stop and read this before opening another repository. Check Point Research has disclosed two critical vulnerabilities — CVE-2026-21852 and CVE-2025-59536 — in Anthropic’s Claude Code agentic coding tool. The flaws allowed attackers to execute arbitrary code on a victim’s machine and exfiltrate API keys. The attack vector required only a malicious configuration file placed in a repository. The exploit triggered automatically — before the user saw or accepted the trust dialog. ...

Something unusual is happening in the AI consumer market. Claude — Anthropic’s flagship AI assistant — has hit number one on the US App Store. More than a million people a day are creating accounts. And Anthropic’s annualized revenue has jumped from $14 billion to $19 billion in a matter of weeks. The catalyst is a controversy, but the story worth focusing on for practitioners isn’t the controversy itself — it’s what the growth surge means for the Claude API ecosystem, for OpenClaw deployments, and for the broader agentic infrastructure built on Anthropic’s models. ...

OpenClaw just got its first dedicated hardware product. Nano Labs — a Nasdaq-listed company trading under ticker NA — announced the iPollo ClawPC A1 Mini on March 6, a compact device purpose-built for the OpenClaw AI agent ecosystem. The pitch: run your LLMs locally, use messaging platforms as your primary UI, and eliminate the cloud dependency from your autonomous agent stack. This is a milestone worth paying attention to — not because the product has proven itself yet, but because dedicated agent hardware entering the market signals something real about where the ecosystem is heading. ...

The agentic AI landscape just shifted. OpenAI’s GPT-5.4 — launched March 5, 2026 — isn’t just a model update. It’s a direct bid to own the autonomous agent stack, arriving with native computer-use, a one-million-token context window, and a reworked tool-calling system that slashes token consumption by 47% on MCP benchmark tasks. If you’re building with agent pipelines, this is the model release worth paying attention to. What’s Actually New in GPT-5.4 Native Computer-Use This is the headline feature, and it’s genuinely significant. Rather than bolting computer-use on as a post-hoc capability, OpenAI has built it into GPT-5.4 at the architecture level. The model can observe screen states, click UI elements, type into fields, scroll, and navigate applications — autonomously, without requiring a separate vision model or operator middleware. ...

The race for agentic control of mobile devices just got a new entrant with serious hardware muscle behind it. Xiaomi officially announced the start of a limited, invite-only closed beta for miclaw on March 6 — a mobile AI agent built on the company’s own MiMo large model that can autonomously click UI elements, switch between apps, and control smart home devices, all from your Android phone. This is the moment the agentic AI paradigm lands on the most personal computing device most people own. ...

ExpressVPN shipped something genuinely novel on March 5, 2026: the first VPN MCP server from any major VPN provider. It lets AI tools read your VPN status and change connection settings directly from development environments — no app-switching, no GUI. It’s a beta, it’s available now, and it’s worth understanding what it actually enables. What the ExpressVPN MCP Server Does The MCP server exposes two core capabilities to any MCP-compatible AI client: ...

The payments infrastructure problem for agentic AI is real: when an AI agent makes a purchase on your behalf, how does the merchant know it was actually authorized? How does your bank verify the agent followed your instructions? How do you audit what happened afterward? On Thursday, Mastercard announced its answer: Verifiable Intent, an open-source, standards-based framework for agentic commerce. What Verifiable Intent Does Verifiable Intent addresses three things that current payment infrastructure doesn’t handle well for AI agents: ...

OpenAI published something unusual in early March 2026: a framework that isn’t a model wrapper, a chat interface, or a prompt toolkit. Symphony is an open-source orchestration layer for autonomous coding agents — and it’s built in Elixir, a language choice that says something specific about what the framework is designed to do. What Symphony Does Symphony connects issue trackers to LLM-based coding agents through what it calls implementation runs — structured, stateful execution processes that transform a project task into an automated sequence of code changes. ...

This is an update post. We covered the initial Pentagon concerns on February 28 and the defense contractor fallout on March 4. Here’s what’s genuinely new. The Pentagon sent Anthropic formal written notification on Thursday, March 5, designating the company a supply-chain risk to national security. This is a legal and procurement designation — not just informal concern or policy discussion. It has real consequences for government contractors who use Claude-based tools. ...