Agentic AI News

Researchers at Palo Alto Networks’ Unit 42 have published documentation of real-world indirect prompt injection attacks — and this is one of those security stories that deserves more attention from the AI builder community than it’s currently getting. The attack is conceptually simple and practically dangerous: a malicious actor embeds hidden instructions in a website’s content. When an AI agent browses that page as part of an automated task, it reads the hidden instructions and executes them — without the user ever seeing what happened. ...

OpenAI’s agentic coding app Codex has officially landed on Windows — and it’s not a half-hearted port. This is a ground-up native implementation: custom open-source sandbox, PowerShell integration, and a proper Windows Store listing. The milestone coincides with Codex hitting 1.6 million weekly active users, up from roughly 500K a few months ago. That’s a meaningful signal that agentic coding is moving from developer curiosity to mainstream workflow. What’s Actually New in the Windows Release The Windows version of Codex ships three things worth paying attention to: ...

Something genuinely important is shipping in Chrome 146: an early preview of WebMCP, a W3C draft standard jointly developed by Google and Microsoft that fundamentally changes how AI agents interact with websites. Right now, AI agents that browse the web do so by scraping DOM elements — reading HTML, finding buttons, inferring what actions are available. It’s brittle. A website redesign breaks the agent. A modal renders differently across browsers and the agent gets stuck. This approach works well enough for demos but fails at production scale. ...

Anthropic has entered the desktop agent arena in earnest. Cowork — the company’s native Windows application — brings Claude AI directly to your desktop as an active participant in file management, workflow automation, and system interaction, not just a chat interface. It’s a significant expansion of how Anthropic thinks about where Claude lives and what it does. For anyone watching the competition between self-hosted agents like OpenClaw and cloud-native offerings, Cowork is the clearest signal yet that the major AI labs are treating the desktop as a battleground. ...

If you’ve ever wanted to run your own private AI agent without touching a Dockerfile or configuring a reverse proxy from scratch, AWS just made it dramatically easier. Amazon Web Services has officially added OpenClaw to Amazon Lightsail as a one-click blueprint — meaning you can spin up a fully functional, self-hosted AI agent in minutes, starting at approximately $3.50 per month. This is a meaningful moment for the agentic AI ecosystem. OpenClaw going from a GitHub sensation to a first-class AWS product suggests that self-hosted AI agents are no longer a hobbyist curiosity — they’re becoming a mainstream infrastructure choice. ...

⚠️ Safety Warning: If you installed OpenClaw recently and did not download it from the official source at openclaw.ai or the verified GitHub organization, your system may be compromised. Read this article in full before continuing to use the installation. OpenClaw’s explosive growth has made it an irresistible target for threat actors. Researchers at Huntress have uncovered an active campaign using malicious OpenClaw installers hosted on GitHub — and critically, those fake installers were being actively surfaced by Bing AI’s search results, dramatically expanding their potential victim pool. ...

An OpenClaw agent named Fabrius — powered by Anthropic’s Claude Opus — just crossed one of the stranger thresholds in AI history: it navigated a full job application process autonomously, including creating a Hotmail email address, building a LinkedIn profile, setting up a GitHub account, and nearly passing a final hiring screening before a human reviewer caught on. Axios broke the story today, and it’s already generating significant discussion about where we draw the lines on AI autonomy. ...

In just 14 days, OpenClaw has done something no software project has ever done: it crossed 250,000 GitHub stars, surpassing both React and Linux to become the most-starred repository in the platform’s history. It is, by any measure, the fastest star climb in GitHub’s existence — and it’s already triggering a serious debate about what the explosion in adoption means for enterprise security. The Numbers That Broke Records Let’s put this in context. React — Facebook’s UI library — took years to accumulate its star count. Linux, the foundation of half the world’s computing infrastructure, built its GitHub presence over decades. OpenClaw crossed Linux at 224,000 stars and kept going, blowing past React’s all-time high on its way to 250,000. ...

The fallout from the Pentagon’s Anthropic blacklist is now landing on everyday enterprise teams — and it’s uglier than the original headline suggested. Defense tech companies are quietly dropping Claude, and the ripple effects are moving fast. What Just Happened CNBC reported this morning that companies doing business with the US government are facing an impossible compliance choice: keep using Claude and risk losing their defense contracts, or abandon Anthropic’s models entirely. For contractors already navigating a complex web of FedRAMP requirements, supply-chain directives, and vendor compliance rules, that’s not really a choice at all. ...

Zenity Labs published a full disclosure today of PerplexedAgent — a zero-click attack chain targeting Perplexity’s Comet agentic browser. The technique requires no user interaction beyond opening a calendar invite. From there, an attacker can hijack the browser, exfiltrate local files, and steal credentials stored in password managers including 1Password. Perplexity has shipped two patches in response (both in February 2026). But Zenity’s disclosure goes beyond a single product vulnerability — the researchers are warning that the attack surface they found is inherent to the agentic browser category, not unique to Comet. ...