How-Tos & Practical Guides

CVE-2026-33017 (CVSS 9.3) is a critical unauthenticated remote code execution vulnerability in Langflow that was actively exploited within 20 hours of public disclosure. If your Langflow instance is running version 1.8.1 or earlier and is network-accessible, treat this as an emergency. This guide walks you through patching, verification, and hardening steps to protect your deployment. Step 1: Confirm Your Current Version Check your installed Langflow version: pip show langflow | grep Version # or if running in Docker: docker exec <container_name> pip show langflow | grep Version If the output shows 1.8.1 or earlier, you are vulnerable and must patch immediately. ...

Here’s a number that should worry you if you’re shipping AI agents to production: 0.85¹⁰ = 0.197. That’s the success rate of a 10-step agentic task when each individual step has an 85% accuracy rate. Not 85% success overall — 19.7%. Your highly accurate agent fails 4 out of every 5 tasks it attempts. This is the compound probability problem, and it’s the hidden failure mode of most production AI agent deployments. ...

Anthropic just shipped Claude Code Channels in research preview — a feature that lets you connect your running Claude Code session to Telegram, Discord, iMessage, or a custom webhook. Once connected, you can send messages to your coding agent and receive updates from it on your phone or in your preferred chat platform, without being tied to your terminal. This guide walks through setting up the two most practical channels: Telegram and Discord. ...

If you’ve ever watched an AI coding agent ignore your project’s conventions — using the wrong naming scheme, adding unnecessary dependencies, writing tests that don’t match your test runner — there’s a simple fix that most developers haven’t heard of yet. It’s called AGENTS.md, and it’s now natively supported by over 25 AI coding tools. What Is AGENTS.md? AGENTS.md is a plain Markdown file you place in the root of your project repository. AI coding agents read it automatically when they start working in your codebase. It tells them everything they need to know about your project’s specific conventions, constraints, and preferences — before they write a single line of code. ...

If you’ve used GitHub Copilot, Claude Code, Cursor, or OpenAI Codex and wondered what’s actually happening under the hood when the agent “thinks,” plans a multi-step fix, and edits three files at once — Simon Willison just published the definitive practitioner answer. Willison’s new chapter of Agentic Engineering Patterns — titled “How Coding Agents Work” — is the clearest technical breakdown yet of what separates a coding agent from a coding assistant, and why that distinction matters enormously for how you use and build with these tools. ...

If you’re running AI agents in production and they have access to real tools — file systems, APIs, databases, external services — you have a security problem you may not have fully reckoned with yet. The problem: agents are not sandboxed by default. An agent that gets fed a malicious prompt (prompt injection), hallucinates a destructive command, or malfunctions can do real damage to your host system, your connected services, or your data. And most agent frameworks, even the good ones, don’t enforce OS-level isolation between the agent process and the machine it’s running on. ...

The AI agent framework landscape looked very different eighteen months ago. In mid-2024, there were somewhere north of 14 actively-maintained frameworks competing for developer attention — AutoGen, MetaGPT, SuperAGI, AgentVerse, and a long tail of others all vying for the same mindshare. By early 2026, the field has consolidated dramatically. Three frameworks have emerged as the clear dominant players: LangGraph, CrewAI, and Pydantic AI. This isn’t a comprehensive benchmark — it’s a practical decision guide. Here’s how to choose. ...

CNCERT just flagged 135,000 publicly exposed OpenClaw instances. If yours is one of them, this guide is for you. The 2026 OpenClaw security advisory covers two CVEs and a systemic issue with weak default configurations. This guide walks you through the practical steps to harden your deployment — from critical patches to defense-in-depth practices that protect against prompt injection attacks. Time to complete: 30–60 minutes Applies to: All self-hosted OpenClaw deployments Urgency: High — patch the CVEs first ...

Y Combinator CEO Garry Tan just open-sourced gstack — a Claude Code toolkit that transforms a single coding agent into a coordinated team of 8 specialist agents, each optimized for a specific phase of the software development lifecycle. He reportedly merged 100 pull requests in 7 days using it. Product Hunt is calling it “God Mode” for developers. Here’s what it is, why it works, and how to set it up. ...

If you’re building production AI agents in 2026, you’ve almost certainly encountered both MCP (Model Context Protocol) and Agent Skills as architectural options. Both are ways to extend what an AI agent can do — but they operate at fundamentally different levels of abstraction, and choosing between them (or combining them) is one of the most consequential architectural decisions you’ll make early in a project. This guide breaks down how each approach works, when each excels, the compatibility patterns for using both together, and the production deployment tradeoffs that practitioners are discovering in the field. ...