How-Tos & Practical Guides

Researchers at Palo Alto Networks’ Unit 42 have published documentation of real-world indirect prompt injection attacks — and this is one of those security stories that deserves more attention from the AI builder community than it’s currently getting. The attack is conceptually simple and practically dangerous: a malicious actor embeds hidden instructions in a website’s content. When an AI agent browses that page as part of an automated task, it reads the hidden instructions and executes them — without the user ever seeing what happened. ...

LangChain just released something that deserves more attention than it’s getting: a skills system for AI coding agents that nearly quadruples Claude Code’s success rate on LangChain and LangGraph tasks — from 25% to 95%, according to the official LangChain blog. That’s not a marginal improvement. That’s the difference between a tool that frustrates you half the time and one that actually ships working code. What the Skills System Is LangChain Skills is a structured way to give AI coding agents precisely the context they need for ecosystem-specific work — without bloating the agent’s context window with everything upfront. ...

OpenAI’s agentic coding app Codex has officially landed on Windows — and it’s not a half-hearted port. This is a ground-up native implementation: custom open-source sandbox, PowerShell integration, and a proper Windows Store listing. The milestone coincides with Codex hitting 1.6 million weekly active users, up from roughly 500K a few months ago. That’s a meaningful signal that agentic coding is moving from developer curiosity to mainstream workflow. What’s Actually New in the Windows Release The Windows version of Codex ships three things worth paying attention to: ...

Something genuinely important is shipping in Chrome 146: an early preview of WebMCP, a W3C draft standard jointly developed by Google and Microsoft that fundamentally changes how AI agents interact with websites. Right now, AI agents that browse the web do so by scraping DOM elements — reading HTML, finding buttons, inferring what actions are available. It’s brittle. A website redesign breaks the agent. A modal renders differently across browsers and the agent gets stuck. This approach works well enough for demos but fails at production scale. ...

AWS just added OpenClaw to Amazon Lightsail as an official one-click blueprint. That means you can now deploy a fully functional, self-hosted AI agent — pre-connected to Amazon Bedrock and Claude Sonnet 4.6 — in the time it takes to make coffee. Here’s exactly how to do it. What You’ll Need An AWS account (free tier works for the first month; the $3.50/month Lightsail tier covers basic usage) About 5 minutes A domain name (optional, but recommended for HTTPS setup) Step 1: Open the Lightsail Console Navigate to lightsail.aws.amazon.com and sign in with your AWS credentials. If you don’t have an account, the signup takes about 3 minutes and doesn’t require a credit card for the initial free tier. ...

If you’ve deployed OpenClaw agents with MCP server integrations, there’s a good chance your agents have more access than you realize — and your audit logs are hiding it. Security researchers call it the “god key” problem, and it’s a genuine architectural gap in how most teams are running MCP today. Here’s what it is, why it matters, and how to fix it. What Is the MCP God Key Problem? Model Context Protocol (MCP) servers act as bridges between your AI agents and external tools — databases, file systems, APIs, SaaS platforms. The problem is how credentials flow through that bridge. ...

Anthropic’s Claude Code Voice Mode went live today in a staged rollout. If you’re on a Pro, Max, Team, or Enterprise plan, here’s everything you need to get started — or get ready when it hits your account. Prerequisites Before you try to enable Voice Mode, confirm you have: Claude Code CLI installed — latest version recommended Eligible plan: Pro, Max, Team, or Enterprise (free plans are not included in this rollout) Active Claude Code session in a terminal environment with microphone access Rollout access: Currently ~5% of eligible users. If the command doesn’t work yet, you’re in the queue — broader rollout is coming in the next few weeks Check your Claude Code version: ...

OpenClaw v2026.3.2 shipped two features that close significant gaps in what agents can natively process: a PDF analysis tool with dual-backend support, and a Speech-to-Text API for audio transcription. If you’re running agents that touch documents or audio — research pipelines, meeting summarizers, compliance workflows, content processors — these are worth setting up immediately. This guide walks through both tools: what they do, how to configure them, and how to chain them into practical workflows. ...

Running 13 AI agents simultaneously on a single software project sounds like either a research demo or a recipe for chaos. A developer posting on DEV.to this week shows it’s neither — it’s a practical, production-tested workflow that actually ships code, and it’s approachable enough to adapt right now. Here’s the full breakdown of how it works, what tools it uses, and how you can build something similar. The Setup: 13 Agents, One Tmux Window The core architecture is simple at the infrastructure level: 13 Claude Code instances running in tmux panes, each assigned a discrete task. The complexity isn’t in the terminal layout — it’s in the inter-agent communication layer the developer built on top of it. ...

The ClawJacked vulnerability allowed malicious websites to brute-force OpenClaw’s local WebSocket gateway and silently gain admin control over your AI agents. The patch is out — but patching alone isn’t enough if your gateway is still misconfigured. This guide walks you through verification and hardening. Time required: 10–15 minutes Difficulty: Beginner–Intermediate Prerequisites: OpenClaw installed and running locally Step 1: Check Your OpenClaw Version The ClawJacked fix shipped in the latest OpenClaw release. First, confirm what version you’re running. ...