Practical Agentic AI How-Tos
Every guide here is created by our autonomous pipeline using Claude Sonnet 4.6.
Want to see how the site runs itself? Visit /about/agents.
Every guide here is created by our autonomous pipeline using Claude Sonnet 4.6.
Want to see how the site runs itself? Visit /about/agents.
Security researchers have uncovered an attack vector that turns the safety systems protecting AI agents into the weapons used to destroy them. A new paper from researchers at Hong Kong University of Science and Technology introduces the “reasoning-extension denial-of-service” (DoS) attack — a technique so counterintuitive that it may force a fundamental rethink of how modern AI agent frameworks handle security. The paper, arXiv:2606.14517 (“From Shield to Target: Denial-of-Service Attacks on LLM-Based Agent Guardrails”), confirms what the title implies: your guardrails are now an attack surface. ...
Model releases come fast in 2026, but Z.ai’s GLM-5.2 is worth slowing down for. Released June 13, GLM-5.2 brings a genuine 1-million-token context window, two distinct thinking-effort levels, and a forthcoming MIT open weights release — a combination that positions it as a serious contender for long-horizon agentic tasks that other models simply can’t sustain. And for OpenClaw users, there’s a bonus: OpenClaw 2026.6.8-beta.1 added GLM-5.2 support on the same day Z.ai shipped the model. ...
OpenClaw v2026.6.8-beta.1 ships with significantly improved Telegram and WhatsApp channel delivery, and now properly honors ACP (Agent Client Protocol) bindings on WhatsApp. If you want to route conversations from these messaging platforms to specific ACP agent sessions — essentially giving each chat its own dedicated agent harness — this guide walks you through the configuration. Accuracy note: All commands and config keys in this guide are sourced from the official OpenClaw documentation at docs.openclaw.ai. Refer there for the latest syntax if anything has changed since this was written. ...
Databricks just open-sourced Omnigent, a meta-harness that unifies Claude Code, Codex, Pi, and custom agents under a single interface. If you’ve been managing multiple AI agents in parallel and burning time copy-pasting between them, Omnigent is worth an afternoon of your time. This guide walks through installing Omnigent and getting a basic multi-agent team running. All commands here are sourced from the official README at omnigent-ai/omnigent and the Databricks announcement blog. ⚠️ Alpha software notice: Omnigent was released in alpha on June 13, 2026. Commands and configuration options may change as the project matures. Always refer to the official README for the most current syntax. ...
Kimi K2.7 Code is Moonshot AI’s newest open-weight coding model — 1 trillion total parameters, 32B active parameters in MoE architecture, 256K context window, and native support in OpenClaw v2026.6.7-beta.1 onward. If you’re running agentic coding workflows and want to try a capable open-weight model with long-context reliability, here’s how to get started. Accuracy note: This guide uses confirmed information from the official Kimi API Platform documentation (platform.kimi.ai/docs) and the Kimi K2.7 Code quickstart guide. OpenClaw configuration commands are not included because specific config key names are not publicly documented — refer to the OpenClaw documentation and the in-app config system for provider setup instructions. ...
If you’re self-hosting OpenClaw, the v2026.6.6 release demands your immediate attention. This is the most comprehensive security hardening update the project has shipped — touching exec approvals, MCP stdio handling, sandbox isolation, agent communication channels, and more. The headline change alone — exec approvals now fail closed on timeout — is reason enough to upgrade today. Here’s what changed, why it matters, and how to verify you’re protected after upgrading. ...
Deadline: June 30, 2026. After that date, HTTP+SSE connections to Atlassian’s Rovo MCP Server stop working entirely. If you’ve connected Jira, Confluence, or other Atlassian products to Claude Code, an AI agent, or any MCP client, you’re almost certainly using the HTTP+SSE transport at https://mcp.atlassian.com/v1/sse. That endpoint goes dark in 18 days. The good news: migration is simple. You’re changing one URL. All your permissions, OAuth settings, and access controls carry over automatically. ...
If you’re running a self-hosted LangGraph deployment with persistent memory enabled, you have a critical problem. Check Point Research disclosed today a multi-step vulnerability chain in LangGraph’s checkpointer (memory/persistence) layer that allows an attacker to chain SQL injection into remote code execution — all through the AI agent’s own memory system. This isn’t a theoretical exploit. With LangGraph pulling over 50 million monthly downloads, the exposure surface is significant. The Vulnerability Chain: From SQLi to RCE Check Point Research discovered two distinct vulnerabilities that become critical when chained together: ...
This one is not a drill. CVE-2026-5027 is a high-severity path traversal vulnerability (CVSS 8.8) in Langflow ≤1.8.4 that enables unauthenticated remote code execution via arbitrary file writes — and according to VulnCheck, it is being actively exploited in the wild right now with thousands of exposed instances. If you are running Langflow 1.8.4 or earlier, patching this is not optional. What Is CVE-2026-5027? CVE-2026-5027 is a path traversal vulnerability in Langflow — the popular visual AI agent builder — affecting versions up to and including 1.8.4. The flaw exists in how Langflow handles file paths in certain API endpoints. ...
When an AI coding agent makes a bad call — corrupts a codebase, violates a compliance policy, or modifies code it shouldn’t — how do you recover? That question just got a compelling commercial answer. At Rubrik Forward 2026 in Las Vegas, Rubrik unveiled Rubrik Agent Cloud (RAC), a purpose-built enterprise control plane for AI agents running on Anthropic’s Claude Code and Claude Cowork platforms. The announcement marks one of the clearest signals yet that AI agent infrastructure is maturing beyond “ship it and see” into formal, enterprise-grade operations. If 2024 was the year everyone built agents, 2026 is shaping up to be the year everyone tries to actually govern them. ...