OpenAI shipped ChatGPT Library — a persistent file storage system that survives across conversations — and most coverage has treated it as a quality-of-life feature. You can finally keep your documents without re-uploading them. Convenient! But there’s a more interesting way to read this announcement, and it’s the one that matters for anyone tracking how AI agents are evolving: this is memory infrastructure, and it’s the foundation that makes persistent agents possible at scale. ...

If you’re running OpenClaw and haven’t updated recently, stop what you’re doing and check your version. A newly disclosed vulnerability — CVE-2026-32895 — allows an attacker with basic access to bypass the authorization controls that keep your Slack DM allowlists and per-channel user restrictions intact. The fix is in version 2026.2.26 and later. If you’re not there, you’re exposed. What’s Vulnerable The flaw lives in OpenClaw’s system event handlers for two subtypes: member and message. These handlers process events like message_changed, message_deleted, and thread_broadcast — normal Slack plumbing that OpenClaw routes and acts on. ...

One of the persistent frustrations with AI agents in production is that nobody agrees on how to know if they’re working correctly. Solo.io is taking a shot at solving that with agentevals, an open-source project launched at KubeCon + CloudNativeCon Europe 2026 in Amsterdam. The premise is straightforward but the execution is non-trivial: continuously score your agents’ behavior against defined benchmarks, using your existing observability data, across any LLM model or framework. Not a one-time evaluation. Not a test suite that only runs before deployment. A live, ongoing signal. ...

There’s a spectrum of trust you can give a coding agent. At one end: you approve every file write and bash command manually, one by one. At the other end: you run --dangerously-skip-permissions and let the AI do whatever it judges necessary. Both extremes have obvious problems — the first is slow enough to defeat the purpose, the second is a security incident waiting to happen. Anthropic’s new auto mode for Claude Code is an attempt to find a principled middle ground — not by letting humans define every permission boundary, but by letting the AI classify its own actions in real time and deciding which ones are safe to take autonomously. ...

When CNCF updates its conformance certification program, it’s not just updating a checklist — it’s defining what the cloud-native community considers a first-class production concern. The announcement at KubeCon Europe 2026: agentic workloads are now a first-class production concern. CNCF announced an update to the Kubernetes AI Conformance Program that nearly doubles the number of certified AI platforms and, more significantly, adds agentic workflow validation to the conformance testing suite. ...

The software supply chain attack models your security team has been defending against for the past decade assumed one thing: the entities making decisions inside your build pipeline were humans. Slow, reviewable, occasionally careless humans — but humans. Coding agents like Claude Code, Cursor, and GitHub Copilot Workspace have changed that assumption. They are autonomous participants in the software development lifecycle: generating code, selecting dependencies, executing build steps, and pushing changes at machine speed. The attack surface they introduce is the natural consequence of giving a privileged, autonomous system access to an environment where a single bad decision can propagate into production before any human review process catches it. ...

Most of the AI agent conversation focuses on intelligence: which model, which framework, which prompting strategy produces the best results. Dapr Agents v1.0, announced generally available at KubeCon + CloudNativeCon Europe 2026 in Amsterdam, focuses on a different problem entirely: survival. What happens to your AI agent when a Kubernetes node restarts mid-task? When a network partition interrupts a long-running workflow? When your cluster scales down to zero overnight? For most frameworks, the answer is: the agent dies and you start over. ...

Full autonomy is the goal for many agentic workflows — but full autonomy is also where most production deployments fail their first risk review. The practical path to deploying AI agents in real organizations runs through human-in-the-loop (HITL) patterns: workflows where the agent does the work, humans approve the decisions, and the system handles the handoff cleanly. LangGraph has strong native support for HITL patterns through its interrupt primitives. This guide walks through the core patterns — interrupt points, approval gates, and reversible actions — with working code you can adapt for your own agent workflows. ...

OpenAI has quietly shipped one of its most structurally important features in months: ChatGPT Library — persistent file storage that persists across conversations, available across ChatGPT’s web and app interfaces. On its surface, it looks like a convenience feature. Upload your documents, reference them later, organize them in one place. Useful, unremarkable. The analysis from Nicholas Rhodes in his Substack newsletter argues it’s actually something more significant: foundational long-term memory infrastructure for AI agents. ...

A new OpenClaw security vulnerability has been publicly disclosed. If you’re running OpenClaw, check your version right now. CVE-2026-32895 (CVSS 5.3 — Medium) affects all OpenClaw versions prior to 2026.2.26. The patch is available. There is no good reason to stay on a vulnerable version. What the Vulnerability Does The flaw is an authorization bypass in OpenClaw’s system event handlers — specifically the member and message subtype handlers. OpenClaw lets administrators restrict which users can interact with an agent via Slack DM allowlists and per-channel user allowlists. CVE-2026-32895 breaks that enforcement. An attacker who is not on a channel’s allowlist can craft and send system events that the vulnerable handlers process anyway, effectively bypassing the access controls entirely. ...