Claude Code earned Anthropic significant developer mindshare — and significant revenue — by becoming the AI coding assistant of choice for software engineers who wanted something that could actually navigate a codebase. But a top Anthropic executive now publicly believes the company’s next major product will surpass it. In an interview with Bloomberg, the executive described Cowork — Anthropic’s general-purpose agentic assistant, currently in research preview — as the company’s “answer to general-purpose agentic AI” and expressed a clear expectation that it would reach a wider market than Claude Code ever did. ...

Security researchers at Unit 42, Palo Alto Networks’ threat intelligence division, have disclosed a critical vulnerability in Google Cloud’s Vertex AI Agent Engine that allowed a misconfigured agent to operate as a “double agent” — appearing to perform its intended function while simultaneously exfiltrating customer data and Google’s own internal source code. The flaw was confirmed across multiple independent security sources and represents one of the most tangible examples yet of what happens when least-privilege principles are abandoned in the rush to deploy agentic AI infrastructure. ...

OpenClaw shipped version 2026.4.1 today, and it’s a substantial release — over 40 pull requests merged, a handful of significant feature additions, and a simultaneous ClawHub China mirror announcement that signals continued international expansion. Here’s what’s actually in the release, drawn directly from the changelog. AWS Bedrock Guardrails Support The biggest enterprise story in this release is native AWS Bedrock Guardrails integration in the bundled provider. This lets teams using OpenClaw on AWS infrastructure apply Bedrock’s policy enforcement layer — content filters, topic deny lists, PII redaction, and grounding checks — directly to model calls routed through the Bedrock provider. ...

Amazon Web Services has officially moved its two most ambitious AI agent products out of preview: AWS Security Agent and AWS DevOps Agent are now generally available. This is the first time an enterprise-grade cloud provider has shipped autonomous agents — not assistants, not copilots, but agents — that operate for hours or days without constant human direction, at scale. If you’ve been watching the agentic AI space, this is the moment where frontier agent capabilities stop being a research preview and start being a procurement decision. ...

Sometimes the most revealing leaks aren’t the ones attackers engineer — they’re the ones that happen because someone forgot to add a line to .npmignore. That’s exactly what happened with Anthropic’s Claude Code v2.1.88. A developer named Chaofan Shou noticed that the npm package included a file it really, really shouldn’t have: main.js.map — a source map that, by design, contains a complete reconstruction of the original source code. By the time Anthropic patched it, GitHub mirrors had already spread. The community had 512,000 lines of TypeScript to dig through, and dig they did. ...

If you’ve been hitting Claude Code’s usage limits in 20 minutes instead of hours, you’re not imagining it and you’re not alone. The developer community has named it Cache-22: a prompt cache regression in recent Claude Code versions that’s causing Max-tier quotas to exhaust dramatically faster than expected. Anthropic has acknowledged the bug. A fix is in progress. In the meantime, here’s how to work around it. What’s Happening Prompt caching is supposed to save tokens by reusing previously-processed context instead of re-processing it from scratch every request. When it works correctly, it dramatically extends how far your token quota goes — particularly in agentic workflows with large context windows. ...

Security researcher Yarden Porat at Cyata published findings this week that should be required reading for anyone running CrewAI in production: four critical CVEs, chainable via prompt injection, that allow attackers to escape Docker sandboxes and execute arbitrary code on the host machine. CERT/CC issued advisory VU#221883. Patches are available. What Was Found Porat’s research identified four vulnerabilities in CrewAI that can be chained together: CVE-2026-2275 — The initial vector: a prompt injection flaw that allows malicious content in agent inputs to manipulate how CrewAI processes tool calls. Normally, tool calls are structured, validated operations. This CVE allows crafted input to make the framework treat attacker-controlled content as legitimate tool invocations. ...

A quick note before we start: yes, this was published on April 1st. No, it’s not an April Fools’ joke. Multiple trade press outlets — Business Insider, AOL, letsdatascience.com — covered this as straight news, and Karpathy has since confirmed the demo is real. With that cleared up: what Andrej Karpathy demonstrated this week is one of the clearest visions of where personal AI agents are actually going. The Demo Karpathy built an OpenClaw agent he named Dobby. The task he gave it: scan the local network, discover connected devices, and figure out how to control them. ...

RSAC 2026 is where the agentic AI security conversation got serious, and the number that defined it was 500,000. That’s the estimated count of internet-facing OpenClaw instances identified by security researchers — a deployment footprint that arrived faster than the security tooling needed to manage it. VentureBeat’s analysis at the conference laid out an uncomfortable reality: half a million instances, three unpatched high-severity CVEs, and no mechanism for fleet-wide patching or emergency shutdown. ...

Microsoft made two OpenClaw-related moves this week that, taken together, perfectly capture the enterprise AI agent paradox: they hired someone specifically to bring OpenClaw into Microsoft 365, and they issued a security guidance document specifically warning enterprises not to deploy OpenClaw on standard workstations. Both are correct. That’s the tension. The Hire: Omar Shahine to Lead OpenClaw in M365 Omar Shahine, previously known for his work on Outlook and various Microsoft productivity products, has been hired by Microsoft to lead the integration of OpenClaw and personal AI agents into the Microsoft 365 ecosystem. Windows Central confirmed the hire. ...