Setting up AI agents in most platforms still looks a lot like configuring infrastructure: YAML files, JSON configs, deployment scripts, role definitions in nested attribute hierarchies. It’s powerful, but it’s a specialist skill that most team members don’t have — and it creates a bottleneck every time someone needs to add, modify, or remove an agent. OpenClaw.Direct wants to eliminate that bottleneck entirely. The company launched a Model Context Protocol (MCP) server that lets teams hire, train, and fire AI employees through natural conversation in Claude Desktop and ChatGPT. ...

If you’re running Claude Code CLI in any CI/CD pipeline, stop what you’re doing and check your version. Right now. Three newly registered CVEs — CVE-2026-35020, CVE-2026-35021, and CVE-2026-35022 — are command injection flaws in Claude Code CLI that researchers at phoenix.security validated as exploitable on v2.1.91 as recently as April 3, 2026. They chain together to enable credential exfiltration over plain HTTP, and every one of them carries a CVSS score of 9.8 (Critical). On top of that, Anthropic shipped a separate patch on April 6 for a distinct high-severity deny-rule bypass — both security issues trace back to the same Claude Code source leak. ...

Something is wrong with Claude Code in April 2026 — and it’s not just Reddit complaints. The Register is reporting that AMD’s AI Director has publicly stated that Claude Code “cannot be trusted to perform complex engineering tasks,” citing a pattern of degraded output quality that has frustrated developers across the industry. This story is distinct from the 50-subcommand bypass CVE that made headlines earlier this month. That was a security vulnerability. This is something potentially more operationally damaging: a quality regression that appears to affect the model’s core competence at the engineering tasks it’s supposed to excel at. ...

If you’re building autonomous AI agents — and especially if you’re deploying them to browse the web, process emails, or interact with external data — a new Google DeepMind paper deserves your immediate attention. The research maps the first systematic framework for what the authors call “AI Agent Traps”: adversarial techniques embedded in the environment that exploit the gap between human perception and machine parsing. The headline number is alarming: content injection hijacks succeeded in up to 86% of tested scenarios. And in tests targeting Microsoft M365 Copilot specifically, behavioral control traps achieved a perfect 10/10 data exfiltration rate. ...

Google DeepMind’s new research framework maps six categories of “AI Agent Traps” — adversarial techniques embedded in the environment that can hijack autonomous agents without the user or the agent knowing. With content injection attacks succeeding in up to 86% of tested scenarios, this isn’t theoretical risk. This guide walks through each of the six trap categories and gives you concrete, actionable mitigations you can implement today — whether you’re running OpenClaw, a custom LangGraph pipeline, or any other agent framework. ...

Something significant happened in New York this week. For the first time, the core maintainers of the Model Context Protocol from all four major AI companies — Anthropic, AWS, Microsoft, and OpenAI — sat in the same room and agreed on a shared roadmap for enterprise-grade MCP security, governance, and reliability. The occasion was the MCP Dev Summit, and the outcome is a formalized enterprise security roadmap under a new governance body: the Agentic AI Foundation (AAIF). The MCP specification itself is moving under AAIF governance, signaling that what began as an Anthropic-led protocol is becoming true industry infrastructure. ...

OpenClaw just dropped its most substantial release in months, and if you’ve been watching the agentic AI space closely, v2026.4.5 is worth your full attention. This update ships three headline features — Dreaming Memory, built-in media generation, and a prompt caching overhaul — plus a significant provider shift that reflects where the LLM landscape actually stands today. Dreaming Memory: Background Consolidation While You Sleep The biggest conceptual leap in v2026.4.5 is Dreaming Memory. Inspired by how biological memory consolidates during sleep, the feature runs background memory processing sessions that compress, link, and surface important context across long-running agent deployments. The output surfaces in a new Dream Diary UI — a timeline of what the agent “processed” overnight, complete with connection maps between memories. ...

When 512,000+ lines of Claude Code’s source landed on the open internet on March 31, Anthropic’s response was measured, careful, and clearly drafted by people who were thinking about something other than just the technical disclosure. They were thinking about the S-1. That’s the core observation driving The Register’s Kettle podcast deep dive this week — and it’s an uncomfortable one. When a frontier AI company responds to a major source leak with language calibrated for investor relations rather than security disclosure, you learn something about what’s actually being prioritized. ...

Xiankun Wu, CEO of Kuse, is exactly the kind of technologist the AI industry profiles approvingly. He built AI employees using OpenClaw. They work nonstop, never complain about timezones, and cost a fraction of their human equivalents. He deployed them. He was proud of them. His human team quietly created a private Slack channel without the AI employees. What Actually Happened According to Business Insider’s reporting, the Kuse team didn’t rebel against the AI coworkers in any dramatic sense. There was no manifesto, no confrontation. The humans simply created a separate channel — a small digital room where they could have conversations without AI involvement, without everything being logged, analyzed, and fed back into workflows. ...

There’s a rule in computer security called Kerckhoffs’s Principle: a system must remain secure even if everything about it is public knowledge. Anthropic, a company that has staked its entire identity on being “safety first,” just shipped a product that violates that principle in a way that’s almost poetic in its mundaneness. Not through a zero-day exploit or a sophisticated attack chain. Through a performance shortcut. What Actually Happens Claude Code lets operators and users configure deny rules — a list of commands the agent is never allowed to run. You can say “never execute rm,” “never run curl,” “never touch /etc/.” It’s the primary mechanism for keeping an AI agent that has shell access to your machine from doing something catastrophic. ...