Cybersecurity

We've identified, responsibly disclosed, and confirmed 2 critical, 2 high, 2 medium, 1 low security vulnerabilities in Cloudflare's vibe-coded framework Vinext. We believe the security of the internet is the highest priority, especially in the age of AI. Vibe coding is a useful tool, especially when used responsibly. Our security research and framework teams are extending their help and expertise to Cloudflare in the interest of the public internet's security.

Anthropic has acquired @Vercept_ai to advance Claude’s computer use capabilities. Read more: https://anthropic.com/news/acquires-verc…

Finally have quite good virus/malware protection on ClawHub, now these folks moved to scam in comments. Can't have nice things. 🙃

OpenClaw 2026.2.23 🦞 🔑 Kilo Gateway provider 🌙 Moonshot/Kimi vision + video 🧠 Compaction overflow recovery 🔒 Exec hardening 🛡️ ACP + OTEL secret redaction ⚠️ allowFrom now ID-only by default (safer authz) 50 advisories walked in, 12 survived https://github.com/openclaw/openclaw/rel…

We have received some reports that other ISPs in India may be impacted by access limitations. We continue to follow up through all available channels to resolve this issue. We have engaged multiple teams at Supabase communicating with multiple entities in India in an effort to do all we can to resolve the access issues our users in India are experiencing. We advise affected customers to continue to report the issue to their ISP and to use an alternative DNS provider or a VPN as a workaround in the interim. We will post an update once the issue is resolved or additional information becomes available.

We’ve identified industrial-scale distillation attacks on our models by DeepSeek, Moonshot AI, and MiniMax. These labs created over 24,000 fraudulent accounts and generated over 16 million exchanges with Claude, extracting its capabilities to train and improve their own models.

The way we write code has changed but not the way we engineer software. We use AI to generate the code, we use better tools, and we move much faster. Great, we got code generation on demand. But engineering is the same as it was a decade ago. • managing complexity • understanding the system • scalability • security and vulnerability Today, anyone can easily build a todo app for themselves. In their favorite colors, functionality, the way they want it. That's coding. But taking that todo app to 1000 users without breaking it. Without leaking users' data. Managing DBs. That's engineering.

New @openclaw beta's up! Again your fav: security, various fixes, I restricted hartbeat in DMs, you screamed, now it's a setting. Slack threads work better. Subagents as well. Telegram webhook is more reliable. https://github.com/openclaw/openclaw/rel…

Bought a new Mac mini to properly tinker with claws over the weekend. The apple store person told me they are selling like hotcakes and everyone is confused :) I'm definitely a bit sus'd to run OpenClaw specifically - giving my private data/keys to 400K lines of vibe coded monster that is being actively attacked at scale is not very appealing at all. Already seeing reports of exposed instances, RCE vulnerabilities, supply chain poisoning, malicious or compromised skills in the registry, it feels like a complete wild west and a security nightmare. But I do love the concept and I think that just like LLM agents were a new layer on top of LLMs, Claws are now a new layer on top of LLM agents, taking the orchestration, scheduling, context, tool calls and a kind of persistence to a next level. Looking around, and given that the high level idea is clear, there are a lot of smaller Claws starting to pop out. For example, on a quick skim NanoClaw looks really interesting in that the core engine is ~4000 lines of code (fits into both my head and that of AI agents, so it feels manageable, auditable, flexible, etc.) and runs everything in containers by default. I also love their approach to configurability - it's not done via config files it's done via skills! For example, /add-telegram instructs your AI agent how to modify the actual code to integrate Telegram. I haven't come across this yet and it slightly blew my mind earlier today as a new, AI-enabled approach to preventing config mess and if-then-else monsters. Basically - the implied new meta is to write the most maximally forkable repo and then have skills that fork it into any desired more exotic configuration. Very cool. Anyway there are many others - e.g. nanobot, zeroclaw, ironclaw, picoclaw (lol @ prefixes). There are also cloud-hosted alternatives but tbh I don't love these because it feels much harder to tinker with. In particular, local setup allows easy connection to home automation gadgets on the local network. And I don't know, there is something aesthetically pleasing about there being a physical device 'possessed' by a little ghost of a personal digital house elf. Not 100% sure what my setup ends up looking like just yet but Claws are an awesome, exciting new layer of the AI stack.

"Have you been noticing the instability of public clouds?" "YouTube went down. I don't remember a time in the last five years that YouTube has gone down." SemiAnalysis' @fabknowledge breaks down his "conspiracy theory" that a hidden CPU shortage is behind recent cloud outages.

OpenClaw 2026.2.22 🦞 🥐 @MistralAI (chat + mem + voice) 🌍 Multilingual memory (ES/PT/JP/KO/AR) 🔄 Built-in auto-updater (off by default) 🔧 Cron: parallel runs 🛡️ 40+ security hardening fixes And a browser extension that actually stays connected. https://github.com/openclaw/openclaw/rel…

OpenClaw 2026.2.24 🦞 🌍 Stop phrases in 10+ languages (your bot finally understands "arrête") ⌨️ Typing indicators that don't ghost you 🪟 PowerShell 7 because it's not 2019 🔒 30+ security fixes (we don't sleep so you can) Updating is self-care. https://github.com/openclaw/openclaw/rel…

new @openclaw beta is up! gollum in the VM approves. https://github.com/openclaw/openclaw/rel… What's new? "stop openclaw!", Android refresh (yes we have apps for iOS Android macOS Windows and all, just not quite ready for prime time yet), Big reliability fixes for cross-channel routing, Heartbeat is safer by default (no more DM leaking), Discord reliability improvements, WhatsApp safety/reliability, some macOS work and security hardening (lots of allowList tweaks this time)

Since I spend my night again sifting through security advisories, folks, security researches, slop clankers, PLEASE - read https://docs.openclaw.ai/gateway/securit… and https://github.com/openclaw/openclaw/blo… The security model of OpenClaw is that it's your PERSONAL assistant (one user - 1...many agents). IT IS NOT A BUS. If you want to have multiple users that are adversarial to each other, use on VPS per gateway and user. (or Mac Minis, if you like spending money) I closed like 20 reports today that try to force it into something it's was never designed for and that would just add loads of needless complexity and would introduce unnecessary bugs that won't benefit the wast majority of users.

Another day, another crypto shill faking a GitHub repo with my email and promoting coins. No, it's not me. No, I don't do coins. No, I won't claim. Thanks.

Spammers after OpenClaw dropped

Ran backlog job on clawhub and banned 6 users who used comments for scamming. Commenting now requires a GitHub account that is at least 2 weeks old and has to pass GPT 5.2. convex bill is now in the 5 digits, but it's sooo convenient. Can do anything I want via prompting codex.

🦞 OpenClaw 2026.2.21 ♊ Gemini 3.1 🔒 Massive security hardening 🎙️ Discord streaming + voice channels 🧵 Thread-bound subagent sessions 📱 iOS/Watch polish + gateway stability 🧠 Prompt caching tweaks 100+ fixes shipped while Karpathy called us a noun https://github.com/openclaw/openclaw/rel…

Introducing Claude Code Security, now in limited research preview. It scans codebases for vulnerabilities and suggests targeted software patches for human review, allowing teams to find and fix issues that traditional tools often miss. Learn more: https://anthropic.com/news/claude-code-s…

Prediction: In less than 90 days, all channels that we thought were safe from spam & automation will be so flooded that they will no longer be usable in any functional sense: iMessage, phone calls, Gmail. And we will have no way to stop it.