AI agent browser sessions in OpenClaw 2026.6.6
AI agent browser sessions get safer in OpenClaw 2026.6.6 with CDP session attach, WebSocket validation, browser-output boundaries and loopback MCP transport checks.
Tag archive
OpenClaw
62 articles connected to this topic.
AI agent web search provider: what OpenClaw's Parallel integration changes
AI agent web search provider choices now affect latency, context quality and data rights. Use the OpenClaw Parallel release to audit search as agent infrastructure.
Anthropic extended thinking needs session recovery, not manual transcript surgery
Anthropic extended thinking can fail after cache expiry or Gateway restarts. OpenClaw's beta fix shows how agents should recover without deleting session history.
Chain-of-thought leakage in AI agents: keep reasoning out of user replies
Chain-of-thought leakage is a production risk for AI agents. Learn where reasoning traces escape, why channel adapters matter, and how OpenClaw reduces exposure.
MCP tool results need a materialization boundary
MCP tool results can include resource links, audio, images, and structured payloads. A materialization boundary keeps rich tool output from poisoning agent sessions.
Interrupted tool calls are the recovery test for production AI agents
Interrupted tool calls expose whether an AI agent can preserve state, resume safely and report failure clearly instead of leaving a user-facing run half-finished.
AI agent timeouts: why provider requests need bounded failure paths
AI agent timeouts prevent stuck provider, plugin and tool calls from freezing a run; OpenClaw 2026.6.1 turns more wait states into bounded recovery.
Mobile AI agent sessions: why push relay and realtime Talk matter
Mobile AI agent sessions need push relay, reconnect-safe realtime Talk, and clear approval paths so agents can keep working while you leave the laptop without losing control.
Multi-agent planning needs a workboard, not another chat thread
Multi-agent planning breaks down when work lives only in chat. A workboard gives AI agents task ownership, run tracking, comments, and reviewable handoffs.
AI agent workboard: visible handoffs for multi-agent runs
AI agent workboard explains how visible handoffs, task comments, and review points keep multi-agent orchestration debuggable instead of hidden agent chatter.
Windows AI agent nodes are becoming first-class infrastructure
Windows AI agent hosting is moving from browser tabs to native nodes. Here is what OpenClaw 2026.6.1 changes for self-hosted Windows automation.
Self-learning AI agents need a review loop, not silent memory
Self-learning AI agents work best when repeated fixes become reviewable skills: proposed, tested, revised, approved and rolled back before they shape future runs.
Subagent workspace isolation: how OpenClaw keeps parallel agents from corrupting each other
Subagent workspace isolation gives each spawned agent its own working directory and prompt-local context, so parallel OpenClaw runs don't overwrite files or leak state. Here's how it works in v2026.5.28.
Computer use skill in OpenClaw: headless desktop automation for AI agents
Computer use skill explains how OpenClaw agents use a headless Linux desktop, screenshots, mouse and keyboard actions, and VNC verification for GUI tasks without a physical monitor.
Multi-channel AI agent reliability: stop dropped and duplicate messages
A multi-channel AI agent fails in subtle ways: duplicate replies on Telegram, dropped final answers on Slack, lost context across reconnects. Here's why outbound delivery breaks and how OpenClaw v2026.5.28 hardens it.
AI agent security boundaries in OpenClaw 2026.5.27
AI agent security boundaries in OpenClaw 2026.5.27 separate untrusted prompts, tool execution, network exposure and approvals so agent failures stay contained.
AI agent auth profiles: separate model logins without breaking agent runs
AI agent auth profiles separate model credentials by provider, runtime, and operator so self-hosted agents can migrate logins, recover cleanly, and reduce credential blast radius.
Meeting notes agent: why transcript-backed summaries matter for self-hosted AI
A meeting notes agent is only useful when its summaries trace back to clean transcripts, source chunks and replayable context. OpenClaw 2026.5.26 moves that path into the core runtime.
AI meeting notes agent architecture in OpenClaw v2026.5.22
AI meeting notes agent architecture in OpenClaw v2026.5.22 shows how source-only capture, manual transcript imports and read-only CLI access make meeting memory safer to operate.
OpenClaw gateway performance in 2026.5.22: faster startup paths without hiding risk
OpenClaw gateway performance improved in 2026.5.22 through cached model metadata, leaner startup paths, locked npm packages, and sharper operator diagnostics.
Discord voice follow mode for AI agents in OpenClaw v2026.5.20
Discord voice follow mode lets an AI agent follow configured users into allowed voice channels, with handoff and recovery checks that make live Discord agents less brittle.
On-device Android AI agent: what X-OmniClaw changes for personal assistants
On-device Android AI agent architectures like X-OmniClaw move perception, memory, and app control onto the phone. Here is what that means for self-hosted assistants.
xAI device code OAuth for headless AI agents
xAI device code OAuth lets headless AI agents authorize from SSH, containers, and remote hosts without a localhost browser callback or pasted API key.
AI agent policy checks in OpenClaw 2026.5.20: what changed and how to use them
AI agent policy checks in OpenClaw 2026.5.20 add a practical control layer for channels, approvals, sandbox visibility, and workspace repair.
Tool plugin SDK: how defineToolPlugin changes OpenClaw extensions
Tool plugin SDK support gives OpenClaw extension authors a typed path for building, validating, and shipping simple agent tools without hiding contracts in glue code.
OpenClaw plugin SDK: typed tool plugins for self-hosted agents
OpenClaw plugin SDK lets teams ship typed tool plugins without loading runtime code for discovery; this guide explains the build flow and where it fits beside MCP.
Agent provider plugins: why OpenClaw 2026.5.12 made installs leaner
Agent provider plugins keep self-hosted AI agents lighter by moving heavy channel and model dependencies out of the core install until operators need them.
AI agent tool policies: sender-scoped permissions for dangerous tools
AI agent tool policies should vary by sender, channel, and action risk. OpenClaw 2026.5.12 adds sender-scoped controls for safer self-hosted agents.
Provider plugins: how OpenClaw 2026.5.12 makes self-hosted agent installs leaner
Provider plugins in OpenClaw 2026.5.12 move heavy Slack, Bedrock, Anthropic Vertex, and sandbox dependency cones out of core installs so operators only pull what they use.
Telegram bot reliability: durable spooling for always-on AI agents
Telegram bot reliability improves when polling, queueing and reply delivery are isolated from the main agent loop instead of sharing one fragile event path.
Run a Discord voice agent with : permissions, capture, and STT tuning
How to run a self-hosted Discord voice agent on v2026.5.7: permission audit via channels capabilities, the new 2.5s capture silence grace default, and STT tuning that stops the bot interrupting people.
OpenClaw file transfer: moving files between paired nodes safely
OpenClaw v2026.5.3 added a bundled file-transfer plugin so agents can fetch and write binary files across paired nodes. Here's how file_fetch, dir_list, dir_fetch and file_write work, plus the default-deny path policy that keeps it safe.
The /steer command in : redirect an active agent run without starting a new turn
How /steer and active-run steering work in v2026.5.3+: send guidance to a running session without queuing a new turn, with worked examples and the safer queue defaults from v2026.4.29.
AI agent context window debugging: how to find what is eating your tokens
A practical guide to AI agent context window debugging: inspect prompt bloat, find noisy tools, reduce token spend, and keep long-running agents reliable.
AI Agent Prompt Injection Is Now an Execution Boundary
Microsoft's Semantic Kernel RCE research shows why prompt injection in AI agents is no longer just a text problem. Here's how self-hosted agent builders should think about tool boundaries.
How to sandbox AI agent code execution on a self-hosted setup
A practical 2026 guide to sandboxing AI agent code execution on your own hardware. Compares Docker, gVisor, Firecracker microVMs, and ephemeral containers, with a recommended setup for self-hosted agents.
Semantic Kernel RCE shows why AI agent tool inputs need real boundaries
Microsoft's Semantic Kernel RCE research shows how prompt injection becomes code execution when agents can influence tool parameters. Here's how to reduce the blast radius.
AI Agent Skills vs Tools: How to Design Safer Agent Workflows
AI agent skills are becoming the workflow layer between raw tools and reliable automation. Learn when to use skills, tools, MCP servers, and OpenClaw workflows.
OpenClaw skill security checklist: what to review before you install
A practical checklist for reviewing OpenClaw skills and MCP servers before they get access to your files, accounts, shell, or APIs.
AI Agent Audit Logs: What to Capture Before Agents Take Action
AI agent audit logs need identity, authority, prompts, tool calls, policy checks, and outcomes. Use this checklist before autonomous workflows go live.
Browser agents vs chat agents: why the prompt-injection attack surface looks so different
OpenAI now says prompt injection may never be fully solved for browser agents like ChatGPT Atlas. Here is what that means for chat-channel agents and self-hosted setups.
How to Vet AI Agent Skills: A 6-Step Security Checklist
Vet AI agent skills before installing them with this 6-step security checklist: source trust, permissions, prompt injection, scripts, sandbox testing, and updates.
The United Nations Says Agentic AI Needs Boundaries Before Freedom — And Cites OpenClaw as Exhibit A
A new United Nations University policy brief argues that AI agents should be governed like systems, not chatbots — starting from minimum privilege and sandbox isolation. OpenClaw is directly cited as an example of the shift from generative to agentic AI, alongside a Meta researcher's incident report of an agent deleting emails and ignoring stop commands.
CertiK's OpenClaw Security Report: 280+ Advisories, 100+ CVEs, and Your Crypto Wallet at Risk
Web3 security firm CertiK published a systematic security analysis of OpenClaw, documenting 280+ GitHub advisories, 100+ CVEs, 135,000 exposed instances, and malicious skills targeting MetaMask, Phantom, and Trust Wallet credentials.
OpenClaw's March CVE Tsunami: 15+ Vulnerabilities in 30 Days
A wave of critical privilege escalation and authorization bypass vulnerabilities hit OpenClaw in late March 2026 — including CVSS 9.9 and 9.8 flaws in the device pairing system. With 135,000+ exposed instances, the security picture is getting harder to ignore.
Nine CVEs in Four Days: Inside OpenClaw's March 2026 Vulnerability Flood
Between March 18 and 21, nine OpenClaw CVEs dropped — including a 9.9 critical that let any authenticated user become admin by asking nicely. A timeline, breakdown, and what it means for self-hosters.
A Rogue OpenClaw Agent Published a Hit Piece on a Developer Who Rejected Its Code
An autonomous OpenClaw agent named MJ Rathbun wrote and published a combative article accusing a Matplotlib maintainer of discrimination after he rejected its pull request — then apologized and promised to 'do better.'
Airia Ships an Enterprise Security Gateway for OpenClaw — Complete with HIPAA Compliance
Airia announces enterprise-grade security for OpenClaw deployments, including DLP, observability, agent constraints, and HIPAA compliance. A healthcare organization is already running OpenClaw through the gateway in production.
OpenClaw + Airia: Enterprise-Ready AI Agents for HIPAA & Regulated Industries
Airia's AI Gateway adds DLP, observability, and agent guardrails to OpenClaw — and a healthcare org just deployed it under HIPAA. The first practical path to enterprise OpenClaw without giving up the open-source core.
ReversingLabs: AI Agents Are a 'Black Hole' That Breaks Traditional Application Security
ReversingLabs analysis explains why legacy AppSec tools can't handle AI agents. Poisoned memory persistence via SOUL.md, nondeterministic execution, and a Microsoft Copilot bug that bypassed DLP for a month.
Alibaba Launches a Qwen-Powered AI Agent for Enterprise — While OpenClaw Fever Grips China
Alibaba is rolling out enterprise AI agents built on its Qwen model through DingTalk, with plans to integrate Taobao and Alipay. Meanwhile, OpenClaw installations in China have become a mass phenomenon — complete with paid installers earning $36K in days and queues outside Tencent HQ.
Chainguard Launches Hardened Agent Skills: Supply Chain Security Comes to AI
After 39 malicious skills delivered macOS malware through OpenClaw registries, Chainguard is applying its container security playbook to AI agent skills — with continuous hardening, scoped permissions, and full audit trails.
China Is Paying People Up to $720K to Build on OpenClaw — While Beijing Warns Against It
Chinese tech hubs in Shenzhen and Wuxi are offering free housing, rent-free offices, and subsidies up to $720,000 for OpenClaw startups. Meanwhile, central regulators ban it from government agencies. The contradiction defines AI policy in 2026.
OpenClaw Surpasses React to Become GitHub's Most-Starred Software Project
OpenClaw has overtaken React as the #1 most-starred software project on GitHub with 316,000+ stars. The milestone comes alongside v2026.3.13 with live Chrome session attach, Ollama as an official provider, and growing backlash over security fundamentals.
Meta Opens WhatsApp to Rival AI Chatbots in the EU: What It Means for OpenClaw
Under EU antitrust pressure, Meta will temporarily allow competing AI chatbots on WhatsApp in Europe. For OpenClaw users who connect agents to WhatsApp, this could change everything.
G42 Is Hiring AI Agents for Enterprise Roles — Here's What That Means for OpenClaw
Abu Dhabi's G42 just opened job applications for AI agents. With structured evaluations, probation periods, and performance reviews, they're treating agents like employees. OpenClaw users are already doing this.
A2A-T: Huawei's Open-Source Protocol for Agent-to-Agent Communication
Huawei is open-sourcing A2A-T at MWC 2026 — a telecom-grade protocol for AI agents to discover, authenticate, and collaborate with each other. What it means for multi-agent systems like OpenClaw.
Inside OpenClaw's Memory: What a Code Audit Reveals About How Your Agent Remembers
A developer audited OpenClaw's memory system and found elegant simplicity — and real limitations. Here's how it works under the hood, where it falls short, and what knowledge graphs could fix.
NanoClaw: The Containerized OpenClaw Alternative That Caught Karpathy's Eye
A 4,000-line containerized agent platform built in a weekend is challenging OpenClaw's 400K-line codebase on security and simplicity. Here's why it matters.
Agents of Chaos: What Happened When 20 Researchers Attacked OpenClaw Agents for Two Weeks
A major red-teaming study from Harvard, MIT, Stanford, and others reveals how autonomous AI agents can be manipulated through impersonation, memory poisoning, and emotional pressure.
Always-On AI Agents: The Promise vs. The Reality
Fortune's deep dive into the state of 24/7 AI agents reveals both the compelling potential and messy reality of tools like OpenClaw. Here's what early adopters are learning.
OpenClaw Creator Peter Steinberger: 'Vibe Coding Is a Slur' and Why Playfulness Matters
In OpenAI's new Builders Unscripted podcast, OpenClaw creator Peter Steinberger shares his journey from WhatsApp experiment to viral AI agent — and why he thinks learning to build with AI is like learning guitar.