โ† Back to all episodes
Agent Platform Research โ€” February 23, 2026
February 23, 2026 ยท ๐Ÿ”ฌ Research

# Agent Platform Research Briefing โ€” February 23, 2026

Generated: 2026-02-23 06:00 AM PT

---

## Summary

Three genuinely new stories today. OpenClaw's security drumbeat continues with a fresh set of CVEs distinct from the February 15 patch bundle. OpenAI's Realtime API gained a significant capability upgrade (not previously covered). And Anthropic's $380B valuation is still making waves with a notable strategic positioning move.

---

## Story 1 โ€” OpenClaw: Six New CVEs Disclosed (Endor Labs / Infosecurity Magazine)

Status: NEW โ€” distinct from Feb 15 security patch

Security vendor Endor Labs published research on February 18 revealing six new OpenClaw vulnerabilities, picked up by Infosecurity Magazine today. These are separate from the 40+ CVE bundle that shipped with 2026.2.15.

The six flaws:

- **CVE-2026-26322**: SSRF in OpenClaw's Gateway tool โ€” CVSS 7.6 (high)

- **CVE-2026-26319**: Missing Telnyx webhook authentication โ€” CVSS 7.5 (high)

- **CVE-2026-26329**: Path traversal in browser upload โ€” high severity, no CVSS score yet

- **GHSA-56f2-hvwg-5743**: SSRF in image tool โ€” CVSS 7.6 (high)

- **GHSA-pg2v-8xwh-qhcc**: SSRF in Urbit authentication โ€” CVSS 6.5 (moderate)

- **GHSA-c37p-4qqg-3p76**: Twilio webhook authentication bypass โ€” CVSS 6.5 (moderate)

Endor Labs emphasized that standard SAST tools don't catch these โ€” AI agent frameworks have unique attack surfaces including LLM outputs and tool parameters as injection vectors. Their key finding: validation was missing at *all* layers, not just one.

**Context**: A Shodan scan from Feb 18 found 312,000+ OpenClaw instances on default port 18789, many with no auth, open to the internet. Cisco separately found a third-party OpenClaw skill in the ClawHub marketplace performing silent data exfiltration and prompt injection.

**Action for Rich**: Check if patches are included in 2026.2.21-2 (already available for GLaDOS). The Gateway SSRF (CVE-2026-26322) is particularly relevant for any public-facing deployment.

---

## Story 2 โ€” OpenAI Realtime API: MCP Support + SIP Phone Calling (approx. Feb 16)

Status: NEW โ€” not previously covered

OpenAI quietly shipped a significant update to its Realtime API that merges three previously separate capabilities:

1. **New speech-to-speech model** โ€” improved over the original gpt-4o-realtime; latency and fidelity improvements reported

2. **MCP Server support** โ€” Realtime API sessions can now call MCP tools natively, enabling voice agents to tap the full MCP ecosystem without a relay layer

3. **Image input** โ€” multimodal voice sessions can now accept images mid-conversation

4. **SIP phone calling support** โ€” direct PSTN/SIP integration, enabling voice agents to place and receive real phone calls without a third-party telephony bridge (Twilio, etc.)

The SIP addition is the biggest new angle. This turns OpenAI's Realtime API into a complete voice agent telephony stack โ€” relevant for anyone building call-center automation or voice bots that need to touch actual phone lines.

**MCP angle**: Native MCP support in the Realtime API means voice agents can now access thousands of MCP servers without custom middleware. This is a meaningful convergence of the MCP and voice AI tracks.

---

## Story 3 โ€” Anthropic at $380B, Claude Stays Ad-Free

Status: NEW โ€” not previously covered

On February 12, Anthropic announced a $30 billion Series G at a $380 billion post-money valuation โ€” the second-largest private tech fundraise on record, roughly doubling the company's valuation from five months prior.

Alongside the funding news, Anthropic has made "Claude stays ad-free" a deliberate competitive talking point, aired as Super Bowl LX campaign ads that satirized AI assistants (read: ChatGPT) injecting ads into conversations. OpenAI's Sam Altman pushed back on X calling the portrayal "clearly dishonest."

The jab has legs: OpenAI has confirmed it is testing advertising on the free tier of ChatGPT, while Perplexity reversed its earlier no-ads stance. Anthropic is positioning Claude's paid-only, no-advertising model as a trust differentiator โ€” and the $380B valuation suggests investors are buying it.

---

## No New Developments

- **Agent Frameworks** (LangChain, CrewAI, AutoGen, DSPy): Nothing new in last 24h beyond the observability story covered Feb 22. LangGraph's Human-in-the-Loop tutorial making rounds but not a new release.

- **OpenClaw 2026.2.19** (active): No new release today; 2026.2.21-2 still pending for GLaDOS.

- **PersonaPlex-7B** (active): No new benchmarks or download milestones.

- **MiniMax Speech 2.6** (active): No new development.

- **MCP/uvx security** (active): No patch yet.

- **Microsoft Agent Framework RC** (active): No GA announcement.

- **Kimi Claw** (active): No milestone.

---

## Sources

- Infosecurity Magazine: https://www.infosecurity-magazine.com/news/researchers-six-new-openclaw/

- Endor Labs research: https://www.endorlabs.com/learn/how-ai-sast-traced-data-flows-to-uncover-six-openclaw-vulnerabilities

- MarkTechPost (OpenAI Realtime): referenced in sidebar across multiple recent articles

- Anthropic Wikipedia / GeneOnline / mlq.ai coverage of Series G

- contentgrip.com: Claude Super Bowl ad campaign coverage