โ† Back to all episodes
Agent Platform Research โ€” March 12, 2026
March 12, 2026 ยท ๐Ÿ”ฌ Research

# Agent Platform Research Briefing โ€” March 12, 2026

## Summary

Six genuinely new stories today spanning OpenClaw, voice AI, MCP security, Anthropic's coding tools, and a major platform move by Baidu.

---

## 1. OpenClaw 2026.3.11 โ€” WebSocket Security Fix + Ollama Overhaul

**Status: NEW** | Source: GitHub releases, npm

OpenClaw released version 2026.3.11 with a security patch closing a cross-site WebSocket hijacking path in trusted-proxy mode (GHSA-5wcw-8jjv-m286, per GitHub release notes). The vulnerability could grant untrusted browser origins operator-admin access when proxy headers were present. All users on trusted-proxy configurations should update immediately.

Beyond the security fix, 2026.3.11 includes a significant Ollama onboarding overhaul โ€” first-class setup wizard with Local, Cloud+Local, and hybrid modes; browser-based cloud sign-in; and curated model suggestions. The iOS Home canvas received a live agent overview screen that auto-refreshes on connect, reconnect, and foreground return. macOS chat UI gets a model picker and persistent thinking-level selections across relaunches.

**OpenCode** gains a new Go provider (alongside existing Zen), with a shared key for both profiles. GLaDOS is currently on 2026.3.2 โ€” now 9 version behind.

---

## 2. Baidu Launches DuClaw โ€” Zero-Deployment OpenClaw at $2.50/Month

**Status: NEW** | Source: PRNewswire, TechNode (March 11, 2026)

Baidu's cloud unit has launched DuClaw, a fully managed OpenClaw service aimed at non-technical users in China. It includes pre-built Baidu skills, multi-model support (ERNIE + international models), and runs on Baidu AI Cloud infrastructure with zero configuration needed.

First-time promotional pricing: RMB 17.8/month (~$2.50 USD). This makes Baidu the second major tech incumbent โ€” after Clawbot AI โ€” to launch a commercial cloud wrapper around OpenClaw. OpenClaw's commercial ecosystem is accelerating rapidly in Asia: Tencent engineers are offering free installs at their campus, Shenzhen's Longgang district has an active OpenClaw policy proposal, and now Baidu is entering the hosted market directly. The combination signals OpenClaw transitioning from developer tool to mainstream consumer platform in China.

---

## 3. Claude Code /btw โ€” Side Queries Without Interrupting Claude's Work

**Status: NEW** | Source: r/ClaudeCode, Futunn, multiple dev blogs (March 11-12, 2026)

Anthropic shipped a new `/btw` command for Claude Code that lets developers ask side questions while Claude is actively executing a task โ€” refactoring, running tests, exploring a codebase โ€” without interrupting the main workflow or polluting the conversation history.

Mechanically: `/btw` spawns an ephemeral agent that answers the query, displays the response in an overlay, and discards both the question and answer from the main session history once dismissed. Developers are using it to quickly check syntax, ask about edge cases, or get second opinions mid-task. Reddit is buzzing โ€” the consensus is it's one of the most immediately useful UX changes to Claude Code since launch. Pairs naturally with `/fork` for longer side conversations.

---

## 4. Fish Audio S2-Pro โ€” Open-Source Emotion-Controllable TTS, Sub-100ms Latency

**Status: NEW** | Source: ArXiv 2603.08823, MarkTechPost, Product Hunt (March 9-11, 2026)

Fish Audio released S2-Pro, an open-source Large Audio Model (LAM)-powered TTS system with emotion control via natural language cues. You steer prosody, pace, and emotional register with plain text descriptions; the model generates multi-speaker dialogue in a single pass.

Performance: real-time factor of 0.195, time-to-first-audio under 100ms. Weights on HuggingFace, code on GitHub (Apache-licensed). The technical report (ArXiv 2603.08823) was posted March 9 and updated March 11.

This is the first open-source TTS model to match the latency characteristics of proprietary real-time APIs while offering fine-grained natural-language emotion control. For voice AI developers, it significantly lowers the barrier to building expressive, low-latency speech agents without API lock-in.

---

## 5. SurePath AI Launches Real-Time MCP Policy Controls

**Status: NEW** | Source: PRNewswire (March 12, 2026)

SurePath AI, a security and governance platform, announced MCP Policy Controls today โ€” real-time enforcement layer that governs which MCP servers and tools AI agents are allowed to invoke. It provides visibility into every MCP interaction and applies policy rules before tool calls execute.

From CPO Randy Birdsall: "MCP has quickly evolved from a buzz-acronym to the backbone of next-gen AI workflows. We're seeing the same pattern as when ChatGPT launched โ€” rapid adoption, little oversight. MCP introduces an entirely new attack surface many organizations are already exposing without realizing it."

Context: this arrives against a backdrop of genuine MCP exploitation โ€” Cyberwarzone reported yesterday that security researchers found active intrusion infrastructure using MCP to connect LLMs directly to attack environments, with LLMs serving as the reasoning layer in automated exploit chains. SurePath's announcement is the first purpose-built product response to this pattern rather than theoretical security guidance.

---

## 6. MCP in Active Attack Infrastructure โ€” First Confirmed In-the-Wild Use

**Status: NEW** | Source: Cyberwarzone (March 11, 2026)

Security researchers discovered exposed server infrastructure running an AI-assisted intrusion workflow that leverages MCP to give LLMs live access to attack environments. The LLM acts as the reasoning and decision layer, with MCP serving as the connector between the model and live network targets.

This is the first credibly reported instance of MCP being used operationally in offensive security infrastructure โ€” not a theoretical attack or proof of concept. The pattern mirrors fears the security community has raised since the 10,000-server MCP ecosystem milestone: the protocol's power as a tool integration layer makes it equally useful for attackers as defenders.

Organizations running MCP servers should audit authentication (recall the March 1 finding: 30% of 706 surveyed servers had no auth), review tool permissions, and evaluate products like SurePath's new policy controls layer.

---

## Stories Monitored / No New Developments

- **NVIDIA NemoClaw**: Still pre-GTC speculation. Partners (Salesforce, Cisco, Google, Adobe, CrowdStrike) cited but unconfirmed. Resurface March 16 when Jensen keynote drops.

- **Anthropic DoD lawsuit**: Still in courts. No ruling.

- **Starship Flight 12**: Static fire pending. No new window.

- **DeepSeek V4**: Still not officially released.

- **Firefly Alpha**: Still on pad. No new window set.