Welcome to the Agent Platform Research Briefing for Friday, March 27th, 2026. Four solid stories today โ a big OpenClaw release, Anthropic going full computer use, Cloudflare reinventing agent sandboxing, and OpenAI opening up a safety bug bounty specifically for agentic and MCP risks.
OpenClaw shipped a substantial feature release on March 25th. The headline changes: Microsoft Teams gets a full SDK migration with AI-agent UX best practices โ streaming replies, welcome cards with prompt starters, typing indicators, and native AI labeling. For self-hosted users, a new `--container` flag lets you run `openclaw` commands directly inside a running Docker or Podman container without leaving the CLI. Skills get a major onboarding upgrade: one-click install recipes now ship with the seven most popular bundled skills, including coding-agent, weather, and session-logs, so missing dependencies surface with an actionable install prompt instead of a silent failure. The Control UI skills panel is also redesigned with filter tabs โ All, Ready, Needs Setup, Disabled โ and click-to-detail cards showing API key entry and requirements. For RAG and OpenAI-compatible client users, the Gateway now exposes `/v1/models` and `/v1/embeddings` endpoints, enabling broader drop-in compatibility. No new CVEs in this release.
Anthropic launched a research preview on March 24th that gives Claude direct control over a user's Mac โ clicking buttons, opening apps, typing into fields, and navigating software autonomously. The feature is live now for Pro subscribers at seventeen dollars per month and Max subscribers at a hundred or two hundred, macOS only for now. It's integrated into both Claude Cowork and Claude Code. The architecture is layered: Claude first checks for direct API connectors to services like Gmail, Slack, and Google Calendar. If no connector exists, it falls back to browser navigation via the Claude Chrome extension. Mac-level control โ clicking and typing in any native application โ is the last resort. Anthropic is also extending Dispatch, the mobile task-assignment feature, into Claude Code for the first time, creating a full pipeline where you assign a task from your phone and come back to a finished result. VentureBeat called it the most ambitious consumer AI agent to date, and it arrives in the middle of what Reuters is calling an enterprise turf war between Anthropic and OpenAI โ a race where the ability to ship working agents is now the decisive weapon.
Cloudflare launched the open beta of Dynamic Workers this week, a new isolate-based sandboxing system built specifically for AI agent workloads. The pitch: starts in milliseconds, uses only a few megabytes of memory, runs on the same machine and even the same thread as the request that created it. The company claims it's roughly a hundred times faster to start than a traditional Linux container and between ten and a hundred times more memory efficient. The strategic angle is around what Cloudflare calls Code Mode โ the idea that LLMs perform better when given a TypeScript API to write against, rather than being forced through tool calls. Cloudflare says converting an MCP server into a TypeScript API this way can cut token usage by eighty-one percent. Dynamic Workers is the secure execution layer that makes that approach practical at scale. For teams building multi-tenant agents or high-frequency agentic pipelines where millions of short-lived code executions need to happen safely and cheaply, this is a meaningful new piece of infrastructure. The open beta is live now.
OpenAI launched a public Safety Bug Bounty program on March 25th, specifically targeting AI abuse and safety risks that traditional security bug bounties miss. The program lives on Bugcrowd and complements their existing security bounty. What's notable for agent platform developers: the scope explicitly includes agentic risks including MCP. In-scope scenarios include third-party prompt injection that hijacks an agent to perform harmful actions or leak user data โ it must be reproducible at least fifty percent of the time โ agentic products performing disallowed actions at scale on OpenAI's own systems, and broader computer use harms. There's also a category for model generations that expose proprietary reasoning. Jailbreaks are out of scope, but the explicit callout of MCP and agentic attack vectors signals that OpenAI is treating prompt injection in tool-calling pipelines as a priority security class, not just a product-policy question. The bounty is open to the public now.
That's the briefing for Friday, March 27th. The big themes today: agent compute is going native โ whether that's Claude clicking through your Mac, Cloudflare sandboxing agent code at millisecond scale, or OpenClaw getting first-class container and Teams integrations. And the security posture is catching up, with OpenAI now formally tracking MCP-specific attacks through their bounty program.