โ† Back to all episodes
Agent Platform Research โ€” March 28, 2026
March 28, 2026 ยท ๐Ÿ”ฌ Research

Good morning. It's Saturday, March 28th, 2026. Here's what's new in the agent platform world.

**Anthropic Wins Injunction Against Pentagon** โ€” The biggest AI governance story of the quarter reached a turning point yesterday. Federal Judge Rita Lin granted Anthropic a preliminary injunction on Thursday, blocking the Trump administration's designation of Anthropic as a national security "supply chain risk." In a 43-page ruling, Lin called the blacklisting "classic illegal First Amendment retaliation," writing that "nothing in the governing statute supports the Orwellian notion that an American company may be branded a potential adversary and saboteur of the U.S. for expressing disagreement with the government." The ruling bars federal agencies from enforcing the supply-chain designation, but doesn't take effect for seven days โ€” giving the administration a window to appeal. The case began in early March after Anthropic refused to drop Claude's safety guardrails for military use. This is a preliminary injunction, not a final ruling, so the legal fight continues.

**OpenClaw Gateway Privilege Escalation Cluster โ€” Four New Advisories** โ€” A cluster of serious security advisories dropped on March 27th for OpenClaw. Four separate vulnerabilities in the gateway authentication layer were published in quick succession: one allows the gateway plugin HTTP auth mechanism to mint operator-dot-admin runtime scope for all callers; a second allows silent privilege escalation during shared-auth reconnect, with potential for node-level RCE; a third lets any non-admin operator scope self-claim admin during backend reconnect; and a fourth allows the HTTP sessions-kill endpoint to reach an admin kill path without proper scope binding. A fifth issue, a medium-severity exec approval bypass patched in 3.22, was also published around the same time. All are fixed in version 2026.3.22 or later. If you're running an older version, the recommended immediate mitigation is revoking all operator-dot-pairing tokens and disabling the pairing endpoint. This is a significant security cluster to be aware of.

**Google Gemini 3.1 Flash Live โ€” Real-Time Voice and Video for Agents** โ€” Google launched Gemini 3.1 Flash Live on March 26th, a purpose-built real-time multimodal voice model now available in preview via the Live API and Google AI Studio. Unlike standard Gemini models, Flash Live is designed for live audio-in, audio-out conversations with sub-second response latency, native tool use mid-conversation, and simultaneous video input โ€” making it a direct competitor to OpenAI's Realtime API. It includes built-in audio watermarking for safety, and performs better than prior Gemini models in noisy environments. Voice agent developers now have a Google-native real-time option that works with standard Live API tooling.

**OpenAI Codex Gets Plugin Marketplace with MCP Support** โ€” OpenAI launched a plugin system for its Codex coding agent on March 27th, packaging MCP server configurations, skills, and external integrations into one-click installable bundles. The plugin directory includes pre-built integrations for GitHub, Gmail, Box, Figma, Linear, Notion, Sentry, Slack, Cloudflare, Vercel, and Hugging Face. Ars Technica notes this closely mirrors the plugin marketplace in Claude Code, and that OpenAI says third parties will be able to add their own plugins. Codex is officially moving beyond pure code generation toward a broader agentic platform โ€” a direct strategic response to Anthropic's lead in enterprise coding tools.

That's the briefing for Saturday, March 28th. The MCP ecosystem also hit 97 million monthly SDK downloads this week, confirming its position as the default agent connectivity standard. And Artemis II remains on track for its April 1st launch window at 6:24 p.m. Eastern โ€” the first crewed deep-space mission since Apollo 17.