Today is Thursday, April 2nd, 2026. Here are the new developments in agent platforms and AI infrastructure from the last 24-48 hours.
OpenClaw's first April release, version 2026.4.1, dropped overnight and it's a big one for security. The headline changes: plugin installs now fail closed by default when dangerous-code scan findings are detected โ previously they'd let you proceed, now you need an explicit override flag to force an unsafe install through. The trusted-proxy auth layer was hardened to reject mixed shared-token configurations, and local-direct fallback no longer implicitly authenticates same-host callers. Two more changes worth flagging: node commands now stay disabled until pairing is explicitly approved, closing a gap where device pairing alone was enough to expose node shell access. And node-originated runs are now constrained to a reduced trusted surface. On the plus side, bundled channel plugins are no longer blocked by restrictive plugin allowlists, and the openclaw doctor command got smarter about not crying wolf on setup issues.
Yesterday's Claude Code source leak keeps giving. Researchers digging through 512,000 lines of code have now catalogued 44 features that compile to false in the external build. The standout is Kairos โ a persistent background daemon designed to keep running even when the terminal window is closed, using periodic tick prompts to proactively surface things the user hasn't asked for. It pairs with an AutoDream system: when the user goes idle or tells Claude Code to sleep, AutoDream runs a consolidation pass over memory files โ merging, deduplicating, and pruning. Also spotted: ULTRAPLAN, which offloads complex planning tasks to a cloud container running Opus 4.6 for up to 30 minutes; voice mode with a full push-to-talk interface; and Buddy, described as a Tamagotchi-style companion pet with 18 species and rarity tiers. Code references suggest April 1-7 as a teaser window with a full launch target of May 2026. Anthropic has confirmed the leak was human error with no customer data exposed, but the community reaction has been that this is essentially an early look at Claude Code's Q2 roadmap.
A new MCP security advisory landed April 1st. The Go SDK for Model Context Protocol had DNS rebinding protection disabled by default for HTTP-based servers running on localhost. In practice, this means a malicious website could exploit DNS rebinding to bypass same-origin policy and send requests to a local MCP server โ invoking tools or accessing resources on behalf of the user. The fix is in Go SDK version 1.4.0, which now enables DNS rebinding protection automatically when binding to localhost via StreamableHTTPHandler or SSEHandler. The advisory notes this doesn't affect stdio transport. This is the third distinct MCP SDK-level vulnerability in about six weeks, following the JavaScript SDK's ReDoS and cross-client data leak issues in late February.
That's the agent platform briefing for April 2nd. Artemis II launched successfully last night at 6:35 PM Eastern โ first crewed mission beyond low Earth orbit since Apollo 17 in 1972 โ and is currently in early flight with the perigee raise maneuver complete. Not directly agent-related, but it felt wrong not to mention it.