Welcome to the Agent Platform Research Briefing for Sunday, April 12th, 2026. Three genuinely new stories today — an important OpenClaw release, a supply-chain security incident at OpenAI, and a meaningful upgrade to the MCP authorization specification.

**OpenClaw 2026.4.10 — Active Memory and MLX Voice** — OpenClaw shipped version 2026.4.10 this week with a headline feature called Active Memory: a dedicated memory sub-agent that runs just before the main reply, quietly pulling in relevant preferences, prior decisions, and ongoing threads without users having to say "remember this" manually. The OpenClaw Playbook described it as memory shifting from passive storage to "proactive collaborator." The release also adds an experimental local MLX speech provider for Talk Mode on macOS, enabling fully on-device speech processing without cloud round-trips. The GitHub release page shows additional polish: ChatGPT import ingestion for the Dreaming memory system, video generation improvements, Microsoft Teams reaction support, and several reliability fixes. This is the most significant memory architecture update since the Dreaming system launched two releases ago.

**OpenAI macOS Supply-Chain Security Incident — Axios/North Korea** — OpenAI disclosed Friday that it identified a security issue tied to Axios, a widely-used third-party developer library, as part of a broader software supply chain attack attributed to North Korea. The attack, which occurred March 31st, caused a GitHub Actions workflow used by OpenAI to download a malicious version of Axios. That workflow had access to a certificate and notarization material used to sign OpenAI's macOS apps — including ChatGPT Desktop, Codex, Codex-CLI, and Atlas. OpenAI says its analysis found the signing certificate was likely not exfiltrated and no user data, systems, or source code was compromised. The company is now updating its security certifications and requiring all macOS users to update their OpenAI apps. The Axios supply chain compromise is a reminder that even well-resourced AI companies share the same software dependency risks as everyone else.

**MCP Gets a Real Auth Spec — OAuth 2.1 and Resource Indicators** — A detailed writeup published today highlights a significant but under-reported change in the MCP authorization specification: MCP servers are now formally classified as OAuth 2.1 resource servers, and clients are required to implement RFC 8707 Resource Indicators. In practice, this means access tokens are now tightly scoped to specific MCP servers — a malicious server can no longer reuse a token issued for a different resource. The spec also adds protected resource metadata, so clients can discover the correct authorization server through the server itself rather than out-of-band configuration. This is the architectural fix that the MCP security community has been asking for since last year's wave of CVEs. Enterprise deployments that move to compliant clients and servers will have a substantially smaller credential misuse attack surface.

**Claude Cowork Goes Generally Available** — Anthropic quietly pushed Claude Cowork from research preview to general availability this week, now shipping as part of Claude Desktop on both macOS and Windows for all paid plans — Pro, Max, Team, and Enterprise. The GA release adds expanded analytics, OpenTelemetry support, and role-based access controls so enterprise admins can tailor which teams get access to which capabilities. Cowork brings Claude Code's agentic file-edit and tool-use capabilities into a desktop knowledge-work context — think long-form research, document drafting, and multi-step workflows without requiring a terminal. The enterprise RBAC controls are a notable addition that competing agentic desktop tools don't yet offer.

That's the briefing for Sunday, April 12th. Four stories: OpenClaw Active Memory, the OpenAI Axios supply-chain incident, MCP's new OAuth 2.1 auth spec, and Claude Cowork going GA. Until next time.