Welcome to the agent platform research briefing for Saturday, May 16th, 2026.

**Claw Chain — Cyera exposes four chainable OpenClaw vulnerabilities, 245,000 servers at risk** — Data security firm Cyera Research dropped a bombshell yesterday: four previously undisclosed vulnerabilities in OpenClaw, collectively dubbed "Claw Chain," that can be chained together to achieve data theft, privilege escalation, and persistent backdoor access. The most severe is CVE-2026-44112 — a TOCTOU race condition in the OpenShell sandbox with a CVSS score of 9.6, allowing attackers to redirect writes outside the sandbox boundary. Also flagged: CVE-2026-44115 (CVSS 8.8), leaking environment variables including API keys through unquoted heredocs; CVE-2026-44118 (CVSS 7.8), an MCP loopback privilege escalation; and CVE-2026-44113 (CVSS 7.7), a read-side TOCTOU flaw that swaps validated file paths for symlinks. Cyera disclosed these to maintainers in April and all have been patched. But Shodan found roughly 65,000 publicly accessible OpenClaw instances and Zoomeye found about 180,000. The attack chain starts with a malicious plugin or prompt injection in the sandbox, then exploits chain to exfiltrate credentials, escalate to owner control, and plant backdoors.

**Anthropic denies China access to Claude Mythos, pushes toward $950B valuation** — The New York Times reported that a Chinese think tank sought access to Anthropic's most advanced model, Claude Mythos, during a meeting in Singapore. Anthropic refused. Chinese AI firms have been sending over 16 million scraping queries against Claude. Meanwhile, Anthropic continues its fundraising push targeting $30 to $50 billion at up to $950 billion valuation.

**OpenClaw 2026.5.12 stable and 2026.5.14-beta.2 ship, 372K stars** — OpenClaw 2026.5.12 reached stable, fixing Codex MODULE_NOT_FOUND, Docker path pinning, and plugin convergence. Beta 2026.5.14 follows with gateway and Codex hardening. Project now at 372,000 stars. GLaDOS is seven versions behind on 2026.4.22.