Welcome to the Agent Platform Research Briefing for Monday, May 25th, 2026.
OpenClaw version 2026.5.22 went stable this weekend, and it's a surgical strike on gateway latency. The core theme is lazy-loading and reuse. The gateway now reuses process-stable channel catalog reads across workers, so the same manifest isn't parsed multiple times per request cycle. Plugin metadata snapshots are now immutable and shared across all hot paths โ startup, config, model, channel, setup, and secret readers. And plugins that aren't immediately needed are lazy-loaded at first reference instead of being initialized at startup. For teams running multi-plugin environments, this can cut startup work by roughly 60 percent and shave seconds off recovery time. The release also rotates CPU profiling artifacts so benchmark runs don't accumulate unbounded logs. Not a flashy feature release, but exactly the kind of infrastructure polish that matters in production.
Two major Mythos developments this weekend. First, Anthropic's initial Project Glasswing update reveals Mythos has scanned more than a thousand open-source projects and found an estimated 6,202 high-or-critical vulnerabilities in open-source projects alone โ with over 10,000 total high and critical findings across its roughly 50 partner organizations. In total, 23,019 flaws of all severities across those codebases. Ninety percent of confirmed findings validated as real bugs. A critical flaw in the wolfSSL cryptography library โ used by billions of devices โ was identified and patched. WolfSSL has publicly credited Mythos with the discovery. The flip side: several maintainers have asked Anthropic to slow down disclosures because they're drowning in AI-generated bug reports and can't keep up.
Second, "Mythos 1" was briefly spotted on the Claude Code interface on Saturday โ users reported seeing model strings including "claude-mythos-1-preview" before Anthropic pulled them back. And here's the headline: Anthropic committed to making Mythos-class models available through a general release "in the near future" once stronger safeguards are developed. The company also admitted that no organization โ including itself โ has yet built safeguards strong enough to prevent misuse by malicious actors. Expanding Project Glasswing to US and allied government partners is the next step, and with 40 organizations already in the program including Google and Amazon, the pressure on every software maintainer to patch faster just went up a notch.
On May 20th, the NSA's Artificial Intelligence Security Center released a Cybersecurity Information Sheet on the Model Context Protocol โ the first government guidance specifically addressing MCP security in production deployments. The guidance warns that agentic AI systems introduce dynamic tool invocation and implicit trust relationships that go beyond traditional authentication and input validation. Key recommendations include treating MCP servers as privileged network endpoints, implementing least-privilege access per server rather than blanket trust, monitoring tool call patterns for anomalous behavior, and isolating MCP infrastructure from broader network access. The guidance comes at a critical moment: with MCP adoption accelerating across enterprise AI stacks, there simply hasn't been authoritative security guidance until now. This follows a wave of MCP-related CVEs over the past two months, making it clear that the protocol's rapid adoption has outpaced its security maturity.
The Model Context Protocol's biggest update since launch hit release candidate status three days ago. The headline: MCP is now stateless at the protocol layer. The initialize handshake and Mcp-Session-Id headers are gone โ replaced by per-request metadata carrying protocol version and client info in every call. Servers can now run behind ordinary round-robin load balancers with no sticky sessions required. The spec also introduces two major extensions: MCP Apps for server-rendered user interfaces, and the Tasks extension for long-running background work, which graduates the task concept from experimental spec to formal extension. Authorization gets tightened to align more closely with OAuth and OpenID Connect deployments. And there's a formal deprecation policy for the first time, so the protocol can evolve without breaking existing integrations. The final spec ships July 28th. For anyone running MCP infrastructure at scale, this is a meaningful architectural shift โ stateless MCP servers are dramatically easier to operate, horizontally scale, and cache.
That's the briefing for today. See you tomorrow.