Welcome to the Agent Platform Research Briefing for Thursday, May 28th, 2026. Three stories today — and one involves a very public backpedal.

**NSA Publishes First MCP Security Guidance** — The NSA's Cybersecurity Information division released a formal security guidance document for the Model Context Protocol on May 20th. Document ID PP-26-1834, titled "MCP: Security Design Considerations for AI-Driven Automation." This is the first national-security-level guidance specifically targeting MCP deployments. The 17-page document calls for input validation on every tool invocation, egress proxy filtering, data loss prevention, sandboxing, message integrity checks, output filtering, and local MCP scanning. The NSA draws explicit lessons from prior distributed ecosystems — essentially saying MCP is repeating the same architectural mistakes that plagued earlier API-driven systems. The guidance was published by the NSA's Artificial Intelligence Security Center. Industry response has been swift, with multiple vendors already positioning "agent firewalls" that map directly to the NSA's recommendations. This is significant because it elevates MCP security from a developer concern to a national security consideration — which matters for anyone running agents with real system access.

**OpenClaw 2026.5.19 — Plugins, Skills, and the Autoreview Revolution** — OpenClaw shipped a substantial update on May 19th with over two dozen changes. The headline additions: a new plugin SDK that lets developers build typed tool plugins with defineToolPlugin, an "autoreview" skill that automatically reviews code changes (renamed from the Codex closeout review), and a Skills CLI --global flag for managing shared skills across installations. Claude Code integration got its own set of improvements — the /codex plugins command lets you manage Codex plugins from chat, and prompt guidance is now scoped by runtime surface so native Codex keeps its own personality instructions separate from OpenClaw's runtime context. Browser automation got modal dialog handling — snapshots now surface pending dialogs and you can answer them by ID using browser dialog --dialog-id. The Mac app got a full Settings redesign with consistent card layouts. Smaller but notable: a meme-maker skill for curated template search, a Python debugging skill for pdb and debugpy, and Docker/Podman image build args for both apt and Python packages. OpenClaw continues its relentless march — two-week release cadence, no slowdown in sight.

**Musk Walks Back the Anthropic Colossus Deal — Six Months, Not Three Years** — Here's the correction that didn't make it into the original headlines. When SpaceX and Anthropic announced their compute partnership on May 7th, early reports described it as a $43.75 billion deal through 2029 — that's $1.25 billion per month over roughly three and a half years. But Elon Musk told Reuters today that the actual commitment is just six months, with "possible" extension into multiple years. Anthropic will pay a smaller monthly amount in May and June, with larger payments beginning later this year. The deal still nearly doubles SpaceX's annual revenue at full capacity, but the six-month term is a dramatically shorter leash than the initial coverage suggested. For an IPO-bound company like SpaceX, locking in a major customer for 43 billion versus a six-month trial are two very different stories. The initial announcement was made at Anthropic's Code with Claude conference in San Francisco, and it came alongside other announcements — Claude Managed Agents now features Dreaming, a research preview where agents write persistent notes to themselves for cross-session context sharing. Claude Code Fast Mode also updated to use Opus 4.7 by default, with doubled rate limits for developers. Interesting that Musk clarified the timeline on the same day the NSA published its MCP guidance — the AI infrastructure and security storylines keep intertwining.

That's the briefing for today, May 28th, 2026.