Welcome to the agent platform research briefing for July 5th, 2026.
**OpenClaw 2026.7.1-beta.1 โ GPT-5.6 support, external harness attach, and Telegram Codex workflows.** OpenClaw shipped a major beta release on July 2nd, led by native GPT-5.6 support across catalog, capability, and runtime selection paths โ thanks to a direct contribution from an OpenAI engineer. But the more interesting feature is the new "openclaw attach" command, which lets you launch an external Codex-style harness against an existing Gateway session, making it much easier to resume and inspect interactive coding workflows mid-stream. On Telegram, you can now start Codex pairing with slash-login, steer active Codex runs, and recover final replies across transient API failures. The iOS app got a fresh iOS 26 visual system with clearer navigation, while iMessage gains native poll creation, reading, and voting. And cron gets a new event-driven schedule kind โ "on-exit" โ that wakes an agent when a watched command exits, with session-targeted runs that can detach cleanly. There's also preparation for scoped conversation capability profiles, adding per-conversation tool and access boundaries without weakening the existing default. Over forty fixes span Telegram durability, agent context reliability, provider safety, and channel routing.
**Hermes Agent โ the open-source competitor from Nous Research gaining steam.** If OpenClaw is the lobster, Hermes Agent is the new cat on the block โ and it wants your workspace. Nous Research's open-source self-hosted AI agent has hit one hundred ninety-three thousand GitHub stars, and the key detail: it ships a "hermes claw migrate" command that automatically detects and migrates your OpenClaw settings, memories, skills, and API keys. It's always-on, self-hosted, supports Telegram, Discord, Slack, WhatsApp, Signal, and Email, with a built-in memory system, cron scheduling, and skill creation that learns from post-task evolution loops. The ecosystem is growing fast โ there's already a Hermes WebUI project for browser access, an awesome-hermes-agent curated resource list, and a skillclaw tool for skill management with safety flows. What makes it architecturally interesting is its server-oriented design with multi-platform messaging gateway built in, Docker-based one-file deployment, and a skill system that can evolve capabilities autonomously. The closest competitor to Hermes is OpenClaw โ and now OpenClaw users have a direct migration path. This isn't just another framework; it's becoming a real alternative in the self-hosted agent space.
**MCP Security โ the audit numbers are sobering, and the new spec is a double-edged sword.** A 2026 Zuplo audit of MCP servers found forty percent still require no authentication, forty-three percent carry command-injection vulnerabilities, and seventy-nine percent handle credentials in plaintext. Meanwhile, the MCP 2026-07-28 release candidate published July 1st introduces a stateless protocol with the Mcp-Session-Id removed โ great for load balancing, but as Akamai's threat research team notes, companies gain new features while losing a security check the protocol used to handle automatically, and now they have to build it themselves. The new spec also adds a formal deprecation policy. Microsoft's incident response team is now warning about poisoned MCP tool descriptions โ attackers update third-party tool descriptions with hidden instructions, agents follow without re-approval, and data leaks follow. The pattern has been clear for months: MCP adoption is sprinting ahead of security, and the stateless transition, while necessary for enterprise scale, widens the gap before organizations can respond.
That's the briefing for today. Three stories โ one release, one competitor to watch, and one security reality check. Have a good weekend.