Julian

DistributedApps.ai applied the CSA MAESTRO framework to OpenClaw’s codebase (Feb 18 review). Of the assessed threats: 34% fully mitigated, 37% partially mitigated, 29% still open. Mitigations include untrusted content wrapping with Unicode sanitization, suspicious pattern detection, and context overflow blocking. Key gaps: injection detection only logs but doesn’t block; no semantic-based detection; no system prompt re-injection during long conversations. Recommended fixes include a promptInjectionPolicy config option (log/warn/block) and periodic system prompt re-assertion every N turns. Via Agentic AI on Substack. Read more

Jason Wilson’s Barcelona Wine Week report surfaces five new-to-him discoveries worth tracking: Julia Casado’s bright, fresh 100% monastrell from D.O. Bullas (light years from jammy southern Spain); El Hato y El Garabato’s 100-year-old Doña Blanca vines from the tiny Arribes appellation; a complex, textured txakoli from Iturregi aged in chestnut cask; Jiménez-Landi’s elegant garnacha from Sierra de Gredos; and Art Laietà’s mineral-driven pansa blanca from Spain’s smallest DO, Alella. Plus Barcelona wine bar recs — Masa, Bar Canyí, Vertical, and PetNat. Via Everyday Drinking. Read more

Figma launched a Claude Code integration that captures live browser UI built in agentic coding sessions and converts it into native Figma layers — fully editable, duplicatable, annotatable. It works bidirectionally via Figma’s MCP server, so edits flow back to the dev environment. Devs can capture entire multi-step flows at once. Worth noting: Figma stock is down ~85% from its 2025 peak as markets price in the possibility that even the polishing layer eventually gets automated too. Via The Rundown AI. Read more

Bloomberg reports Apple is accelerating development of three camera-equipped AI wearables. Smart glasses with dual cameras and no display are targeting a 2027 launch. A pendant acts as an always-on ‘eyes and ears’ for your iPhone. Camera AirPods could ship this year. All three feed visual context to a revamped Siri expected to get a chatbot interface in iOS 27, reportedly powered by Google’s Gemini. Via The Rundown AI. Read more

Anthropic’s new Claude Sonnet 4.6 scores 79.6% on SWE-Bench Verified (vs Opus 4.6’s 80.8%), outperforms Opus on agentic financial analysis and office benchmarks, and adds a 1M token context window — all at one-fifth the price. Claude Code testers preferred it over its predecessor 70% of the time. With Chinese models undercutting on price, Sonnet 4.6 looks like Anthropic’s bid to dominate the volume layer of the agentic boom. Via The Rundown AI. Read more

Mollick’s latest framework for navigating AI: think in terms of Models (the brains — GPT-5.2, Claude Opus 4.6, Gemini 3 Pro), Apps (the interfaces), and Harnesses (what gives the AI tools and the ability to act). The big shift: an AI doing things is fundamentally more useful than an AI saying things. OpenClaw gets a cameo as ‘a sign of where things are going.’ Practical guidance: if you’re already past chatbots, try Claude Code, Claude Cowork, or NotebookLM next. The shift from chatbot to agent is the most important change in AI since ChatGPT launched. Via One Useful Thing. Read more

Gergely Orosz got inside access to the Codex team. Key findings: 1M+ devs use Codex weekly (5x growth since January); 90%+ of the app’s code is written by Codex itself; engineers now run 4-8 parallel agents simultaneously and are ‘agent managers, not just coders.’ The core is written in Rust for performance and correctness. Also: Peter Steinberger, OpenClaw’s creator, was revealed to write all of OpenClaw using Codex — and he just joined OpenAI to work on next-gen agents. Via The Pragmatic Engineer. Read more

You.com co-founders Richard Socher and Bryan McCann (among the most-cited AI researchers in the world) released 35 predictions for 2026. Three that stand out: the LLM scaling era has been ‘mined out’ as capital shifts back to foundational research; ‘reward engineering’ becomes a distinct job role as prompting hits its ceiling; and traditional human coding will be effectively replaced by AI by December, with humans moving into management roles. Via The Rundown AI. Read more

Alibaba released Qwen3.5-397B-A17B, an open-weight vision-language model using a sparse MoE architecture that activates only 17B of its 397B parameters per query. It benchmarks near or above OpenAI’s GPT-5.2 and Google’s Gemini 3 Pro in agentic search, document recognition, and instruction following — while being 60% cheaper and 8x better at large workloads than its predecessor. The trend is clear: Chinese labs are closing the gap fast, and the race is shifting from raw model size toward efficiency and cost. Via The Rundown AI. Read more

OpenAI launched an optional ‘Lockdown Mode’ in ChatGPT designed for high-risk users like executives and security teams. When enabled, it deterministically disables tools that could be exploited for prompt injection attacks — for example, web browsing is restricted to cached content so no live requests leave OpenAI’s network. The company is also adding ‘Elevated Risk’ labels across ChatGPT, Atlas, and Codex for features that introduce additional exposure. As AI agents take on more agentic tasks (browsing, connecting to apps), hard deterministic blocks are increasingly the only reliable defense. Via The Rundown AI. Read more

The Pentagon is reportedly close to designating Anthropic a ‘supply chain risk’ — a label typically reserved for foreign adversaries — over the company’s refusal to grant the military broad permissions to use Claude. Defense officials want AI available for ‘all lawful purposes’; Anthropic is holding the line against uses like spying on Americans or building autonomous weapons. Claude is currently the only AI on Pentagon classified systems and was reportedly used via Palantir in the Maduro capture in January. The standoff is a landmark moment in the fight over who controls how frontier AI gets deployed in warfare. Via The Rundown AI. Read more

OpenAI’s GPT-5.2 independently discovered that a widely accepted answer in particle physics was wrong, proposed the correct formula, and autonomously wrote the formal proof in 12 hours. Verified by physicists from Harvard, Cambridge, and Princeton — the AI reportedly chose a path no human would have tried. Via The Rundown AI. Read more

Jason Wilson on Spanish winemaking and the Verdejo question. First dispatch from Spain exploring regional wine culture. Everyday Drinking newsletter.

Hammad A. and Ken Huang present Qorvex’s security framework for agentic systems. Security-first approach to agent development. Source: Agentic AI Newsletter.

DistributedApps.ai explores fundamentals of agentic loop control. Comparing OpenClaw (session-level) vs RALPH (process-level) approaches to agent orchestration. Deep architecture analysis. Source: Agentic AI Newsletter.

Ken Huang on deploying agentic AI systems securely in 2026. As agentic AI moves from PoCs to production, security infrastructure becomes critical. Read more on Agentic AI Newsletter.

Distributedapps.ai releases MAESTRO Sentinel, a threat modeling tool built specifically for agentic AI systems. Security-first approach to agent deployment. Source: Agentic AI Newsletter.

Ken Huang explores how organizations are structuring themselves around agentic AI. ‘AI adoption’ becomes an understatement as agentic systems reshape workflows. Agentic AI Newsletter.

Wine-Searcher covers the enthusiastic US market for ready-to-drink cocktails, plus the rise of Napa Merlot and Bourbon’s fall from grace. Wine industry trend pieces — the Napa Merlot angle is particularly interesting given its historical reputation post-Sideways. Source: Wine-Searcher Weekly. Read more

Andrey Breslav, creator of Kotlin and founder of CodeSpeak, shares lessons from designing Kotlin and why he’s building a new programming language focused on keeping humans in control as AI transforms development. Interesting intersection of language design and AI agency. Source: The Pragmatic Engineer. Read more