VoicesSummer Yue OpenClaw Inbox Deletion — Verbal Commands InsufficientThe Hacker News·high signalMetas AI safety director couldnt stop autonomous agent with verbal commands. Confirms Karpathy OpenClaw security critique.SourceSource pageThe Hacker News↳ Follow the threadStack layer / Threat pattern'Friendly Fire': AI Now PoC Tricks Claude Code and Codex Into Running README-Planted MalwareAI Now Institute (via The Hacker News)Shared entity / Threat pattern'OpenClaw' Is Being Reported as 2026's Breakout Open-Source Coding AgentByteByteGoPolicy dependency / Threat patternZhipu/Z.ai Founder Tang Jie's Internal Memo 'The Giant Wave Has Arrived': Frontier AI Must Stay Open — a Direct Rebuke of China's Rumored CurbsBloombergPolicy dependency / Stack layerCynative Ships an Open-Source Deep-Research Security Agent With Default-Deny Write PermissionsIT Security NewsStack layer / Threat patternMako: A 'Self-Evolving Agentic OS' That Writes New Exploits Against Live Targets and Hot-Loads Them Into ItselfarXivStack layer / Threat patternMCPZoo Study: Scanners Call 96.89% of MCP Servers 'Risky' — But Under Half of Those Alerts Are RealarXivStack layer / Threat patternWire Analysis: xAI's Grok Build CLI Silently Uploaded Entire Repos to a Google Cloud Bucketcereblab wire analysis / Hacker News (corroborated by The Hacker News, Glitchwire)Stack layer / Threat patternDistributed Backdoors Prove Per-Step Agent Monitors Can Be Right on Every Step and Still Miss the AttackarXiv