Radar Tendencies to Watch: March 2026 – O’Reilly

The explosion of curiosity in OpenClaw was one of many final objects added to the February 1 developments. In February, issues went loopy. We noticed a social community for brokers (no people allowed, although they undoubtedly sneak on); a multiplayer on-line recreation for brokers (once more, no people); many clones of OpenClaw, most of which try and mitigate its many safety issues; and rather more. Andrej Karpathy has mentioned that OpenClaw is the following layer on high of AI brokers. If the safety points may be resolved (which is an effective query), he’s in all probability proper.

AI

• Moonshine Word Taker is a free and open supply voice transcription software for taking notes. It runs regionally: The mannequin runs in your {hardware} and no information is ever despatched to a server.
• Nano Banana’s picture era was breathtakingly good. Google has now launched Nano Banana 2, a.ok.a. Gemini 3.1 Flash Picture, which guarantees Nano Banana picture high quality at velocity.
• Claude Distant Management means that you can proceed a desktop Claude Code session from any system.
• Placing OpenClaw right into a sandbox isn’t sufficient. Conserving AI Brokers from by accident (or deliberately) doing injury is a permissions downside.
• Alibaba has launched a fleet of mid-size Qwen 3.5 fashions. Their theme is offering extra intelligence with much less computing cycles—one thing all of us want to understand. 
• Vital recommendation for agentic engineering: All the time begin by operating the checks.
• Google has launched Lyria 3, a mannequin that generates 30-second musical clips from a verbal description. You’ll be able to experiment with it by means of Gemini.
• There’s a brand new protocol within the agentic stack. Twilio has launched the Agent-2-Human (A2H) protocol, which facilitates handoffs between brokers and people as they collaborate.
• But increasingly more mannequin releases: Claude Sonnet 4.6, adopted rapidly by Gemini 3.1 Professional. When you care, Gemini 3.1 Professional at the moment tops the summary reasoning benchmarks.
• Kimi Claw is one more variation on OpenClaw. Kimi Claw makes use of Moonshot AI’s most superior mannequin, Kimi K2.5 Considering mannequin, and affords one-click setup in Moonshot’s cloud.
• NanoClaw is one other OpenClaw-like AI-based private assistant that claims to be extra safety acutely aware. It runs brokers in sandboxed Linux containers with restricted entry to exterior sources, limiting abuse. 
• OpenAI has launched a analysis preview of GPT-5.3-Codex-Spark, an especially quick coding mannequin that runs on Cerebras {hardware}. The corporate claims that it’s attainable to collaborate with Codex in “actual time” as a result of it offers “near-instant” outcomes.
• RAG is probably not the latest thought within the AI world, however text-based RAG is the idea for a lot of enterprise functions of AI. However most enterprise information contains graphs, photos, and even textual content in codecs like PDF. Is that this the 12 months for multimodal RAG?
• Z.ai has launched its newest mannequin, GLM-5. GLM-5 is an open supply “Opus-class” mannequin. It’s considerably smaller than Opus and different high-end fashions, although nonetheless enormous; the mixture-of-experts mannequin has 744B parameters, with 40B lively.
• Waymo has created a World Mannequin to mannequin driving habits. It’s able to constructing lifelike simulations of site visitors patterns and habits, primarily based on video collected from Waymo’s automobiles.
• Recursive language fashions (RLMs) remedy the issue of context rot, which occurs when output from AI degrades as the scale of the context will increase. Drew Breunig has a superb rationalization.
• You’ve heard of Moltbook—and maybe your AI agent participates. Now there’s SpaceMolt—an enormous multiplayer on-line recreation that’s solely for brokers. 
• Anthropic and OpenAI concurrently launched Claude Opus 4.6 and GPT-5.3-Codex, each of which provide improved fashions for AI-assisted programming. Is that this “open warfare,” as AINews claims? You imply it hasn’t been open warfare before now?
• When you’re excited by OpenClaw, you would possibly strive NanoBot. It has 1% of OpenClaw’s code, written in order that it’s straightforward to grasp and preserve. No guarantees about safety—with all of those private AI assistants, watch out!
• OpenAI has launched a desktop app for macOS alongside the strains of Claude Code. It’s one thing that’s been lacking from their lineup. Amongst different issues, it’s supposed to assist programmers work with a number of brokers concurrently.
• Pete Warden has put collectively an interactive information to speech embeddings for engineers, and revealed it as a Colab pocket book.
• Aperture is a brand new device from Tailscale for “offering visibility into coding agent utilization,” permitting organizations to grasp how AI is getting used and adopted. It’s at the moment in non-public beta.
• OpenAI Prism is a free workspace for scientists to collaborate on analysis. Its objective is to assist scientists construct a brand new era of AI-based tooling. Prism is constructed on ChatGPT 5.2 and is open to anybody with a private ChatGPT account.

Programming

• Anthropic is providing six months of Claude Max 20x free to open supply maintainers.
• Pi is a quite simple however extensible coding agent that runs in your terminal.
• Researchers at Anthropic have vibe-coded a C compiler utilizing a fleet of Claude brokers. The experiment value roughly $20,000 price of tokens, and produced 100,000 strains of Rust. They’re cautious to say that the compiler is much from manufacturing high quality—however it works. The experiment is a tour de drive demonstration of operating brokers in parallel. 
• I by no means knew that macOS had a sandboxing device. It appears helpful. (It’s additionally deprecated, however appears a lot simpler to make use of than the options.)
• GitHub now permits pull requests to be turned off utterly, or to be restricted to collaborators. They’re doing this to permit software program maintainers to eradicate AI-generated pull requests, that are overwhelming many builders.
• After an open supply maintainer rejected a pull request generated by an AI agent, the agent revealed a weblog submit attacking the maintainer. The maintainer responded with a superb evaluation, asking whether or not threats and intimidation are the way forward for AI.
• As Simon Willison has written, the aim of programming isn’t to jot down code however to ship code that works. He’s created two instruments, Showboat and Rodney, that assist AI brokers demo their software program in order that the human authors can confirm that the software program works. 
• Anil Sprint asks whether or not codeless programming, utilizing instruments like Gasoline City, is the longer term.

Safety

• There’s now an app that alerts you when somebody within the neighborhood has sensible glasses.
• Agentsh offers execution layer safety by implementing insurance policies to prevents brokers from doing injury. So far as brokers are involved, it’s a substitute for bash.
• There’s a brand new type of cyberattack: assaults towards time itself. Extra particularly, this implies assaults towards clocks and protocols for time synchronization. These may be devastating in manufacturing unit settings.
• “What AI Safety Analysis Seems Like When It Works” is a superb overview of the influence of AI on discovering vulnerabilities. AI generates a number of safety slop, however it additionally finds essential vulnerabilities that may have been opaque to people, together with 12 in OpenSSL.
• Gamifying immediate injection—effectively, that’s new. HackMyClaw is a recreation (?) by which members ship electronic mail to Flu, an OpenClaw occasion. The objective is to drive Flu to answer with secrets and techniques.env, a file of “confidential” information. There’s a prize for the primary to succeed.
• It was solely a matter of time: There’s now a cybercriminal who’s actively stealing secrets and techniques from OpenClaw customers. 
• Deno’s safe sandbox would possibly present a technique to run OpenClaw safely. 
• IronClaw is a private AI assistant modeled after OpenClaw that guarantees higher safety. It all the time runs in a sandbox, by no means exposes credentials, has some defenses towards immediate injection, and solely makes requests to permitted hosts.
• A pretend recruiting marketing campaign is hiding malware in programming challenges that candidates should full to be able to apply. Finishing the problem requires putting in malicious dependencies which are hosted on authentic repositories like npm and PyPI.
• Google’s Risk Intelligence Group has launched its quarterly evaluation of adversarial AI use. Their evaluation contains distillation, or amassing the output of a frontier AI to coach one other AI.
• Google has upgraded its instruments for eradicating private data and pictures, together with nonconsensual express photos, from its search outcomes. 
• Tirith is a brand new device that hooks into the shell to dam unhealthy instructions. That is usually an issue with copy-and-paste instructions that use curl to pipe an archive into bash. It’s straightforward for a nasty actor to create a malicious URL that’s indistinguishable from a authentic URL.
• Claude Opus 4.6 has been used to find 500 0-day vulnerabilities in open supply code. Whereas many open supply maintainers have complained about AI slop, and that abuse isn’t prone to cease, AI can be turning into a precious device for safety work.
• Two coding assistants for VS Code are malware that ship copies of all of the code to China. In contrast to plenty of malware, they do their job as coding assistants effectively, making it much less possible that victims will discover that one thing is unsuitable. 
• Weird Bazaar is the identify for a wave of assaults towards LLM APIs, together with self-hosted LLMs. The assaults try and steal sources from LLM infrastructure, for functions together with cryptocurrency mining, information theft, and reselling LLM entry. 
• The enterprise mannequin for ransomware has modified. Ransomware is not about encrypting your information; it’s about utilizing stolen information for extortion. Small and mid-size companies are frequent targets. 

Net

• Cloudflare has a service known as Markdown for Brokers that converts web sites from HTML to Markdown when an agent accesses them. Conversion makes the pages friendlier to AI and considerably reduces the variety of tokens wanted to course of them.
• WebMCP is a proposed API normal that permits net functions to turn into MCP servers. It’s at the moment obtainable in early preview in Chrome.
• Customers of Firefox 148 (which needs to be out by the point you learn this) will have the ability to choose out of all AI options.

Operations

• Wireshark is a robust—and complicated—packet seize device. Babyshark is a textual content interface for Wireshark that gives a tremendous quantity of data with a a lot easier interface.
• Microsoft is experimenting with utilizing lasers to etch information in glass as a type of long-term information storage.

Issues

• You want a desk robotic. Why? As a result of it’s there. And enjoyable.
• Do you wish to play Doom on a Lego brick? You’ll be able to.