From v2 to v3 of Kana Chat, an AI agent built around official CLI wrappers. The story of stepping back from the DIY OpenClaw direction and pivoting toward a blog pipeline that quickly drafts the daily flood of AI news and papers.
DeepSeek V4 Preview ships V4-Pro (1.6T/49B active) and V4-Flash (284B/13B active) as open weights under MIT, both with 1M context. CSA+HCA hybrid attention, mHC, and the Muon optimizer cut per-token FLOPs at 1M tokens to 27% of V3.2. Day-one API and chat.deepseek.com mode switch covered.
Two open-weight Chinese MoEs landed within 24 hours: Ant Ling-2.6-flash (104B/7.4B active, 7x token-efficiency claim) and Tencent Hy3-preview (295B/21B active, frontier-tier open weights). Specs, licenses, and how they line up against DeepSeek-V3 and GLM-4.5.
colleague.skill, yourself-skill, nuwa-skill and other 'human distillation' OSS tools are exploding in popularity, primarily in China. Seeing a tool that distills colleagues, I wondered 'what if I distilled myself?' and researched how.
UC Berkeley's RDI team demonstrated that major benchmarks including SWE-bench and WebArena can be manipulated to near-perfect scores without completing any tasks. They identified 7 vulnerability patterns and released BenchJack, an automated benchmark attack tool.
Zhipu AI's GLM-5.1 is a 744B MoE (40B active, 200K context, MIT) targeting long-horizon agent tasks. Hits 58.4% SOTA on SWE-Bench Pro (edging out GPT-5.4 and Claude Opus 4.6) and sustains performance across 8-hour sessions with 6,000+ tool calls without degradation.
CVE-2026-22812 (CVSS 8.8) and CVE-2026-22813 (CVSS 9.4) were disclosed in the open source AI coding agent "OpenCode". Shell commands are executed via XSS of an unauthenticated HTTP server and Markdown renderer. The PoC has been published, with over 220,000 instances exposed online.
A GitHub issue claimed that Claude Code was destroying uncommitted changes with `git reset --hard origin/main` every ten minutes, but the culprit turned out to be a separate tool the reporter had written.
AWS releases "Agent Plugins for AWS" for Claude Code/Cursor, automating everything from infrastructure design to deployment. On the same day, GitHub added AI vulnerability detection to Code Security to supplement Shell, Dockerfile, Terraform, and PHP, which are not compatible with CodeQL.
Changes from v1 to v2 of Kana Chat, an AI agent built around official CLI wrappers. Covers dual-model router, Heartbeat memory, planner mode, image input, speech transcription, PWA push notifications, and the lessons learned from a month of daily use.
Composio publishes security analysis of OpenClaw. Approximately 7.1% of SkillHub-distributed skills were found to have critical vulnerabilities, leaving over 30,000 instances exposed to the internet in the early stages at risk of prompt injection and credential theft.
NVIDIA's NemoClaw protects OpenClaw agents with a four-layer sandbox, while Stripe's Machine Payments Protocol enables payments without handing over private keys to agents. How can I safely charge from within the sandbox?
