OpenClaw Upgrades Its AI Arsenal And Closes Security Gaps In Latest Release

Open-source, self-hosted AI agent platform OpenClaw launched its newest launch, model 2026.3.22, bringing a wave of enhancements throughout plugin administration, AI integrations, and platform safety.

This replace provides the ClawHub plugin market and expands mannequin assist to incorporate MiniMax M2.7, GPT-5.4-mini/nano fashions, and per-agent reasoning capabilities. Additionally, the discharge incorporates integration with OpenShell and SSH sandbox environments, alongside connectivity to exterior search instruments resembling Exa, Tavily, and Firecrawl. 

According to the GitHub doc, one of many headline modifications is a revamped plugin set up movement. When working openclaw plugins set up, the system now prioritizes OpenClaw’s personal market — ClawHub — earlier than falling again to npm. This means customers get curated, verified packages by default, with npm nonetheless obtainable as a security web. Updating plugins has additionally been improved: builders can now goal particular variations or distribution tags on npm-tracked installs with out shedding their recorded bundle specs.

OpenClaw is doubling down on AI integrations. The default OpenAI mannequin has been upgraded to GPT-5.4, with Codex following swimsuit. All OpenAI companies — chat, picture technology, text-to-speech, transcription, and embeddings — now draw from a single shared configuration module, making setup cleaner and extra constant.

Perhaps most notably, this launch introduces a local Anthropic Claude supplier through Google Vertex AI, full with full GCP authentication and discovery. Teams already working on Google Cloud infrastructure can now entry Claude fashions immediately via OpenClaw with out extra middleware.

Rounding out the AI information, this launch provides assist for locating and putting in Codex, Claude, and Cursor bundles, with their abilities mechanically mapped into the OpenClaw ability system.

New Update Enhances Security 

Notably, this launch addresses a number of significant safety issues. Proxy spoofing safety has been improved by making certain that loopback hops in trusted forwarding chains at the moment are ignored, whereas gadgets are restricted from requesting permissions past what their session permits. Admin scope lockdown has been strengthened in order that proxy-authenticated classes can not self-declare admin or secrets-level entry with out a verified gadget id. In addition, malicious obtain safety has been enhanced by making use of the identical measurement limits and timeouts to error responses from distant media sources as these used for profitable downloads, thereby closing a possible vector for unbounded reminiscence assaults.

Users can now set up immediately from GitHub’s fundamental department through openclaw replace –tag fundamental, helpful for groups monitoring bleeding-edge builds. A repair has additionally landed for plugin callback routing, making certain that interactive buttons — resembling Telegram’s Codex picker — not by chance fall via to common message handlers.

A beta construct of v2026.3.22 is on the market on npm. macOS customers ought to word that the desktop app stays on the earlier secure launch, with no new macOS binary connected to this beta.

The put up OpenClaw Upgrades Its AI Arsenal And Closes Security Gaps In Latest Release appeared first on Metaverse Post.