Edition #13. This week Claude Security went live, an Anthropic tool that scans your code for vulnerabilities. Cursor responded within hours with its own version. At the same time, April became the worst month ever for DeFi hacks: $651 million in losses across 28 incidents. Apple accidentally bundled two CLAUDE.md files into its Support app. And OpenClaw released a version that lets multiple agents collaborate cleanly. At the bottom I show how I deployed OpenClaw for a client this week: a custom quote within seconds, ready to send to the customer. Let's dive in!
Anthropic launches Claude Security, Cursor responds the same day
Anthropic released Claude Security this week, a tool that scans your code for vulnerabilities where regular scanners get stuck. Think logic flaws in your authentication, or places where user input isn't handled correctly. First Claude reads the code like a security expert, then it checks itself to filter out false alarms. The result is a concrete fix that fits your codebase, not a list of alerts to first wade through.
Cursor responded within hours with its own Security Review: comments on pull requests, automated scans, and notifications directly into Slack. Without the market noticing, the entire code tooling category was in a security race within a day.
What really makes this different is that the fixes are directly mergeable, in the style of your project. For teams that already have AI in their workflows, this is the kind of tool that delivers value without much work. The regular security tools remain necessary for the basics, but for the kind of bugs that normally only a human would find, you finally get help.
April 2026 became the worst month ever for DeFi hacks
According to DefiLlama, more than $651 million was stolen from DeFi protocols in April, spread across 28 incidents, almost three times more than an average month. The two largest were Drift Protocol on April 1 ($285 million through a stolen admin key) and Kelp DAO on April 18 ($293 million via a flaw in LayerZero). Most losses didn't come from bugs in the code, but from poor access management and stolen keys.
The accompanying chart tells the story most sharply. Until the end of 2025, the number of incidents fluctuated around 8 to 10 per month, April leaps out to 28. Researcher Kevin Kwok put it briefly: "When AI hits security there will be signs." Whether it's all driven by AI-powered attacks isn't proven, but something more than coincidence seems to be going on.
For those not in crypto: the same weak points sit in plenty of regular SaaS companies. As attackers use AI offensively, tools like Claude Security from the first story become a necessity for any serious AI strategy.
Apple leaks its own CLAUDE.md in a production build
Apple released version 5.13 of the Apple Support iOS app on Thursday and accidentally bundled in two files that weren't meant for the outside world: CLAUDE.md and CLAUDE (1).md. The contents describe the blueprint of their internal UI building blocks and the design of a new chat system codenamed Juno, a customer-service chatbot that works with both AI and human agents. The files were written by Claude for Apple's own developers.
Apple has been using Claude's Agent SDK in Xcode since February, but the fact that it's so deep in their engineering that it ends up in a production app was news to most. The leak itself is mild (architecture docs, no passwords), but the glimpse we got is telling: a good CLAUDE.md per project is no longer an optional add-on, it's how serious teams structure their AI tooling.
OpenClaw 2026.4.29: agents that no longer go silent or talk over each other
OpenClaw released version 2026.4.29, and the release reads like a list of exactly the small things that agent systems were breaking on in production. You can now steer a running agent halfway through a task without restarting it. Agents always reply visibly in group chats, instead of working silently without updating anyone. And the memory layer now remembers who's who in a conversation and how they relate to each other.
Under the hood there's more: NVIDIA hardware support, faster startups, and a built-in security check for plugins you add. The repo now stands at 367,000 stars, one of the largest open-source AI agent projects of the moment. What keeps drawing me to it is that the releases increasingly focus on production behavior instead of new features. That's exactly the phase where a tool shifts from toy to actually usable.
What I did with OpenClaw this week
An entrepreneur in my network got a question from a potential customer Tuesday evening: "could you send me a no-obligation quote for X?" Normally he'd work that out the next morning in two hours: looking up prices, opening the template letter, adjusting the name, checking margins.
We built an agent in OpenClaw that knows his own price list, terms and house style. He pastes the customer question into the chat, the agent asks a few clarifying questions if needed, and delivers a complete quote as a PDF within seconds: tailored to the customer and with the right prices.
What that meant in practice: he sent a quote out the door that same evening while the customer was still awake. The next morning there was already an agreement. Building this kind of agent is no longer rocket science, and if your business does similar repetitive work, this is exactly the kind of custom agent we help people with.
Want to work smarter with AI?
Want to work smarter with AI, in your business or just for yourself?
At AI Agent B.V. we help companies and individuals with AI advisory, AI implementation and practical training. So not just nice stories about what AI can eventually do, but concretely helping with how to use AI smarter today in your work, processes and daily operation. From strategy and tooling choices to training, implementation and custom AI agents.
Interested? Schedule a free 30-minute call.
