The LGTM (Page 29)

The LGTM

Sign in Subscribe

Detectify’s MCP Server Is the AppSec Version of Letting the Agent Run the Test

Detectify’s MCP Server Is the AppSec Version of Letting the Agent Run the Test

Detectify’s new MCP Server is easy to file under “security vendor ships integration.” That would miss the point. The more interesting story is that application security is being forced into the agent loop, because the old workflow — scanner finds bug, dashboard waits, human reads report, ticket appears, developer eventually

OpenClaw’s ENETDOWN Crash Is a Reminder That SSRF Guards Are Still Network Code

OpenClaw’s ENETDOWN Crash Is a Reminder That SSRF Guards Are Still Network Code

Security code does not get a pass on being production code. OpenClaw issue #86688 is a clean reminder: an SSRF guard that crashes the gateway when the network drops has moved the risk, not removed it. The report says OpenClaw’s gateway can exit on an uncaught ENETDOWN error while

A sessions_yield Compaction Bug Shows Why Multi-Agent State Needs Branch Discipline

The dangerous bugs in multi-agent systems are rarely the theatrical ones. They are the quiet state bugs: the parent session parks, the subagent finishes, the runtime wakes the parent, and somewhere in that handoff an internal marker starts acting like the real conversation. That is the shape of OpenClaw issue

OpenClaw’s Observability Patch Moves Agent Operations from Logs to Alertable Signals

OpenClaw’s latest observability patch is not the kind of change that wins demos. That is exactly why it matters. PR #86682 takes a set of gateway events that previously lived mostly in logs — model failover, blocked tool executions, oversized payloads, webhook ingress, webhook errors, stale sessions, and liveness warnings

Azure Marketplace Is Becoming the Distribution Layer for Enterprise AI Agents

Enterprise AI agents are not failing because the demos are too weak. They are failing because the packaging is wrong. That is the useful signal inside Microsoft’s new customer story about Zammo.ai, a company selling no-code AI agents for channels like web, IVR, SMS, and Microsoft Teams. The

VoltAgent’s Workflow Status Fix Is a Tiny Patch With a Big Orchestration Lesson

VoltAgent’s Workflow Status Fix Is a Tiny Patch With a Big Orchestration Lesson

VoltAgent’s latest server-core patch is a one-field fix with a larger warning attached: in agent workflows, status is control flow. If the engine says a workflow suspended but the API response says completed, the system has not merely mislabeled a result. It has sent the caller down the wrong