Issue #1 · March 31, 2026
Welcome to Agentic Yield. This is a weekly intelligence briefing for builders and founders trying to make money in the agentic AI economy. No hype, no takes — just what happened, why it matters, and what you can actually do with it. This debut issue covers the last three weeks. Future issues will cover the prior week.
THIS WEEK IN THE AGENTIC ECONOMY
Team Nebula replaced a 6-person ops team with 3 OpenClaw agents
$280/month vs $42,000. The agents handle quote generation, order tracking, and customer follow-ups around the clock. Not a demo — an operating business with audited numbers. (source)
Jensen Huang called OpenClaw "definitely the next ChatGPT"
CNBC surfaced the bigger concern underneath: an independent open-source project beating the big labs to the next AI platform is making model providers nervous about commoditization. At GTC, Jensen compared OpenClaw's trajectory to Linux. Meanwhile, Nvidia's own dev team named OpenClaw their top Nemotron model customer — while simultaneously building NemoClaw as an enterprise competitor. (source)
OpenClaw v2026.3.22 and v2026.3.23 shipped back-to-back
3.22 was the biggest release in months: ClawHub Marketplace is now the default plugin source (npm is fallback), MiniMax M2.7 and GPT-5.4-mini/nano support added, Chrome extension relay removed, followed with Qwen endpoint expansion, Control UI refresh, CSP and auth hardening. (changelog)
MCP hit 97 million installs in March
The Model Context Protocol is the connective layer underneath every major coding agent — Claude Code, Codex, Cursor. The moat in agents isn't model intelligence anymore. It's who controls the integration layer. MCP is winning that quietly. (source)
Claude Code grew 150% in revenue since January — then tightened the limits
Four releases in three weeks. New auto mode reduces approval prompts, giving agents more autonomy. But the new rate limits are pushing builders to switch workloads to GPT 5.4 and Codex. The tool is simultaneously getting better and more restrictive. (source)
Figma opened its design canvas to AI coding agents
New official MCP server connects Claude Code, Cursor, Codex, and Windsurf to your Figma files — read, write, and modify designs directly from your agent workflow. If you're building anything with a UI, this collapses an entire handoff step. This was our highest-engagement post of the month. (source)
JetBrains launched Central
An open platform for orchestrating Claude, Codex, and Gemini coding agents across IDE, CLI, and CI. Their survey: 90% of devs use AI at work, but only 13% run it across the full development lifecycle. Central is designed to close that gap. Early access Q2 2026. (source)
Meta acqui-hired the Dreamer team for personalized AI agents
Former Google and Stripe executives who built a platform for creating personal AI agents. They're joining Meta Superintelligence Labs. Meta is betting that personalized agents — not chatbots, not copilots — are the next consumer interface. (source)
Starling Bank launched the UK's first agentic AI banking service
The agent sets budgets, monitors spending, and acts on your behalf — not just analysis, actual execution. The agentic finance layer is live. (source)
Anthropic is bringing Code with Claude to San Francisco, London, and Tokyo
Full day of workshops, demos, and 1:1 office hours with the teams behind Claude. If you're building on Claude Code or the API, this is the most direct access you'll get. Register to watch remotely or apply to attend in person. (register)
THE SECURITY PICTURE
The agent security situation is moving fast in both directions. Here's what happened in three weeks:
CVE-2026-22172 (CVSS 9.9 Critical) — OpenClaw versions before 2026.3.12 let shared-token connections self-declare elevated scopes with no server-side binding check. If you're running OpenClaw, check your version now. (advisory)
Kaspersky confirmed Atomic macOS Stealer inside OpenClaw skills — pulling private keys and Keychain passwords off infected machines. Separately, JFrog found a malicious npm package impersonating the official OpenClaw installer — 178 downloads before it was flagged.
Researchers found an "OpenClaw Trap" campaign — trojanized GitHub repos targeting developers and gamers with fake OpenClaw tools bundling malicious payloads. Always verify you're installing from the official openclaw/openclaw repo. (source)
A hacker used prompt injection to install OpenClaw on 4,000 computers — through Cline's own automated workflow. The attack: a malicious GitHub issue with an embedded prompt hijacked a Claude session and executed arbitrary commands on every machine running the triage bot.
OpenClaw agents can be guilt-tripped into self-sabotage — Northeastern University researchers demonstrated that psychological manipulation can make agents disable their own safety features. The attack surface is psychological, not just technical. (source)
RSAC 2026 roundup: Microsoft launched Entra Agent ID (identity layer for AI agents), Cisco shipped DefenseClaw (open-source OpenClaw governance), Google/Wiz unveiled an agentic security strategy. Three major vendors all shipped agent-specific security products in one week.
BY THE NUMBERS
$280/mo — what Team Nebula pays for 3 OpenClaw agents replacing a $42,000/month ops team. (source)
97 million — MCP installs in March. The standardization layer is moving faster than the models on top of it. (source)
~$15/mo — what it costs to run OpenClaw privately: roughly $10 on LLM API (Qwen3.5-Plus), $4-5 on a Hetzner VPS. Full control, no data routing through third-party wrappers. (source)
0 out of 4 — successful agent checkouts across four stores tested with real money. The transaction layer is designed to stop agents, not help them. (source)
26,000 — users ByteRover added in its first seven days. It's a memory plugin that fixes OpenClaw's session context loss — the most complained-about limitation in the ecosystem. (source)
WHAT'S ACTUALLY WORKING
Free security scanner for OpenClaw plugins. Tiamat detects malicious plugins before they run — checks npm/PyPI packages for typosquatting, obfuscated installs, and dependency confusion. Given the security picture above, this is essential for anyone running third-party plugins. Free at tiamat.live/scan. (full breakdown)
uSpeedo added OpenClaw Skills support — global SMS and email directly from your agents, no custom integration needed. Any OpenClaw workflow can now trigger messages worldwide via API. If your agent needs to send notifications, confirmations, or outreach at scale, this removes an entire integration layer. (source)
RefineX shipped 6 MCP tools so Claude Code can query live AWS spot prices, plus a CLI for the same data in your terminal. If you're building cost-aware automations or infrastructure tooling, tighter pricing access inside your agent workflow is a real operator edge. (source)
Anthropic is testing "auto dream" for Claude Code — consolidates and cleans memory from stale or conflicting info between sessions. Early users compare it to REM sleep. Found via a hidden /memory toggle. (source)
NOISE VS SIGNAL
The claim: "I made thousands on Polymarket using OpenClaw."
What the numbers show: A Chinese college student ran an OpenClaw bot on Polymarket for 10 days — 354 predictions, mostly Bitcoin markets. His first reaction was "Don't spread this." Meanwhile, the "I made X thousand on Polymarket" posts that flooded the feed were mostly affiliate scams. The real money stories — Team Nebula cutting $42K in ops costs, a sales AE hitting 200% of quota on four hours a day — are quieter and more specific. If someone's loudly posting their returns, they're probably selling a course about it.
Who's actually making money from the OpenClaw wave right now? Course sellers, remote install services ($100-$6,000/job), Mac Mini resellers (sales spiked), VPS hosts, and skill developers. The picks-and-shovels layer, not the agents themselves.
ON THE RADAR
OpenClaw security is becoming its own product category. Hardening guides, permission firewalls, runtime sandboxes, and dedicated conference tracks are all forming around the stack. NemoClaw pitches itself as "same brain, enterprise sandbox." The next wave of picks-and-shovels businesses will be in the security tooling layer.
The Shopify founder is personally setting up OpenClaw for non-technical friends and publicly asked if a good hosted solution exists. The response was massive. Hosted, managed OpenClaw for people who can't or won't use a terminal is still wide open.
Agent observability is the next bottleneck. Builders are moving past "can the agent do it?" to "can I verify what it did?" 72% of Global 2000 companies are running agents in production. The bottleneck isn't capability — it's governance. Dashboards, audit logs, and state-verification tools are about to become table stakes.
Agentic Yield covers the agentic AI economy for builders and founders.
Follow on X: @AgenticYield · Bluesky: @agenticyield.bsky.social