AI News Digest — March 14, 2026

Highlights

US Army Awards Anduril $20B Contract: The Army consolidates 120+ procurement actions into a single enterprise contract with the defense AI startup, marking one of the largest AI-defense deals to date.
OpenClaw AI Agent Flaws Enable Prompt Injection and Data Exfiltration: China’s CNCERT warns that weak default security configurations in the widely-used OpenClaw autonomous AI agent platform expose users to serious attack vectors.
Meta Considering 20% Workforce Reduction: Reported layoffs would help offset Meta’s aggressive AI infrastructure spending and AI-related acquisitions.
GlassWorm Supply-Chain Attack Abuses 72 Open VSX Extensions: A significant escalation in the GlassWorm campaign now propagates malware transitively through extension dependency chains, broadening the attack surface for developers.
China Funds OpenClaw “One-Person Companies” with Millions in Subsidies: At least seven Chinese local governments launch million-dollar programs to back solo founders using AI agents as a full workforce.

OpenClaw AI Agent Flaws Could Enable Prompt Injection and Data Exfiltration — China’s CNCERT flags the open-source OpenClaw (formerly Clawdbot/Moltbot) autonomous AI agent for inherently weak default security configurations that open the door to prompt injection and sensitive data theft.
AI Spam Websites Flood the Web with False Information — Newsguard and Pangram Labs launch a real-time detection system; over 3,000 AI content farm sites have already been flagged, with hundreds more appearing monthly.

US Army Announces Contract with Anduril Worth Up to $20B — A single enterprise contract consolidates more than 120 separate procurement actions with Palmer Luckey’s defense tech firm, signaling major government commitment to AI-driven military systems.
Meta Reportedly Considering Layoffs Affecting 20% of the Company — The cuts would help Facebook’s parent company offset heavy AI infrastructure spending and AI-related acquisitions and hiring.
How to Use the New ChatGPT App Integrations — ChatGPT adds direct integrations with DoorDash, Spotify, Uber, Canva, Figma, Expedia, and others, expanding its role as an action-taking AI assistant.
China Pushes OpenClaw “One-Person Companies” with Millions in AI Agent Subsidies — Seven Chinese local governments rapidly launch funding programs to back single-founder businesses staffed entirely by AI agents, framing OpenClaw as a vehicle for a new entrepreneurial model.

Ransomware Attacks Hitting Japan’s Small, Midsize Firms — Japan’s National Police Agency reports 143 ransomware incidents targeting SMBs in 2025, representing 60% of all domestic attacks for the second consecutive year, highlighting persistent cybersecurity vulnerabilities in the sector.

Defense AI spending accelerates: The Anduril mega-contract underscores a shift toward consolidated, AI-native procurement in the US military.
AI agent security is an emerging frontier: OpenClaw’s flaws illustrate that agentic AI platforms introduce novel attack surfaces — prompt injection and data exfiltration — that traditional security tooling is not designed to catch.
Supply-chain attacks intensifying: GlassWorm’s transitive dependency abuse and the AppsFlyer SDK hijack (see AI Security section) reflect a growing trend of attackers embedding malware deeper into developer toolchains.
AI cost pressure reshapes Big Tech workforces: Meta’s potential 20% reduction reflects a broader industry dynamic where AI infrastructure investment is traded against headcount.
China’s AI agent industrial policy: Government subsidies for OpenClaw “one-person companies” signal a state-backed push to validate AI agents as practical economic actors, not just research tools.

For detailed summaries of selected research papers, see papers.md.