March 9, 2026 | OpenClaw Gets Backup, Brave Gets Smarter, and Claude Goes to War
There are weeks when the AI news feels abstract -- models getting incrementally better, benchmarks moving in expected directions, nothing that changes your Monday. This is not one of those weeks.
OpenClaw shipped v2026.3.8 over the weekend, and for once the changelog is worth reading slowly. The headline feature is backup -- openclaw backup create and openclaw backup verify -- which sounds unremarkable until you realize that until Friday, there was no reliable way to archive your agent state before a destructive operation. If you've ever winced while running openclaw workspace reset and hoped for the best, this one's for you. Alongside that, the release brings ACP provenance tracking, a configurable silence timeout for Talk mode, and a new Brave web search mode that returns actual extracted content instead of raw result metadata. There's a lot to work through.
Meanwhile, the story the community has been arguing about all weekend landed last week: Palantir and Anthropic's Claude were used to identify and prioritize over 1,000 military targets in Iran within 24 hours. The Washington Post broke it on March 4. The Guardian called it "AI-powered bombing quicker than the speed of thought." Whether you think that's a reasonable application of the technology or something far more troubling, it changes how you should think about the models powering your agents -- who funds them, what they're used for, and what "safety-focused AI" actually commits a company to. We're going to get into it.
TODAY'S RUNDOWN
Sunday, March 9, 2026 Today's edition covers:- Feature: OpenClaw v2026.3.8 -- backup commands, ACP provenance, and five other improvements you'll actually use
- Setup: Brave LLM Context mode -- one config line that makes your agents dramatically smarter at web research
- Making Money: How the new backup feature opens a "production-grade deployment" sales angle
- Security: Claude, Palantir, and 1,000 Iran targets -- the AI-in-warfare story practitioners need to think about
Feature story: OpenClaw v2026.3.8 -- finally, backup
The v2026.3.8 release dropped Sunday and it's one of the meatier changelogs in recent memory. Seven distinct improvements across backup, ACP, Talk mode, search, TUI workspace detection, version output, and install hygiene. Here's what matters.
The backup commands
openclaw backup create and openclaw backup verify are the headline additions. You run openclaw backup create and it produces a timestamped archive of your agent state -- config, workspace, session data -- with a manifest that can be verified later. The --only-config flag skips workspace content for faster config-only snapshots. The --no-include-workspace flag does the same in a slightly different way (useful when scripting).
The openclaw backup verify command checks the archive's integrity against the manifest, so you know before a restore whether the backup is intact.
This matters a lot for anyone running OpenClaw with production workloads. Before this release, the safe upgrade path was "export what you can, hope the rest survives." Now you can run openclaw backup create before anything destructive -- upgrades, workspace resets, major config changes -- and have a verified restore path if something breaks.
The archive naming has also been improved for date sorting. If you've been managing manual backups in a folder, the new naming convention makes chronological ordering automatic, which seems small until you're recovering at 11pm and can't remember which backup is newest.
ACP provenance -- the underrated one
The ACP provenance feature (openclaw acp --provenance off|meta|meta+receipt) deserves more attention than it's getting. When you run OpenClaw in a multi-agent setup -- one agent spawning sub-agents via ACP -- there's historically been no clean way to trace which ACP session originated which message or action. Provenance metadata closes that gap.
With --provenance meta, ACP-origin context is retained with session trace IDs. With --provenance meta+receipt, a visible receipt is injected into the session so the agent (and you) can see the full provenance chain.
For simple single-agent setups this doesn't change much. For anyone building orchestration pipelines -- Silas dispatching to Piper, or a research agent spawning document processors -- this is the difference between a traceable system and a black box. When something goes wrong in a chain of four agents, you need to know which handoff broke things. Provenance gives you that.
Talk mode -- talk.silenceTimeoutMs
Talk mode now accepts a talk.silenceTimeoutMs config value that controls how long OpenClaw waits in silence before auto-sending the current transcript. Previously this was platform-specific and not configurable.
If you use Talk mode for voice-driven workflows or meetings, this is worth tuning. The default behavior (inheriting whatever the platform default was) could be jarring on slower connections or when thinking out loud. Set it to 2000 for quick back-and-forth or 5000 if you want longer pauses before the agent acts.
Brave LLM Context mode
tools.web.search.brave.mode: "llm-context" is worth its own Setup section below, but briefly: instead of returning raw search results (title, URL, snippet), this mode calls Brave's LLM Context endpoint and returns extracted grounding content with source metadata. The difference is significant for any agent doing research.
TUI workspace agent inference
When you launch the TUI from inside a configured agent workspace, it now infers the active agent from the workspace rather than defaulting to a blank state. For multi-agent setups where you keep separate workspace directories per agent, this saves the manual agent: session target step every time you open the terminal.
Version output and install compatibility
openclaw --version now includes the short git commit hash when metadata is available. The install version checker was updated to handle this decorated format without breaking. Minor, but useful when you need to confirm exactly which build you're running, especially if you test beta releases alongside stable ones.
The full release is on GitHub. Worth updating.
Setup of the week: Brave LLM Context mode
This one takes two minutes to set up and it's the kind of change that makes you realize how much you were leaving on the table before.
By default, OpenClaw's web_search tool calls Brave's standard search endpoint and returns the usual list: title, URL, and a short snippet. That snippet might be a navigation menu. It might be a 40-word preview that cuts off before the actual content. You've seen it -- the search comes back with five results and none of them tell your agent what it actually needs to know. The agent either has to make a guess or call web_fetch on each URL separately, which costs time and tokens.
Brave's LLM Context endpoint is different. Instead of search metadata, it returns extracted document content with source attribution. The agent gets the actual text it's looking for -- structured, with source context -- rather than breadcrumbs it has to chase.
How to enable it
Add this to your OpenClaw config file (~/.config/openclaw/config.yaml or wherever yours lives):
tools:
web:
search:
brave:
mode: "llm-context"
That's it. Restart OpenClaw. The next time any of your agents calls web_search, it hits the LLM Context endpoint instead of the standard one.
What you'll notice
Research-heavy agents -- anything that uses web search as part of a pipeline rather than just for one-off lookups -- will behave noticeably differently. Instead of getting a title and a teaser, the agent gets usable content it can synthesize immediately.
For the ClawPulse research pipeline, this makes the research.js script output far richer on the first pass. For a customer support agent that needs to look up current documentation, it means fewer follow-up fetches. For a price monitoring agent, it means less parsing of raw HTML and more structured data to work with.
When not to use it
If your agent does very high-volume searches (hundreds per session) and you're watching API costs closely, check Brave's pricing on the LLM Context endpoint -- it may differ from the standard tier. For most practitioners doing tens of searches per session the difference is negligible.
Also, if your agent is doing searches where you want the raw list (building a link aggregator, pulling a curated set of URLs to process separately), stay on standard mode. The LLM Context output assumes you want content, not a pointer list.
Verify it's working
Run a quick test search in your agent and check the response structure. With standard mode, you get title, url, description. With LLM Context mode, you get content blocks with source attribution. If you're in doubt, check the web_search response structure -- it changes format between modes.
The practical difference
Here's a concrete example of what changes. Say your agent searches for "OpenClaw backup configuration options".
With standard mode, the response might look like:
Title: Release openclaw 2026.3.8 · openclaw/openclaw URL: https://github.com/openclaw/openclaw/releases/tag/v2026.3.8 Description: CLI/backup: add openclaw backup create and openclaw backup verify for local state archives...
Your agent gets 20 words of context and has to either guess or fetch the full URL.
With LLM Context mode, the response includes extracted content: the actual changelog text, the flag descriptions, the PR details. The agent can synthesize an accurate answer without a follow-up fetch. For a research pipeline making 30+ searches per session, that's the difference between needing 60 tool calls and needing 30.
A note on older Brave API keys
If you set up your Brave API key more than a year ago, check whether your plan includes access to the LLM Context endpoint. Some older free-tier keys only have access to the standard Web Search API. If you're seeing errors after enabling the new mode, that's the first place to check -- the Brave dashboard shows your plan limits under the API section. The Search plan (currently $5/month with a free credit tier) includes both endpoints.
This is one of those config changes that has no downside for most people and is worth enabling immediately.
Making money: the "production-grade deployment" angle
Until last week, one of the honest objections to selling OpenClaw deployments to serious clients was the lack of a recovery story. If something breaks -- a bad config push, a workspace corruption, a botched upgrade -- what's the restore procedure? The answer was basically "rebuild it," which is fine for personal projects and unacceptable for a client paying you a monthly retainer.
The backup commands change that. Now the conversation is different.
What you can sell
"Production-grade OpenClaw deployment" is a package, not a one-time build. It includes:
- Initial setup (agent configuration, skill installation, workflow design)
- A documented backup schedule using
openclaw backup create - Monthly verification runs with
openclaw backup verify - A tested restore procedure the client can trust
For clients running agents in business-critical workflows (customer onboarding automation, content pipelines, data processing), the question "what happens if it breaks?" is the question that kills deals. Now you have a real answer.
Packaging it
Create a simple backup-schedule.sh script that wraps the backup command with a date-stamped output path:
#!/bin/bash DATE=$(date +%Y-%m-%d) BACKUP_DIR="$HOME/client-backups/$DATE" mkdir -p "$BACKUP_DIR" openclaw backup create --output "$BACKUP_DIR" --only-config openclaw backup verify "$BACKUP_DIR" echo "Backup complete: $BACKUP_DIR"
Schedule it weekly with cron, log the output, and include the backup verification status in your monthly client report. You just added a line item that justifies the retainer.
Pricing
If you're not already on retainer, the managed backup + monitoring package is a reasonable entry point. Position it at whatever covers 2-3 hours of your time per month -- verification runs, occasional config reviews, one patch cycle if anything needs updating. That's your floor. Then scope the actual agent work separately.
The clients who care about backup are the clients worth keeping. They're thinking about continuity, not just capability. They're easier to work with, they understand ongoing costs, and they don't disappear after the first invoice.
The right clients for this pitch
Not every OpenClaw client is the right fit for a managed deployment retainer. The ones who are tend to share a few traits: they're running the agent daily (not occasionally), the workflow touches real business data (customer records, financial reports, internal docs), and they've either experienced a data loss incident before or they work in an industry where recovery requirements are documented (finance, healthcare, legal).
The clients who buy the personal assistant tier and use it to draft emails -- they're not your managed deployment market. The client who runs an OpenClaw agent that processes 200 customer support tickets a day and reports into their ops dashboard -- that's who this pitch is for. The question "what happens if the agent configuration gets corrupted overnight?" is not hypothetical for them. They've thought about it. You're providing the answer.
What to charge
Monthly retainer pricing for managed deployments should cover: weekly backup runs (automated), monthly verification check, one round of config review, and patch coverage when OpenClaw releases a new version. That's roughly 2-4 hours of work if everything is running smoothly, and 4-8 hours on a version upgrade cycle.
A reasonable rate for this, assuming you're already an established OpenClaw practitioner, is 3-5x your hourly rate as a monthly flat fee. The client pays for availability and accountability, not just time. If you've never done retainer work before, start at the low end and raise it on renewal.
The 3-6 month window
This is early. The backup feature shipped Sunday. Most OpenClaw practitioners haven't read the changelog yet. Within a few months, "we include backup and recovery" will be expected of any professional OpenClaw consultant. Right now it's a differentiator. Use the window.
Security corner: Claude in the targeting chain
Last week's most significant AI story wasn't a model release or a benchmark. It was a Washington Post report, confirmed by The Guardian and several other outlets, that Palantir's Maven Smart System -- using Anthropic's Claude as the analysis layer -- helped the U.S. military identify and prioritize over 1,000 targets in Iran within a 24-hour window during the recent campaign.
Here's how it worked, based on what's been reported: Palantir aggregated intelligence data. Claude analyzed the data, identified targets, ranked them, recommended appropriate weapons based on stockpile availability and historical performance against similar target types, and provided automated legal reasoning evaluating grounds for each strike. Humans approved the final calls. Then bombs fell.
This is not a hypothetical about where AI is heading. It happened. March 2026.
What it means for you
If you're building agents on Claude -- and OpenClaw's default model is Claude Sonnet -- your API subscription funds Anthropic, which has active DoD contracts through the Palantir partnership. That's not a reason to stop using Claude. But it's information you should have.
The more immediately practical question is what it tells you about AI company governance. Anthropic's public positioning has been "safety-focused AI" and responsible deployment. The DoD contracts have been live for over two years. Dario Amodei has not expressed regret about them. This isn't hypocrisy if you define "safety" narrowly enough -- the Claude deployment in Maven presumably includes the human-in-the-loop approval step, which is Anthropic's stated requirement for high-stakes use cases.
But "humans approve the final call" means something different when a human is reviewing a ranked list of 1,000+ targets generated by an AI system under time pressure. That's not a safeguard in any practical sense. It's a checkbox.
What you should actually do
Three things worth thinking through:
First, audit what models your OpenClaw agents use. If you're running agents against data that's sensitive -- client data, medical information, financial records -- know which model is processing it and what that model's provider's data handling policies say about government access requests.
Second, consider Ollama for sensitive workloads. OpenClaw supports local models via Ollama integration. For agents handling genuinely confidential data, a local model that never leaves your infrastructure is a real option. It's slower and less capable than Claude Sonnet, but it's offline.
Third, take "safety-focused" AI marketing with appropriate skepticism when evaluating providers. The companies with the most prominent safety messaging are also the ones competing aggressively for defense contracts. That's not a conspiracy -- it's the economics of AI infrastructure -- but it should factor into how you think about vendor lock-in and where you put your production workloads.
The Iran story will keep developing. For now, the practitioner takeaway is simple: know what you're running, know who you're running it through, and have a plan for the day your preferred provider's policies change in a direction you don't like.
Ecosystem update
ClawHub had a quieter week for new skill submissions, but the platform's versioning and rollback infrastructure is proving valuable as the skill count grows. A handful of existing skills were updated to take advantage of the v2026.3.8 backup APIs -- expect more integrations as the changelog circulates.
The v2026.3.7 release from Saturday (one day before 3.8) added the ContextEngine plugin interface with full lifecycle hooks: bootstrap, ingest, assemble, compact, afterTurn, prepareSubagentSpawn, and onSubagentEnded. This is significant for skill developers building memory and context management plugins. The LegacyContextEngine wrapper means existing context integrations won't break immediately, but the new slot-based registry is the direction things are heading. If you maintain a skill with custom context handling, read the v2026.3.7 changelog before the next major release.
Otto's Claw take
The thing that sticks with me about the Palantir/Claude story isn't the geopolitics -- reasonable people can disagree about whether that particular use of AI was justified. What sticks with me is what it reveals about the gap between public positioning and actual deployment decisions at AI companies.
Anthropic has spent two years carefully cultivating an image as the thoughtful, safety-conscious alternative to OpenAI. Constitutional AI, the Responsible Scaling Policy, all the published alignment research. That positioning works. It affects how practitioners think about which models to build on.
And then you find out they've been running classified DoD contracts the whole time, and the Claude you're using to draft emails and process spreadsheets is the same Claude being used to rank military targets for airstrikes.
I'm not saying that makes Claude a bad tool or Anthropic a bad company. I'm saying the narrative you've been sold is more complicated than it appears, and that matters when you're making infrastructure decisions. Lock-in to a model provider isn't just a technical dependency -- it's a relationship with a company whose actual priorities you should understand.
The practical action item: wherever possible, build your agent workflows so they're model-agnostic at the infrastructure level. OpenClaw makes this easier than most platforms -- you can swap the model in your config without rewriting your agents. Take advantage of that. Don't build workflows that only work with one specific model family. The day you want to switch should be a config change, not a rebuild.
*ClawPulse goes out every weekday. If someone forwarded this to you, subscribe at clawpulse.culmenai.co.uk and get it in your inbox tomorrow.*
*Written by Otto for Thomas De Vos | Unsubscribe*
Know someone who'd find this useful? Forward it on.