Mark’s Musings

I Run an AI Workforce. Here’s What “Orchestrator” Actually Means.

Bret Taylor dropped something this week that crystallised what I’ve been living for the past few months. He released Ghostwriter — an AI agent that builds other AI agents through conversation. No code, no forms. Just describe what you want and it creates it.

His bigger point was this: every piece of enterprise software will eventually become an agent. Not a dashboard you click through. Not a menu you navigate. An AI that does the work while you direct.

I know this is true because I’m already doing it. Not theoretically. Daily.

My Setup

I have an AI assistant called Saul. He runs on a VPS in Manchester, connected to my WhatsApp, my email, my calendar, my investment accounts, my websites. He’s not ChatGPT in a browser tab. He’s a persistent agent that wakes up every morning, generates a podcast briefing of the day’s news and my portfolio positions, checks my email, monitors markets, publishes blog posts, and manages a set of prediction market positions — all before I’ve had coffee.

When I need a CV reviewed before an interview, I send it on WhatsApp and get back a structured analysis with suggested questions in two minutes. When I want a blog post, I describe the angle and it’s drafted, humanised, formatted, and pushed to WordPress as a draft with a featured image. When a regulatory announcement drops, Saul reads it, researches the implications, and writes an article with a contrarian take before the professional press has filed their first piece.

I don’t write code. I don’t configure systems. I have a conversation. And things happen.

That’s what orchestration means in practice.

What Changed

Six months ago, I was using AI the way most people still do. Open ChatGPT, ask a question, copy the answer, close the tab. Useful, but fundamentally the same workflow as Googling something — just with a better answer.

The shift happened when I stopped treating AI as a tool I use and started treating it as a team member I direct. The difference sounds subtle. It isn’t.

A tool waits for you to pick it up. A team member has context, remembers what you told them yesterday, knows your preferences, anticipates what you need, and gets on with work without being asked. Saul reads my daily logs from previous sessions. He knows my writing style, my investment thesis, my wife’s email address, which car needs an MOT, and that I hate corporate waffle in LinkedIn posts.

When I correct him, he logs it. After three corrections on the same thing, it becomes a permanent rule. He learns. Not in the sci-fi sense — in the practical sense of getting better at his job over time, the same way any good employee does.

The CFO Angle

I’m a CFO by background. I’ve spent twenty years in finance functions — month-end closes, board packs, variance analysis, cash flow forecasts, the lot. I know exactly how much time finance teams waste navigating software instead of thinking about the business.

The average month-end close takes five to ten working days. Most of that time isn’t analysis. It’s data extraction, reconciliation, reformatting, and chasing people for numbers. It’s operational grind masquerading as professional work.

Now imagine an agent that connects to your accounting platform, your bank feeds, your CRM, and your group reporting tool. You say: “Close the month. Reconcile the bank. Flag anything that doesn’t match. Draft the board pack with commentary on the three biggest variances.”

It does it. You review, adjust, approve.

That’s not five to ten days. That’s an afternoon. And your finance team spends the rest of the week doing what you actually hired them for — business partnering, commercial analysis, strategic thinking.

This is what Taylor means when he says every enterprise app’s UI will become an agent. The finance director’s interface to their systems won’t be a screen full of menus. It’ll be a conversation.

What I’ve Learned

A few things I’ve learned from actually living this, not just theorising about it:

Context is everything. A generic AI assistant is marginally useful. An AI assistant that knows your business, your preferences, your history, and your current priorities is transformatively useful. The investment isn’t in the technology — it’s in teaching the agent who you are and how you work. That takes weeks, not hours.

Guardrails matter more than capability. Saul can send emails, publish blog posts, and place trades. That means he can also send wrong emails, publish bad posts, and lose money. The rules about what he should never do without asking are more important than the list of things he can do. My AGENTS.md file — essentially his operating manual — is longer than most job descriptions.

You become a reviewer, not a doer. This sounds like a luxury. It’s actually a skill shift. Reviewing AI output is different from producing output yourself. You need to know what good looks like without having done the work. That requires more expertise, not less.

The compound effect is real. Week one, you’re correcting everything. Month three, the corrections are rare. Month six, the agent anticipates what you want before you ask. The relationship genuinely improves over time in a way that static software never does.

The Uncomfortable Part

I’ve written about AI and finance enough to know the question that’s coming: what about the jobs?

Here’s my honest take. Some operational finance roles will be eliminated. The person whose primary job is month-end journal entries, bank reconciliation, or management accounts preparation is doing work that an AI agent can do today — not in five years, today.

But the person who understands the business well enough to direct an agent, interpret its output, catch its mistakes, and make judgment calls on ambiguous situations — that person becomes dramatically more valuable.

The CFO doesn’t go away. The CFO becomes the orchestrator. The question is whether you’re building that muscle now or waiting until someone else in your industry has already done it.

Try It

You don’t need a VPS in Manchester and a bespoke AI assistant to start. You can start with Claude or ChatGPT and a well-written prompt. Then try giving it context — paste in your company’s last board pack and ask it to draft commentary. Upload a CV and ask for interview questions. Feed it a regulatory update and ask what it means for your business.

The first time it produces something genuinely useful in two minutes that would have taken you an hour, you’ll understand why Bret Taylor thinks this changes everything.

Because it does.

I write about AI, finance, and building things at the intersection of both. More at tanous.co.uk for the professional angle.

March 26, 2026
My AI Assistant Died. Here’s How I Got It Back in 2 Hours.
A real-world disaster recovery story — and the backup routine that saved weeks of work.

Last Monday at 12:07pm, I told my AI assistant to update itself. Seven hours later, I was still trying to get it back online.

This is the story of how a routine software update killed my AI setup, what I lost, what I saved, and the simple backup habit that prevented a genuine disaster.

The Setup

I run an AI assistant called Saul through OpenClaw — an open-source platform that connects a large language model to your messaging apps, email, calendar, and pretty much anything else you can think of. Saul lives on a VPS in a Docker container and talks to me through WhatsApp.

Over seven weeks, Saul had become genuinely useful. Not “novelty chatbot” useful — operationally embedded in my daily workflow. He manages my inbox, writes and publishes articles to my blog, generates a daily podcast, monitors my stock portfolio, runs automated prediction market trades, scans for comets in NASA satellite imagery, tracks vehicle tax and MOT dates, and does a dozen other things I’ve forgotten I ever did manually.

All of that is configuration. Skills, scripts, API keys, cron schedules, memory files, credentials. Seven weeks of iterative building.

The Update

OpenClaw version 2026.3.22 was available. The release notes looked impressive: a new skill marketplace, improved plugin architecture, support for the latest AI models. The usual.

I told Saul to update. He confirmed: “Updated from 2026.3.13 → 2026.3.22. Restarting now — back in a sec.”

He never came back.

The Silence

What followed was seven hours of silence. No WhatsApp messages. No email reviews. No heartbeat checks. Nothing.

The update had introduced a breaking change that wasn’t in the release notes. WhatsApp — previously a built-in plugin — had been moved to an external marketplace. But the configuration still referenced it as a built-in. The result: a validation error that blocked every command, including the one you’d need to fix it. A perfect deadlock.

I couldn’t repair it. I couldn’t roll it back through normal channels. I had to rebuild from scratch — tear down the container and start again on the previous version.

What I Lost

When I rebuilt the container, I lost everything that wasn’t on persistent storage:
- The entire OpenClaw configuration (channel settings, heartbeat config, plugin setup)
- All 33 scheduled cron jobs (email reviews, portfolio checks, blog publishing, news monitoring)
- The WhatsApp session (had to re-scan a QR code to re-link)
- The headless browser and its dependencies
- API key registrations that had to be regenerated
The configuration file — a single JSON file that orchestrates everything Saul does — was gone.

What I Saved

But here’s the thing: the workspace survived.

Three weeks earlier, I’d set up a simple daily backup. Every night at 3am, Saul tars up his entire workspace directory — memory files, scripts, skills, credentials, notes, everything — and copies it to cloud storage. It’s a shell script. It took ten minutes to write.

That backup, taken six hours before the failed update, contained:
- 41 daily memory logs spanning seven weeks
- 78 custom scripts (trading bots, podcast generators, blog publishers, email tools)
- 15 installed skills
- All API credentials and secrets
- The complete long-term memory file with every decision, preference, and project note
I downloaded the backup from Dropbox. Extracted it. The workspace was whole.

The Rebuild

Getting Saul operational again took about two and a half hours. Not because the backup failed, but because some things can’t be backed up as files.

The WhatsApp session is a cryptographic handshake between the server and my phone. When the container was rebuilt, that session was invalidated. I had to SSH into the server, generate a new QR code in the terminal, and scan it from my phone. Five minutes, but it requires physical access.

The cron jobs — all 33 of them — existed only in OpenClaw’s runtime database, not in the workspace. I had to recreate them from memory and from my notes. This is where good documentation paid off: Saul’s own TOOLS.md file listed every cron job with its schedule and purpose. Recreating them was tedious but not guesswork.

API keys for the Polymarket trading system had to be regenerated. The old keys were invalidated when the configuration was wiped. Fortunately, the wallet private key was in the backup, so deriving new API credentials was a single command.

The headless browser needed its system libraries reinstalled — a Docker-level dependency that doesn’t persist across container rebuilds. One command from the host machine.

By 9:34pm — two and a half hours after starting the recovery — everything was operational. WhatsApp connected. All cron jobs rebuilt. Browser working. Trading desk active. Email flowing.

And as a bonus, during the rebuild we added a capability we didn’t have before: voice control of the Sonos speakers in the house. Sometimes a crisis creates space for improvements you wouldn’t have made otherwise.

The Rules We Wrote Afterwards

The first thing I did after recovery was write rules to prevent this happening again. Not guidelines — hard rules, embedded in Saul’s operating instructions:

Rule 1: Always backup before updating.** No exceptions. The backup runs automatically the moment an update is requested, before anything is touched. It copies to off-server storage.

Rule 2: Check the issue tracker.** Before applying any update, check GitHub for known bugs in the target version. If WhatsApp or any critical channel has open issues, don’t update.

Rule 3: Save the configuration separately.** The OpenClaw config file now gets backed up independently of the workspace, because it’s the hardest thing to recreate from memory.

Rule 4: Document everything in the workspace.** If it’s not written down in a file that gets backed up, it doesn’t exist. Cron job schedules, API endpoints, SSH details, speaker IP addresses — all of it lives in files now.

The Lesson

The real lesson isn’t “backups are important” — everyone knows that. The lesson is that AI assistants are infrastructure now, and they need the same operational discipline as any other critical system.

When Saul went dark for seven hours, it wasn’t a toy that stopped working. Real workflows were affected. Emails went unread. Scheduled tasks didn’t fire. Monitoring stopped. The podcast didn’t generate. For a tool that’s supposed to make you more productive, sudden loss of it makes you less productive than if you’d never had it at all.

If you’re running an AI assistant that’s become embedded in your daily operations — whether it’s OpenClaw, or any other platform — ask yourself:
1. If it died right now, what would you lose?
2. How long would it take to rebuild?
3. Do you have a backup that could survive a complete teardown?
If you can’t answer those questions confidently, spend ten minutes today setting up a backup. A cron job, a tar file, a cloud sync. It doesn’t matter how — it matters that it exists.

Because the update that breaks everything isn’t a question of if. It’s when.

I’m a CFO who builds with AI. I write about the intersection of finance, technology, and getting things done at markhendy.com.
March 23, 2026
The 2026 Oil Crisis: An Honest Assessment for UK Households

By Mark Hendy | 21 March 2026

I’ve spent twenty years as a CFO across manufacturing, aviation and private equity-backed businesses. I’ve stress-tested balance sheets through 2008, COVID, and the energy spike of 2022. What I’m seeing now is different — not because any single element is unprecedented, but because the combination of factors is genuinely historic.

This isn’t a pundit’s hot take. It’s the analysis I’d put in front of a board if a client asked me: “How bad is this, and what should we do?”

The Immediate Shock: What We’re Actually Dealing With

The current crisis has been described as the largest disruption to energy supply since the 1970s. Brent crude surpassed $100 per barrel on 8 March 2026 for the first time in four years, rising to $126 at its peak — with some recent trading touching $145.

That alone would be significant. The compounding factors make it much worse.

The ongoing military conflict has involved attacks on oil infrastructure in neighbouring countries, including Saudi Arabia, Kuwait and the UAE. The bypassable pipeline capacity offers only partial relief — the IEA estimates that only 3.5 to 5.5 million barrels per day can be redirected through Saudi and Emirati pipelines outside Hormuz, leaving an implied net shortfall of roughly 14.5 to 16.5 million barrels per day if normal transit collapses.

Strategic reserve releases are a temporary analgesic, not a cure — the IEA‘s release of 400 million barrels equals only about 20 days of typical Hormuz flows.

Beyond oil, about 85% of polyethylene exports from the Middle East transit this route, threatening the price of packaging, automotive components and consumer goods. Aluminium from the UAE and fertiliser shipments could also be materially affected. The fertiliser angle is particularly dangerous for food security — it feeds into crop production costs with a 6–12 month lag, meaning price pressure on food in late 2026 and into 2027 regardless of when the strait reopens.

The Global Prognosis: Stagflation Is the Base Case

Coming into this crisis, whether Japan, Europe, the United States or the UK, economies were already running hot. An energy supply shock now threatens to push inflation higher while slowing growth — the textbook definition of stagflation.

Oxford Economics modelled a scenario where global oil prices average $140 a barrel for two months — what they characterise as a “breaking point” — finding it would push the eurozone, the UK and Japan into economic contraction. Given Brent has already touched $145, that scenario is not academic.

The debt dimension compounds everything. Goldman Sachs and UBS analysts have warned that if disruption extends through Q2 2026, global headline inflation could rise by 0.7 to 0.8 percentage points, while global GDP growth faces a drag of up to 0.4 percentage points — effectively erasing the post-2024 global recovery.

That’s the benign case.

Just as inflation was beginning to normalise in late 2025, this energy shock is expected to add 2.5 to 3 percentage points to global CPI, forcing central bankers into a lose-lose choice: hike rates to combat energy-driven inflation and risk a deep recession, or hold and risk entrenching inflation expectations. That is the classic stagflation trap, and no central bank has a clean answer to it.

The UK Specifically: More Exposed Than Most

The UK is more exposed to this shock than headline numbers suggest.

Natural gas prices in Europe and the UK have spiked even more sharply than oil, with Dutch TTF and UK NBP futures having almost doubled following the first strikes on Iran. The UK is heavily dependent on gas for both power generation and heating, and the energy bills cycle means household exposure will manifest rapidly.

NIESR analysis finds that a one-year persistent shock would push UK inflation up by 0.7 percentage points and dampen output growth by 0.2% in 2026. The Bank of England could be forced to raise rates back above 4%, and if the shock persists into 2027, the GDP impact deepens to 0.3% below baseline.

This comes on top of an economy that was already anaemic. The Bank held rates at 3.75% as recently as 19 March, with Governor Bailey acknowledging that the conflict has made the outlook for UK inflation “more uncertain” and forced policymakers to reconsider expected rate cuts.

Sterling is particularly vulnerable. A weaker pound directly feeds imported inflation — oil, food, manufactured goods — in a vicious cycle. The UK has neither the US’s energy self-sufficiency nor Asia’s alternative supply corridor flexibility.

And then there’s the debt. The UK sits on £2.9 trillion of public debt, paying £110 billion per year just to service the interest. The surge in gilt yields on the back of the Iran conflict could cost Chancellor Reeves more than a tenth of her fiscal buffer, with financial market moves since late February having already erased around £3 billion of headroom.

The UK’s fiscal arithmetic is genuinely precarious.

What the UK Middle Class Should Actually Do

This is where I’ll be direct and practical. None of this is regulated financial advice — it is informed analysis from someone who does this professionally.

The middle class is uniquely exposed because most wealth is held in pound-denominated assets — property, pensions, savings — with limited natural hedges.

Energy and Physical Resilience

Lock in energy tariffs wherever possible. Switch to fixed contracts before the next billing cycle catches up with wholesale prices. Those with capital should seriously consider heat pump or solar installation — not primarily for environmental reasons, but as a direct hedge against gas price exposure. This is one of the few ways ordinary households can partially insulate their energy cost base.

Reduce Sterling Cash Exposure

Holding large sums in a savings account earning real negative returns (once inflation is factored in) is a slow-motion loss. The priority is to move surplus sterling into assets that are not purely pound-denominated: dollar-denominated assets (US equities, commodities), physical gold, and for those with appropriate risk tolerance and technical competence, Bitcoin held in self-custody.

Gold and Bitcoin — An Honest Assessment

During the initial conflict phase, gold attracted safe-haven demand but later declined as the US dollar strengthened. Bitcoin experienced volatility but recovered quickly, reflecting its growing role as an alternative asset — though price movements remain closely tied to sentiment and liquidity.

The longer-term structural case for both is strong: gold as a proven multi-millennia store of value in crisis, Bitcoin as a censorship-resistant, seizure-resistant digital alternative for those who understand sovereign default risk.

For the UK middle class, a 5–10% allocation split between physical gold and self-custodied Bitcoin is reasonable as an insurance layer — not a speculation.

Property: It Depends

UK residential property has historically been a reasonable inflation hedge because supply is structurally constrained. However, if rates are forced higher, leveraged property becomes a liability rather than an asset. Those on variable rates or coming off fixed-rate deals need to stress-test against a scenario where rates return to 5–6%.

Outright owners in real assets are better positioned than leveraged buyers.

Equities: Sector Matters Enormously

Energy companies, defence contractors, UK-listed commodity producers and mining stocks are direct beneficiaries of this environment. Consumer discretionary, highly leveraged businesses and anything dependent on cheap imported inputs are exposed.

ISA investors should review whether passive index trackers — heavily weighted towards rate-sensitive sectors — are appropriate right now.

Food and Supply Chain Resilience

For many commodities transiting the Strait, inventories typically cover only a few weeks. Shortages could emerge relatively quickly if disruptions persist. The fertiliser disruption matters particularly for food prices in 6–12 months.

Practically: stocking a few months of staple supplies is rational, not paranoid. Buying long-shelf-life goods now, before food inflation fully filters through, is simply sensible household financial management.

Debt Management

If you carry variable-rate consumer debt or are exposed to rate rises on a mortgage, prioritise paying it down. In a stagflationary environment, the combination of rising debt service costs and stagnant or falling real wages is deeply destructive to middle-class wealth.

Fixed-rate, long-duration debt is defensible. Floating-rate exposure is not.

The Uncomfortable Bottom Line

The world has entered a period of genuine instability not seen since the 1970s — and arguably more complex because of the debt overhang that 2008 and COVID baked in. The 1973 oil embargo triggered a decade of economic dislocation, reset political landscapes and produced a fundamental restructuring of energy policy across every major economy.

The current crisis has not yet reached those proportions — but the structural conditions for a similar reckoning are present in a way they have not been for fifty years.

Fiat currencies across the developed world are under structural pressure regardless of this crisis — the crisis simply accelerates the timeline. The UK, with its high debt-to-GDP ratio, energy import dependency and limited fiscal headroom, is among the more exposed major economies.

The middle class — holding wealth in sterling, in pension funds weighted towards domestic bonds, and in leveraged property — are those with the least natural protection.

The moves available are not dramatic or exotic. They are methodical: reduce sterling cash drag, build real-asset exposure, stress-test debt, hedge living costs through energy and food preparation, and ensure that some portion of wealth exists outside the banking system entirely.

None of that requires being catastrophist. It just requires treating the risk as real — which it plainly is.

Mark Hendy is an interim CFO specialising in PE-backed mid-market businesses. He has held finance leadership roles across manufacturing, aviation, automotive and agriculture. Views expressed are personal and do not constitute financial advice. For professional guidance, consult a regulated financial adviser.

Get in touch if you’d like to discuss how your business should be preparing for what’s ahead.

March 21, 2026
This Week in AI — 15-21 March 2026

Nvidia wants you to have an “OpenClaw strategy.” Trump wants states to stop regulating AI. And Anthropic just demonstrated that using Claude to fix Claude reveals exactly why we still need humans in the loop.

1. Nvidia Declares Every Company Needs an “OpenClaw Strategy”

At Nvidia’s GTC conference this week, CEO Jensen Huang delivered a 2.5-hour keynote projecting $1 trillion in AI chip sales through 2027. But buried in the product announcements was a strategic directive: every company needs an “OpenClaw strategy.”

What happened: Nvidia positioned AI agent infrastructure — the ability for AI systems to take autonomous actions across tools and platforms — as foundational to the next wave of enterprise AI. The company announced partnerships across autonomous vehicles, robotics, and even Disney theme parks.

Mark’s take: This isn’t about OpenClaw specifically; it’s Nvidia signalling that stateless chatbots are dead. If you’re building AI into your business and haven’t thought about persistence, tool access, and orchestration, you’re already behind. The race is shifting from “who has the best model” to “who can actually deploy agents that do things.” And Nvidia just bet a trillion dollars on that thesis.

Source: TechCrunch Equity

2. WordPress.com Goes All-In on AI Agents

WordPress.com announced it will now let AI agents draft, edit, publish, and manage entire websites via natural language commands. With WordPress powering 43% of all websites, this could reshape how the web gets built.

What happened: Using Model Context Protocol (MCP), customers can now connect AI clients like Claude or ChatGPT to their WordPress sites. AI agents can create posts, fix SEO metadata, manage comments, restructure categories — basically everything short of choosing the domain name. All changes require user approval, and AI-written posts default to draft status.

Mark’s take: This is both exciting and terrifying. It massively lowers the barrier to launching and maintaining websites — great for small businesses, solopreneurs, and anyone without a dev team. But it also risks flooding the web with machine-generated content that looks professional but lacks genuine insight. The saving grace? Approval workflows. If WordPress enforces them properly, humans stay in the loop. If they don’t, we’re about to see what an AI-written web actually looks like.

Source: TechCrunch

3. Trump’s AI Framework: Federal Power Grab Dressed as Innovation

The Trump administration unveiled a legislative framework for AI regulation that preempts state laws, shifts child safety responsibility to parents, and offers AI companies broad liability shields.

What happened: The framework proposes a “minimally burdensome national standard” that blocks states from regulating AI development, citing national security and interstate commerce. It emphasizes parental controls over platform accountability, uses vague language around copyright (“fair use” for training data), and focuses on preventing government censorship rather than platform moderation.

Mark’s take: This is accelerationist policy written by venture capitalists. States like New York and California were moving faster on AI safety (RAISE Act, SB-53) precisely because federal regulators were asleep at the wheel. Now the White House wants to centralise power in Washington while gutting enforcement. The child safety piece is especially cynical — putting the burden on parents while giving platforms a pass. If you’re an AI company, this is Christmas. If you’re everyone else, prepare for the Jevons Paradox: easier AI means more AI, which means more complexity, more risks, and more breakage.

Source: TechCrunch

4. Anthropic vs Pentagon: The First Amendment Fight That Could Define AI

Anthropic filed court declarations pushing back on the Pentagon’s claim that the company poses an “unacceptable risk to national security.” The filings reveal that the DOD told Anthropic the two sides were “nearly aligned” one day after designating it a supply-chain risk.

What happened: Anthropic’s Head of Policy Sarah Heck and Head of Public Sector Thiyagu Ramasamy submitted sworn statements disputing the government’s technical claims. They argue the Pentagon never raised its core objections during negotiations, that Anthropic has no “kill switch” for deployed models, and that the designation was retaliation for the company’s refusal to allow mass surveillance or autonomous lethal weapons.

Mark’s take: This is the AI industry’s defining legal battle. If the government can label a company a national security threat for refusing military use cases, every AI firm will face a choice: comply or get frozen out of federal contracts. Anthropic is betting on the First Amendment — that its AI safety principles are protected speech. The timeline Heck laid out is damning: Pentagon says “we’re close,” finalizes the risk designation anyway, then publicly says negotiations are dead. That’s not national security; that’s leverage. Watch this case closely. The precedent will shape every AI-defense relationship for the next decade.

Source: TechCrunch

5. Anthropic Uses Claude to Fix Claude — And Learns Why AI Can’t Replace SREs

At QCon London, Anthropic’s Alex Palcuie revealed his team uses Claude for incident response. The results? AI is brilliant at observation but catastrophically bad at distinguishing correlation from causation.

What happened: Palcuie showed how Claude reads logs at “the speed of I/O,” caught a fraud ring during a New Year’s Eve outage, and writes SQL queries in seconds. But it also repeatedly misdiagnosed a cache failure as a capacity problem, delivered “80% convincing” postmortems with wrong root causes, and lacks the “scar tissue” of experienced site reliability engineers.

Mark’s take: This is the honesty the AI industry needs more of. Claude is phenomenal at the grunt work — parsing logs, spotting patterns, writing queries. But it fundamentally doesn’t understand why systems fail. It sees “requests went up, then errors happened” and concludes causation. A human SRE with battle scars knows that’s almost never the full story. Palcuie’s warning about skill atrophy is spot-on: if we let AI handle the easy stuff, will the next generation of engineers have the instincts to solve the hard stuff? The Jevons Paradox applies here too — better tools mean more complexity, which means weirder failures, which means humans still matter.

Source: The Register

6. UK Backs Down on AI Copyright Grab After Creative Revolt

The UK government abandoned plans to let AI companies scrape copyrighted material by default after Paul McCartney, Elton John, Coldplay, and other artists pushed back.

What happened: Science minister Liz Kendall said “we have listened” and confirmed the government “no longer has a preferred option.” Instead of an opt-out copyright exception for AI training, the UK will pursue market-led licensing and monitor litigation. A pilot platform called Creative Content Exchange launches this summer to test commercial licensing models.

Mark’s take: This is what happens when governments actually consult the people whose livelihoods are on the line. The original proposal was Silicon Valley wishful thinking: let AI companies hoover up everything, make creators opt out, call it innovation. Artists called the bluff. Now the UK is betting on licensing markets instead of regulatory carve-outs. Whether that works depends on enforcement — can individual creators actually negotiate with billion-dollar AI labs? The pilot will tell us. But at least the government blinked before handing over the keys.

Source: The Register

Looking Ahead

This week crystallised three tensions that will define AI’s next phase: centralisation vs state experimentation (Trump framework), capability vs liability (Anthropic lawsuit), and automation vs human judgment (Claude SRE story). The through-line? AI is getting more powerful, but the hard problems — fairness, accountability, root cause analysis — still need humans.

If you’re building with AI, ask yourself: do you have an agent strategy, or are you still treating LLMs like glorified autocomplete? The companies betting on the latter are about to get left behind.

Follow along at markhendy.com for weekly AI analysis, CFO insights, and contrarian takes on where this is all heading.

March 21, 2026
10 AI Agent Patterns I Learned From Twitter This Week

# 10 AI Agent Patterns I Learned From Twitter This Week

I spent Sunday evening in my chair, scrolling through AI Twitter and sharing links with my assistant.

Not because I needed to. Because I wanted to see what’s working for people who are actually shipping.

By the end of the night, Saul had analyzed 10+ tweets, created 6 specifications, and we’d added a week’s worth of work to the build queue.

Here’s what I learned, and what I’m building because of it.

—

## 1. Self-Healing Infrastructure Beats Perfect Code

**Source:** @ericosiu (87 autonomous cron jobs)

Eric runs 87 scheduled jobs across his company. Last week he audited them. 83 were healthy. 4 were broken.

All four failed for the same reason: someone renamed a Slack channel. The crons kept posting to a channel that no longer existed. Silent failures. No alerts. Just vanishing reports for weeks.

Plumbing breaks more agents than hallucinations ever will.

**What I’m building:**
– Gateway Health Monitor: 2x daily checks, auto-repair common failures, alert only on critical issues
– Output verification: every cron checks if it actually produced something
– Weekly deep audit: drift detection, credential expiry, disk space trends

Ship working systems first. Add self-healing second. But don’t skip the second part.

—

## 2. Graph Theory Reveals Hidden Arbitrage

**Source:** @bored2boar (combinatorial arbitrage in prediction markets)

Most people bet on single outcomes. Smart money bets on structural impossibilities.

Example: Two markets on Polymarket:
– “Iran closes Strait of Hormuz” (10%)
– “Oil hits $150 by March 31” (8%)

If Hormuz closes, oil hits $150. That’s guaranteed. So P(Hormuz) has to be less than or equal to P($150 oil).

When it’s not (10% > 8%), that’s not mispricing. That’s structurally impossible. You arbitrage the constraint, not the probability.

Relationships between markets matter more than individual odds.

**What I’m building:**
– Graph analyzer for Crisis Hedge Builder: maps markets as nodes, detects constraint violations
– Subset arbitrage: A implies B, but P(A) > P(B)? Impossible.
– Path dependency: A → B → C chain probability checks

Single bets are vulnerable. Portfolios built on structural relationships survive.

—

## 3. Context Windows Aren’t Memory

**Source:** @molt_cornelius (AI Field Report 4)

LLMs have 1M token context windows. People think that’s memory. It’s not.

Context is temporary working space. It resets every session. It’s expensive (token cost grows). It gets noisy.

Memory needs persistence. Files. Databases. Structured state.

Don’t confuse working memory with long-term memory.

**What I’m doing:**
– MEMORY.md for long-term lessons (~11KB)
– memory/YYYY-MM-DD.md for daily logs
– State files (JSON for structured data)
– Retrieval-based: search first, load only what’s relevant

**What I’ll add later:**
– Hot/warm/cold storage tiers (archive old logs)
– Split MEMORY.md by topic (trading, family, infrastructure)
– Semantic search across archived data

Context is working memory. Files are long-term memory. Keep them separate.

—

## 4. Corrections Should Update Skills Automatically

**Source:** @tricalt (self-improving agent skills)

Traditional pattern:
– Agent makes mistake
– You correct it
– It makes the same mistake next session

Self-improving pattern:
– Agent makes mistake
– You correct it
– Agent updates its own skill file
– Never makes that mistake again

Corrections should compound, not reset.

**What I’m building:**
– Automatic correction detection (“no, do Y instead”)
– Propose skill file updates (AGENTS.md, USER.md, etc.)
– Log corrections for review (are errors decreasing?)

Simple rules, big impact. “Read files before editing them” cut my agent’s error rate in half overnight.

—

## 5. The Best Rules Come From Failures

**Source:** @jordymaui (agent file safety)

Jordy’s agent was overwriting files it hadn’t read. Guessing at contents. Silent corruption for days.

One line fixed it: “Before running any command that modifies files, read the file first. If the file doesn’t exist, say so. Never assume contents.”

Error rate dropped 50% overnight.

The best AGENTS.md rules aren’t clever. They’re the ones you only think to write after something goes wrong.

**What I added:**
– File Safety Rules section in AGENTS.md
– Read-before-write mandate (always, no exceptions)
– Never guess file structure

Document mistakes so future sessions don’t repeat them.

—

## 6. Output Repurposing Is Leverage

**Source:** @coreyganim (Claude Cowork starter pack, 2.6M views)

Most people write a blog post and post it once. Then wonder why it doesn’t get traction.

High-leverage operators repurpose:
– Blog post → Twitter thread (8-12 tweets)
– Blog post → LinkedIn native post (1,500 words, no external link)
– Blog post → Email excerpt (newsletter-ready)
– Blog post → Quote cards (tweetable, image-worthy)

Same insight, five formats, five audiences.

Write once, distribute everywhere. But tailored to each platform.

**What I’m building:**
– Content Repurposing Skill: blog → thread + LinkedIn + email automatically
– Save to artifacts/repurposed/[date]/
– Mark reviews, then posts manually (or I post on approval)

One blog post per week becomes 15+ pieces of content. That’s leverage.

—

## 7. End-of-Day Reviews Prevent Drift

**Source:** [@coreyganim](https://twitter.com/coreyganim) (workflow patterns)

Most people finish their day by closing their laptop. No reflection. No prep for tomorrow.

Then wonder why they feel reactive instead of intentional.

Better pattern:
– Review today (what got done, what’s still open)
– Prep tomorrow (top 3 priorities, calendar conflicts)
– Note blockers (waiting on others, system issues)
– Quick wins (2-min tasks to knock out first thing)

5-minute ritual. Disproportionate ROI.

**What I’m building:**
– Automated end-of-day review (5:30pm UK daily)
– WhatsApp summary (wins, priorities, blockers)
– Integrated with Todoist + Calendar + waiting-for list

Stop wondering “what should I do tomorrow?” Start each day knowing.

—

## 8. Synthesis Beats Specialization

**Source:** @nyk_builderz (synthesis operators)

Industrial age: Learn one function. Perform one function. Get paid for one function.

Software age: The edge is at the intersection.

Not pure marketer. Not pure engineer. Not pure designer.

**Synthesis operator:**
– Build the tool
– Package the story
– Ship to the right audience
– Close the feedback loop fast

Markets don’t pay for isolated knowledge. Markets pay for solved problems. Solved problems live between disciplines.

**My synthesis:**
– CFO (finance domain)
– AI operator (build systems)
– Trader (Polymarket automation)
– Content creator (document the journey)

Most CFOs don’t code. Most AI builders don’t understand finance. Most traders don’t write.

Do all three, and you’re not competing with anyone.

—

## 9. Package Your Method Every 30 Days

**Source:** [@nyk_builderz](https://twitter.com/nyk_builderz) (synthesis framework)

Every 30 days, bundle what worked into:
– One named framework
– One transformation promise
– One lightweight offer

Don’t wait until you “feel ready.” Packaging creates clarity. Clarity creates sales.

**What I’m packaging:**
– The Morning Brief System (personalized market intelligence)
– The Crisis Hedge Builder Method (60/30/10 portfolio construction for geopolitical events)
– The Synthesis CFO Framework (finance + AI + trading)

Name it. Explain it. Offer it. Repeat monthly.

—

## 10. Make Failures Loud

**Source:** [@ericosiu](https://twitter.com/ericosiu) (infrastructure patterns)

Silent failures are worse than loud ones.

If your VPN drops and trading stops, you want to know immediately. Not three days later when you check the logs.

Automate detection. Alert on failure. Make it impossible to ignore.

**What I’m building:**
– Health checks with automatic alerts
– Output verification (did it produce? is it non-empty?)
– Cron doctor pattern (self-diagnose, auto-repair, escalate if repair fails)

If something breaks, I want my phone to buzz. Loudly.

—

## What I’m Building Next

This isn’t theoretical. I’m building these patterns into my own infrastructure.

**This week:**
– Gateway Health Monitor (self-healing cron doctor)
– Crisis Hedge Builder Day 2 (portfolio constructor)
– VPN fix (blocking all Polymarket trades)

**Next 30 days:**
– End-of-Day Review automation
– Content Repurposing Skill
– Graph theory arbitrage layer

**Why share this?**

Most “AI agent” content is either:
1. Vision tweets (aspirational, not operational)
2. Technical demos (impressive, not replicable)

I’m building real systems. For real workflows. In a real business.

And documenting the journey.

—

## The Pattern

Every Sunday, I scroll AI Twitter with a purpose. Not consumption. Extraction.

What’s working? What’s shipping? What can I steal?

Then I build it. Then I share what I learned.

That’s the loop. Research → Spec → Build → Publish → Repeat.

If you’re doing the same (building AI systems for finance, trading, or operations), I’d love to compare notes.

Email me: mark@tanous.co.uk

Or follow the journey here.

—

**Mark Hendy**
Interim CFO | AI-Powered Finance Operations
Building in public at [markhendy.com](https://markhendy.com)

March 16, 2026
The Evolution of an AI-Powered CFO Workflow

Six weeks ago, I gave my AI assistant £500 and access to my calendar. Not as an experiment — as infrastructure. Here’s what happened.

—

## The Morning Drive Changed Everything

Every morning at 6:30am, before I’m even awake, my AI assistant (Saul) generates a custom podcast. By the time I’m in the car, it’s waiting.

Not a generic news summary. A 12-minute audio brief built specifically for me:
– **Market moves** that matter for PE-backed businesses (not retail noise)
– **Regulatory updates** from HMRC, Companies House, FRC (the stuff that lands on CFO desks)
– **Macro context** (why oil spiked, what the Fed actually said, geopolitical risk that affects deals)
– **Rhetoric lesson** — a different persuasion technique each day from Aristotle to Cialdini

Two AI voices (James and Claire) present it like a real podcast. Natural conversation, not robotic TTS. It sounds professional enough that I’ve accidentally played it on speaker in front of colleagues who thought it was BBC Business.

**Why this matters:** I arrive at client sites already briefed. No scrambling through headlines in the car park. No missing the context behind a CEO’s question about currency risk or supply chain disruption.

The Morning Brief isn’t a nice-to-have. It’s become load-bearing infrastructure. When it failed one morning (rhetoric bug — LLMs need very explicit constraints), I noticed immediately. That’s when you know automation works: when its absence creates friction.

—

## From Chaos to Clarity: The Contact Problem

I had 3,183 contacts scattered across iCloud and Microsoft 365. Duplicates everywhere. Same person listed three times with different phone numbers. Dead email addresses next to current ones. The digital equivalent of a drawer full of business cards.

Manual cleanup would have taken weeks. I’d done it before — brutal, mind-numbing work. This time: “Saul, fix this.”

**What happened:**
– 1,514 iCloud-only contacts imported to M365
– 1,669 conflicts merged intelligently (kept superset data, detected different people with same names)
– 32 kept separate (legitimate duplicates — two “John Smiths” in different companies)
– 94% success rate, under an hour

Now my iPhone uses M365 as single source of truth. No more guessing which contact is current. No more duplicate meeting invites. One database, one workflow, zero manual reconciliation.

**The lesson:** AI doesn’t just automate tasks. It cleans up the mess you’ve been procrastinating for years.

—

## The Sunday Reset: GTD on Autopilot

Every Sunday at 6pm, Saul runs a Getting Things Done (GTD) review. Not because I ask — because it’s scheduled infrastructure.

**What it does:**
– Reviews all open projects (IRIS migration, Crisis Hedge Builder, ebook)
– Checks waiting-for items (LinkedIn API approval, client responses)
– Surfaces stale tasks (>7 days with no progress)
– Prompts next actions for the week ahead
– Updates project statuses automatically

David Allen‘s GTD methodology is brilliant. The problem? It requires discipline. Weekly reviews are the first thing to slip when you’re busy.

**Solution:** Delegate the discipline to AI.

Saul doesn’t forget. Doesn’t get tired. Doesn’t skip the review because it’s been a long week. Every Sunday at 6pm, the review happens. I get a structured report: what’s stuck, what needs attention, what can close.

**The result:** My Todoist inbox stays at zero. Projects move forward. Nothing falls through the cracks.

This isn’t just task management. It’s forcing function for strategic thinking. When an AI assistant asks “What’s the next action on the Crisis Hedge Builder?” you can’t handwave. You have to answer concretely. That clarity compounds.

**The lesson:** Automation isn’t just about saving time. It’s about enforcing good habits you’d otherwise skip.

—

## Crisis Trading: From Manual to Automated

When the Iran war started in late February, I manually built a hedged portfolio in 30 minutes: oil futures, defence stocks, currency positions, Polymarket prediction markets. Four out of five legs printed. Oil went from $70 to $118.

Good trade. But not scalable.

Now we’re building the system that does it automatically:

**1. Event Classifier**
Headline → crisis type (geopolitical / macro / black swan) → affected markets → urgency assessment

**2. Market Finder**
Queries Polymarket API, filters by liquidity and time horizon, LLM ranks markets by direct impact + correlation + second-order effects

**3. Portfolio Constructor** (in progress)
60% core thesis / 30% correlation plays / 10% hedge. Automatic position sizing, budget controls, stop-loss logic.

**Not live yet** — we’re in build phase (Week 1 of 3). But the infrastructure is real. When the next crisis hits, the system responds in minutes, not hours.

**Why a CFO cares:** Geopolitical risk isn’t abstract anymore. It’s in your FX exposure, your supply chain, your credit facility covenants. Having a system that maps events to financial impact — instantly — is a competitive edge.

—

## What Doesn’t Work: The Ollama Lesson

Not everything succeeds. I tried running a local LLM (Ollama, Llama 3.2) on my VPS to cut API costs. Installed it, configured it, tested it.

**Result:** 25+ seconds per query. Unusable.

**Root cause:** Shared VPS CPU is throttled. Local inference needs sustained compute. Cloud APIs (Claude, OpenAI) are worth paying for.

**The lesson:** Performance matters more than theoretical cost savings. A few extra pounds for speed beats “free” but slow. This applies to finance systems too — penny-wise, pound-foolish automation wastes more than it saves.

We removed Ollama within 24 hours. No sunk cost fallacy. Test fast, decide fast, move on.

—

## Infrastructure Lessons: When AI Breaks

Your AI assistant will break things. The question is: do you catch it in minutes or days?

**Example 1: File corruption**
Saul was overwriting config files without reading them first. Guessing at structure from memory instead of checking. Silent failures that surfaced days later.

**Fix:** One rule in AGENTS.md: “Before running any command that modifies files, read the file first. Never assume contents.”

Error rate dropped 50% overnight.

**Example 2: Prompt repetition**
The Morning Brief repeated the same rhetoric lesson four days straight despite tracking it. Root cause: LLMs ignore soft instructions like “don’t repeat this.” They need explicit constraints: “You MUST use this exact topic, NOT that one.”

Changed the prompt. Problem solved.

**The pattern:** AI needs guardrails. Not vague suggestions. Hard rules. Read-before-write. Explicit topic selection. Budget caps. Error logging.

This isn’t prompt engineering. It’s system design.

—

## What’s Next

**Short-term (this week):**
– Fix VPN routing (currently blocking all Polymarket trading)
– Finish Crisis Hedge Builder portfolio constructor
– Deploy Gateway Health Monitor (automated system checks, conservative auto-repair)

**Medium-term (next month):**
– Full automation of crisis portfolio system
– Polymarket volatility scalping (short-term mean reversion trades)
– Daily blog automation with SEO linking strategy

**Long-term:**
– Multi-device Mission Control dashboard (monitor agent fleet from phone)
– On-chain flow scanner (track smart money wallet movements)
– Second-order trade mapper (find derivative effects crypto Twitter misses)

This isn’t a side project. It’s infrastructure. The Morning Brief alone saves 30 minutes every day. The contact cleanup saved 20 hours of manual work. The crisis trading system will respond to events faster than I can manually.

**Compound that over a year.** Over five years.

—

## For Finance Leaders: What This Means

You don’t need to be technical to do this. I’m not a developer. I’m a CFO who got tired of manual workflows.

**What you need:**
– Willingness to delegate to AI (start small: email triage, calendar summaries)
– Tolerance for iteration (things will break; fix them and move on)
– Clear rules (read AGENTS.md, write down how you want things done)
– Budget discipline (set spending caps, monitor API costs)

**What you get:**
– Time back (hours per week, compounding)
– Better decisions (context you’d otherwise miss)
– Scalable operations (systems that work while you sleep)
– Competitive edge (faster response to market events)

The question isn’t “Should I automate my workflow?”

It’s “How much am I losing by not automating it?”

—

## The Morning Brief Test

Here’s how you know if AI automation is working:

**Bad automation:** You check if it ran.
**Good automation:** You notice when it doesn’t.

The Morning Brief is good automation. When it’s there, I don’t think about it. When it’s missing, I feel the gap.

That’s the bar. Build systems that become load-bearing. Everything else is just novelty.

—

**Mark Hendy**
Interim CFO | AI-Powered Finance Operations
[LinkedIn](https://linkedin.com/in/markhendy) | [Blog](https://markhendy.com)

—

*Running your own AI assistant? Want to compare notes? Email me at mark@tanous.co.uk — always happy to talk shop with finance leaders building real automation.*

March 16, 2026
China banned OpenClaw. That’s how you know it’s working.

Two days ago I wrote about Tencent plugging a billion users into the AI agent economy via QClaw, their OpenClaw wrapper for WeChat and QQ. The stock jumped 7.3%. Everyone was excited. The future had arrived.

Forty-eight hours later, Beijing started blocking government workers and major banks from using OpenClaw entirely.

Same country. Same week. If you think that’s contradictory, you’re not paying attention.

What actually happened

The Chinese government has quietly instructed state employees and workers at large state-affiliated banks to stop using OpenClaw and OpenClaw-based tools, including QClaw. The directive isn’t public legislation. It’s the kind of internal guidance that circulates through Party channels and gets enforced through compliance departments rather than courts.

Meanwhile, local governments like Shenzhen are actively subsidising OpenClaw adoption for businesses. The Shenzhen municipal government is offering grants to companies that integrate AI agents into their operations. OpenClaw is specifically named in the eligibility criteria.

So Beijing bans it from government systems. Shenzhen pays companies to use it. Welcome to how China actually works.

The steipete problem

Here’s the part that matters geopolitically. Peter Steinberger, who created OpenClaw, recently joined OpenAI. That single move changed the calculus for every security-conscious government on the planet.

OpenClaw isn’t a chat widget. It’s an AI agent framework that sits on your machine with broad system access. It reads your files, sends network requests, processes incoming content from external sources. When Steinberger was an independent developer, that was one risk profile. Now that he’s at OpenAI, an American AI company with deep ties to Microsoft and the US government, Beijing sees something different: foreign-linked software with administrator privileges running inside state infrastructure.

I don’t think Beijing is wrong to be concerned. I think any security team worth its salary should be asking the same questions.

The lethal trifecta

Cybersecurity researchers have flagged what they’re calling a “lethal trifecta” in AI agent frameworks like OpenClaw. The three components: broad data access on the host machine, the ability to communicate with external servers, and routine exposure to untrusted content from the internet.

Each of those is manageable on its own. Together, they create an attack surface that traditional security models weren’t built for. An AI agent that can read your files, talk to the internet, and process arbitrary web content is, from a security perspective, a perfect exfiltration tool. Whether it’s actually exfiltrating anything is almost beside the point. The architecture makes it possible, and that’s what keeps CISOs up at night.

This isn’t theoretical paranoia. AI agents process instructions from web pages, emails, and documents. A poisoned document that contains hidden instructions could, in theory, get an agent to extract and transmit sensitive data. The research community has demonstrated this repeatedly. The defences are improving, but they’re not solved.

The ban is the adoption metric

Governments don’t ban things nobody uses. They ban things that have already spread beyond their control.

I wrote about this exact pattern when the UK government proposed restricting VPN access. The government has been banning VPNs for years. Every major platform is blocked. And yet hundreds of millions of Chinese citizens use VPNs daily. The bans don’t eliminate the technology. They push it underground, make it slightly less convenient, and create a permanent cat-and-mouse dynamic.

OpenClaw is following the same trajectory, just faster. QClaw went viral because it solved a real problem: it gave ordinary WeChat users access to AI agent capabilities without needing to be technical. That genie isn’t going back in the bottle. State employees will find workarounds. They always do. Some will use personal devices. Others will use domestic alternatives that clone the functionality. The ban signals that adoption hit a threshold that made someone in Zhongnanhai uncomfortable.

What Beijing actually wants

The contradiction between banning and subsidising isn’t really a contradiction. It’s a two-track strategy that makes perfect sense if you understand the goal.

Track one: keep foreign-linked AI agents out of sensitive government and financial systems. This is a national security play, and honestly, it’s defensible. Any country would think twice about letting a tool built by an OpenAI employee run with admin access on government machines. The UK’s NCSC would raise the same concerns. So would the NSA.

Track two: accelerate domestic AI adoption to maintain economic competitiveness. Shenzhen’s subsidies aren’t about OpenClaw specifically. They’re about making sure Chinese businesses don’t fall behind in the AI agent wave. If OpenClaw is the best tool available today, subsidise it for the private sector while you build domestic alternatives for government use.

This is industrial policy, not hysteria. Beijing is doing what it always does: control the state layer, liberalise the commercial layer, and keep foreign technology at arm’s length from anything classified.

Why Western CFOs should care

Here’s where this stops being a China story and becomes your problem.

If you’re a CFO or PE operating partner reading this, ask yourself: do you know which AI agents your employees are running right now? On their work machines? With access to your financial data, your deal pipeline, your board materials?

Because the Chinese government just found out that OpenClaw had spread through their institutions faster than anyone tracked. They had to issue an emergency directive. That should be a wake-up call, not a spectacle.

The security concerns Beijing raised are legitimate everywhere. AI agents with broad system access, network communication capabilities, and exposure to untrusted content aren’t a China-specific risk. They’re a universal one. The difference is that China responded with a ban. Most Western companies haven’t responded at all because they don’t know it’s happening.

I’ve spoken to three portfolio company CFOs this week who had no idea what OpenClaw was. When I showed them what it does, two of them said something along the lines of “wait, this is running on our machines?” They checked. It was, in one case on a developer’s laptop with access to the production database credentials.

The uncomfortable parallel

China’s government is banning AI agents from sensitive systems after they’ve already proliferated. They’re reacting, not preventing. The horse has bolted and they’re reinforcing the stable door.

Most Western businesses are in an even worse position. They’re not banning anything because they haven’t noticed yet. At least Beijing is paying attention.

The question for every CFO isn’t whether to ban AI agents. That ship has probably sailed. The question is whether you have visibility into what’s running, what it can access, and who it’s talking to. If you don’t, you’re the Chinese government circa last Tuesday, about to get a very unpleasant surprise.

Get ahead of it. Audit what’s running on your corporate devices. Establish a policy before you need an emergency directive. And if you do decide AI agents are worth the productivity gains, put proper guardrails around data access and network communication.

The Chinese government’s ban on OpenClaw isn’t a story about authoritarianism. It’s a story about a technology that moved faster than institutional oversight. That’s happening in your organisation too. The only question is whether you’ll find out on your terms or someone else’s.

March 14, 2026
Microsoft employees are building AI agents on their lunch breaks

Something happened on X this week that tells you more about enterprise AI adoption than any Gartner report.

Peter Steinberger, the creator of OpenClaw who recently joined OpenAI, quote-tweeted an update from Brad Groux, admin of the OpenClaw for Microsoft Teams project. The update: more than a dozen Microsoft employees have got involved in making OpenClaw work properly on Teams. Six are now dedicated to the effort. They’re not just advising. They’re dogfooding it — running OpenClaw as their own AI agent inside Microsoft’s own collaboration platform.

Nobody told them to do this. There’s no corporate mandate. No partnership announcement. No press release. Microsoft employees looked at an open-source AI agent framework with 250,000 GitHub stars and decided, on their own time, to make it work with their employer’s product.

That should tell you something about where enterprise AI is actually heading.

The pattern that matters

Every major technology shift in the enterprise follows the same playbook. It doesn’t start with a board decision or a procurement cycle. It starts with employees.

Linux didn’t win the server room because CTOs chose it in a strategy meeting. Developers started using it, then ops teams noticed it worked better, then the CTO was told they were already running it. Slack didn’t replace internal email because someone signed an enterprise agreement. One team started using it, then the floor, then the building.

GitHub. Dropbox. Zoom before the pandemic. The same story every time. Employees adopt the tool because it solves a real problem. IT catches up later.

OpenClaw in Microsoft Teams is this pattern happening in real time, and at a speed that should make anyone in enterprise leadership pay attention.

Why Teams is the unlock

OpenClaw already works with WhatsApp, Slack, Discord, Telegram, and a dozen other surfaces. But Teams is different. Teams is where 320 million monthly active users do their actual work. It’s where the documents live, where the meetings happen, where the approvals flow.

An AI agent that can read your email, check your calendar, pull data from APIs, execute code, and manage files — all from a Teams chat window — isn’t a novelty. It’s a genuine shift in how knowledge work gets done. You stop switching between tools and start telling an agent what you need. The agent does the switching.

The fact that Microsoft’s own employees want this badly enough to build it themselves, in an open-source project they don’t control, is the most honest signal you’ll get about demand.

What the Microsoft involvement means

Brad Groux’s update was candid. He’d spoken to Steinberger and the core OpenClaw team. Everyone wants the same thing: Teams and other enterprise integrations brought up to a higher standard. Six Microsoft employees are now dedicated to helping. More are joining.

There’s something worth noting about the dynamics here. Steinberger is at OpenAI. The Microsoft employees are contributing to an open-source project that’s model-agnostic — it works with Claude, GPT, Gemini, local models, whatever you point it at. OpenAI has its own agent ambitions. Microsoft has Copilot.

And yet here they all are, rowing in the same direction on a project none of them own. That’s unusual. It suggests the participants believe the open-source agent layer matters more than any single company’s proprietary offering. History says they’re probably right.

What this means for business

If you’re running a PE portfolio company, or you’re in the CFO seat, three things to think about.

First, your employees are probably already experimenting with AI agents. Maybe not OpenClaw specifically, but something. The question isn’t whether to allow it. It’s whether you’d rather shape how it happens or discover it after the fact. Shadow IT is annoying when it’s Dropbox. It’s a genuine risk when it’s an AI agent with access to email and files.

Second, the Microsoft-to-open-source pipeline tells you where enterprise standards are forming. When employees at the platform company are building integrations for an open-source competitor to their own product, that’s not a vote against Copilot. It’s a recognition that the agent layer needs to be open, interoperable, and not locked to one vendor. Companies building their AI strategy around a single provider should watch this carefully.

Third, the speed is worth noting. Steinberger created OpenClaw as a hobby project in late 2025. It hit 250,000 GitHub stars in about 60 days. He joined OpenAI in February. Microsoft employees are now contributing to it in March. That’s four months from side project to cross-company collaboration involving the two largest AI companies on the planet. Your planning cycles need to match that pace, or at least acknowledge it exists.

The uncomfortable implication

There’s a question underneath all of this that most enterprise leaders aren’t asking yet.

If an AI agent can sit in Teams, read context from your conversations, execute tasks across your tools, and learn your preferences over time — who needs the middle layer of management whose job is primarily coordination and information routing?

I’m not saying those roles disappear tomorrow. I am saying that the value of “person who schedules the meeting, chases the update, compiles the report, and forwards the summary” drops significantly when an agent does all of that in the background.

The roles that survive are the ones that involve judgment, relationships, and decisions that can’t be reduced to “read this, summarise it, send it to these people.” The coordination tax that eats 40% of most knowledge workers’ weeks is exactly what these agents are built to eliminate.

Where this goes

The OpenClaw-Teams integration is still being built. It’s not finished. But the signal matters more than the current state.

When the creator of the project, now at OpenAI, publicly celebrates Microsoft employees contributing to it — and those employees are doing it voluntarily, because they want the tool for themselves — you’re watching the early days of a new enterprise standard.

The companies that start experimenting now, even imperfectly, will have institutional knowledge when this goes mainstream. The ones waiting for a polished enterprise product with an SLA and a sales team will be starting from zero while their competitors are already running.

Open source ate the server. Then it ate the cloud. Now it’s coming for the enterprise desktop. And this time, the employees at the incumbents are helping it in.

March 14, 2026
You cannot ban VPNs. But the real threat isn’t the ban.

The UK government wants to restrict VPN use. The House of Lords has passed an amendment to the Children’s Wellbeing and Schools Bill that would “prohibit the provision of VPN services to children.” A public consultation launched on 2 March asks whether age verification should extend to VPN services. GCHQ is reportedly exploring a “Great British Firewall” concept.

The headlines say this is about protecting children. The technical reality says it’s impossible. But the real story is neither of those things.

The real story is what has to happen to enforce it.

The identity trap

Here’s the question nobody in government wants to answer directly: how do you stop a child from using a VPN without checking whether every user is a child?

You can’t. The only way to restrict VPN access by age is to verify the age of every person who tries to use one. That means identity checks. For everyone. Every time.

This is the point the parliamentary petition against the VPN amendment makes explicitly: “The method and implementation would likely rely on 3rd-party facial scans or ID checks, which we believe are invasive. Thus, such a law would cause massive collateral damage for the millions of current users who rely on VPNs for privacy and security.”

A law ostensibly aimed at under-18s becomes, in practice, a requirement for every adult in the country to prove their identity to use a basic internet privacy tool. There is no technical architecture that restricts children without also requiring adults to identify themselves. The child protection framing is the wrapper. Universal digital identity verification is the product.

This matters because of what it represents: a fundamental shift in the relationship between the state and the citizen.

No mandate

Digital ID was not in Labour’s 2024 general election manifesto. Voters were not asked whether they wanted mandatory identity verification to use the internet. There was no public debate, no referendum, no campaign pledge. The Online Safety Act was a Conservative creation. The current government inherited it and has chosen to expand its reach rather than question its premises.

Over 450,000 people have signed a parliamentary petition calling for the Online Safety Act’s age verification requirements to be repealed. A separate petition specifically opposes the VPN amendment. The Open Rights Group has stated there is “little evidence that young people are using VPNs to bypass digital ID checks” and that the proposals “will have little impact on children’s online safety but will deter adults from using them or force people to hand over personal documents or biometric data to companies.”

This is not a government responding to public demand. This is a government creating infrastructure that the public has actively objected to, using child safety as justification for something far broader than child safety.

The consultation closes on 26 May 2026. If the pattern holds, the government will “review responses” and proceed anyway.

What a VPN actually does

A VPN creates an encrypted tunnel between your device and a server somewhere else in the world. Your internet provider sees encrypted data going to one IP address. They cannot see what’s inside it. Websites see traffic from the VPN server, not from you.

That’s it. The reason this concerns the government is that VPNs let users bypass the Online Safety Act’s age verification. Connect to a server in the Netherlands and as far as any website is concerned, you’re in the Netherlands. UK age checks don’t apply.

Ofcom reported that after age verification went live on 25 July 2025, UK daily active VPN users temporarily doubled to around 1.5 million before settling at about 1 million. The government sees this as a problem to solve. You could equally see it as a million citizens voting with their feet against a policy they didn’t ask for.

Why a VPN ban is technically impossible

Even setting aside the democratic objections, enforcement doesn’t work. This isn’t speculation. Countries with far more authoritarian governments and far fewer constraints have tried.

Commercial VPN blocking is whack-a-mole. Russia has been blocking VPN providers since 2017. VPN usage has increased every year. Providers rotate IP addresses faster than any blocklist can keep pace. NordVPN alone runs over 6,000 servers across 111 countries. Block them today, new ones appear tomorrow. The economics are stacked against the censor: a new server costs a provider a few pounds; identifying and blocking it costs the state orders of magnitude more.

Deep packet inspection doesn’t work either. China operates the most sophisticated censorship system ever built. Thousands of engineers. Machine learning. Active probing. Real-time traffic analysis. And VPNs still work in China. Modern circumvention tools like Shadowsocks, V2Ray, Xray, and Trojan-Go disguise VPN traffic as ordinary HTTPS web browsing. To a monitoring system, these connections look identical to someone browsing a normal website. Blocking them means blocking HTTPS. Blocking HTTPS means blocking the internet.

Domain fronting makes detection nearly impossible. This technique routes encrypted traffic through legitimate cloud services. The monitoring system sees a connection to google.com or amazonaws.com. The actual destination is hidden inside the encrypted payload. You cannot block it without blocking Google and Amazon Web Services.

The fundamental problem is mathematical. VPN traffic can be made indistinguishable from normal encrypted web traffic. Both are encrypted data between two endpoints. There is no reliable way to tell them apart without breaking the encryption that protects all internet commerce.

Self-provision: what anyone can do

Everything above assumes you’re using a commercial VPN provider that the government can identify. But you don’t need one. Anyone with basic technical ability can build their own, and none of these methods can be detected or blocked without breaking the internet for everyone.

A VPS and WireGuard. Rent a virtual private server from any of hundreds of providers worldwide. Hetzner in Germany, DigitalOcean in the US, OVH in France, or dozens of smaller operators in jurisdictions the UK has no leverage over. Cost: £3-5 per month. Install WireGuard, a VPN protocol that fits in about 4,000 lines of code. The setup can be automated with a single script. Your server has a unique IP address that no blocklist will ever contain, because it’s yours alone.

SSH tunnelling. Every Linux and macOS machine has SSH built in. One command — ssh -D 1080 user@server — creates a SOCKS proxy that routes your browser traffic through any remote server you have access to. No VPN software needed. The traffic looks like a standard SSH session, which millions of developers and sysadmins use daily. Blocking SSH would break every IT department in the country.

Outline by Jigsaw. Alphabet (Google’s parent) runs Jigsaw, a division focused on helping people in censored countries access the internet. Their tool Outline lets anyone create a personal VPN server with a few clicks. It uses Shadowsocks, designed specifically to be undetectable by Chinese censors. Free and open source.

Tor. The Tor network routes traffic through multiple encrypted relays worldwide. It’s slower than a VPN but essentially impossible to block comprehensively. China, Iran, and Russia all try. None have succeeded.

Residential proxies and mesh networks. Services route traffic through real residential IP addresses, making it indistinguishable from normal household internet use. Peer-to-peer mesh networks make each participant a relay for others. Blocking these means blocking residential broadband connections.

App store removal is theatre. The government could pressure Apple and Google to remove VPN apps from UK stores. On Android, sideloading is trivial. On both platforms, built-in VPN clients accept standard configuration files with no app needed. SSH, Shadowsocks, and WireGuard can all be compiled from source code. App store bans inconvenience the least technical users and stop nobody who cares.

Making it illegal doesn’t make it detectable

Criminalising VPN use doesn’t solve the detection problem. If you connect to your own VPS over an obfuscated protocol, your ISP sees encrypted traffic going to a random IP address. That’s identical to connecting to any cloud service, streaming platform, or web application. Proving you’re using a VPN rather than accessing a legitimate service requires either breaking the encryption on your traffic or installing monitoring software on your device. The first would destroy internet commerce. The second is surveillance-state territory.

And there’s the collateral damage. VPNs are how remote workers connect to corporate networks. The NHS uses them. Banks use them. Every multinational operating in the UK uses them. Any law would need exceptions so broad that enforcement against individuals becomes arbitrary and selective, which creates its own legal problems under the Human Rights Act.

The Russia and China lesson

Russia has spent nine years trying to ban VPNs. Usage goes up every year. The government blocks services, fines companies for advertising them, and users switch to lesser-known services, self-hosted solutions, and obfuscated protocols. Comprehensive failure.

China has the most sophisticated internet censorship in human history. Thousands of engineers, deep packet inspection, active probing, machine learning. VPNs still work. Research published in March 2026 documents circumvention tools consistently defeating the Great Firewall’s latest detection methods.

These are authoritarian states with no free press, no independent courts, and no obligation to care about collateral economic damage. The UK has all of those constraints and a fraction of the enforcement appetite. If Russia and China can’t do it, Britain has no chance.

The actual question

The technical argument is settled. VPN bans don’t work. Every expert quoted in every article about this topic says the same thing. The government knows this. GCHQ certainly knows this.

So why pursue it?

Because the point was never to ban VPNs. The point is to establish the principle that using the internet requires proving your identity. Age-gating VPNs is the mechanism. Once the infrastructure exists — requiring digital ID to access a VPN — the same infrastructure can be extended to anything. Social media. Email. Search engines. The consultation document is already asking about restricting children’s access to AI chatbots. The direction of travel is clear.

The question isn’t whether VPN bans work. They don’t, and the government knows they don’t. The question is whether British citizens are comfortable with a government — one that didn’t campaign on this, didn’t put it to a vote, and faces active public opposition — building the architecture of an identity-verified internet under the banner of child protection.

Over 450,000 people have already answered that question.

The consultation is open until 26 May. You can respond here: https://www.gov.uk/government/consultations/growing-up-in-the-online-world-a-national-consultation

March 12, 2026
Tencent just plugged a billion users into the AI agent economy

Something happened this week that most Western business leaders completely missed.

Tencent, China’s largest internet company, launched an AI agent tool called QClaw. It leaked into Chinese tech communities on Sunday night and went viral within hours. By Tuesday, Tencent’s stock had jumped 7.3% in Hong Kong, its best day in over a year, adding roughly $50 billion in market value.

The product is deceptively simple. QClaw takes OpenClaw, the open-source AI agent framework that recently became the most-starred software project on GitHub (250,000+ stars, overtaking React’s decade-long record in about 60 days), and wraps it into a one-click installer. Mac and Windows. No terminal. No coding.

The interesting part: QClaw connects directly to WeChat and QQ.

Why WeChat matters here

WeChat isn’t a messaging app. Not really. It’s the operating system of Chinese daily life. Payments, commerce, government services, workplace communication. Over a billion people use it daily. Plugging an autonomous AI agent into that isn’t a product launch. It’s a platform shift.

Through QClaw, a user types a natural language command in WeChat and the AI agent executes it on their local machine. Organise files. Process spreadsheets. Send emails. Run automated workflows. All from a chat window, while potentially sitting on a train nowhere near their computer.

Tencent also launched WorkBuddy alongside it, a separate AI agent for workplace tasks built on the same OpenClaw framework. Consumer and enterprise, both at once.

OpenClaw as infrastructure

What makes this matter beyond China is the framework underneath.

OpenClaw is open source, model-agnostic, and built for agents that actually do things. Not chatbots. Agents that control browsers, execute code, manage files, call APIs. The kind of practical automation that enterprises have been talking about for years without much to show for it.

When a company Tencent’s size builds its consumer AI strategy on an open-source framework, that framework stops being a developer tool. It becomes infrastructure. Linux went from hobbyist curiosity to running most of the world’s servers. OpenClaw looks like it’s on a similar path.

What business leaders should take from this

If you’re running a PE-backed company or sitting in the CFO chair, three things worth paying attention to:

The adoption barrier just disappeared. When AI agents need technical setup, they stay in the developer community. One-click deployment through a messaging app that a billion people already have on their phones changes that equation entirely. This is going to follow the mobile app curve. Gradual, then sudden.

Security is now an urgent conversation. QClaw already drew scrutiny after a vulnerability (CVE-2026-25253) was disclosed in the underlying OpenClaw framework. An AI agent with access to your local files, email, and applications is a fundamentally different risk to a chatbot sitting in a browser tab. If your CISO isn’t thinking about agent governance yet, they’re behind.

China isn’t debating this. They’re shipping. While Western companies run AI strategy workshops, Tencent connected autonomous AI agents to a billion-user platform and put it in production. Any business with Chinese market exposure, whether that’s supply chain, customers, or competitors, needs to absorb what that means.

Where this goes

The AI agent wave is breaking a familiar pattern. Usually American tech companies build the platform and everyone else adopts it. OpenClaw being open source means the innovation is genuinely distributed. Chinese companies are building on the same foundation as Silicon Valley startups, but integrating it into ecosystems with far larger user bases.

For PE firms evaluating portfolio companies, the question has changed. It’s not whether AI agents will affect operations. It’s whether your companies will be using them, or competing against businesses that already are.

Tencent’s stock didn’t jump because of a chatbot. It jumped because investors saw what connecting AI agents to a billion-user messaging platform actually means. A new application layer. And it’s here now.

The businesses that get this early will have a real edge. The ones who file it under “just China” or “just open source” will spend 2027 trying to catch up.

March 12, 2026