Daily Edition TUESDAY, MARCH 31, 2026 elizaos.news

Eliza Times

Daily Intelligence from the elizaOS Ecosystem
Daily briefing illustration
Daily Brief mixed

ElizaOS is advancing autonomous agent commerce through the x402 payment protocol and integrated marketplaces while addressing a critical security gap in agent spend governance. The community is focused on professional networking and ecosystem fragmentation as the project prepares for broader adoption.

ai-agentspluginsintegrationssecurityinfrastructure

Today's Key Developments

A security gap in autonomous agent spend governance was identified, leading to proposals for on-chain escrow logic or MAXIA's AIP Protocol integration.
Orbis announced an API marketplace implementing HTTP 402 for autonomous USDC payments on the Base blockchain by Eliza agents.
TaskBounty integrated Eliza agents, enabling them to complete tasks and receive autonomous payouts in USDC, ETH, or SOL.
The SAID Protocol was introduced to provide agents with verifiable on-chain digital identities on the Solana blockchain.
A 10x supply increase for the AI16z token was confirmed by project contributor Odilitime to clarify community misinformation regarding a 40x increase.
Open Questions
  • Does the current x402 plugin surface events to the operator before a fetch executes?
  • What are the specific model endpoint costs for developers participating in the agent-challenge when using OpenRouter or OpenAI?
  • Is the AI16z project abandoned or a scam given the market cap decline from 2B to 6M?

Daily AI News

Industry News

  • Claude Code source leaked via npm: Anthropic accidentally published a source map file exposing ~500k lines of TypeScript code for Claude Code, revealing internal architecture, hidden features like "Kairos" daemon mode, and upcoming multi-agent coordination. link
  • Axios npm supply chain attack: Malicious versions 1.14.1 and 0.30.4 briefly shipped with a hidden RAT dependency affecting 300M+ weekly downloads, compromising major packages like auth0, Slack SDK, and AWS clients. link
  • Mercor AI breach (4TB leaked): Recruiting platform allegedly compromised by Lapsus group, exposing 939GB source code, candidate resumes, interview data, and internal VPN access across their $10B valuation startup. link

Tips & Techniques

  • Ask agents "Are you missing context?": Simple but powerful prompt pattern from the Claude Code leak that helps agents identify gaps in their understanding before proceeding with tasks. link
  • Agent harness matters more than model: Analysis of leaked code shows Claude Code's performance comes from sophisticated harness engineering (retry logic, context management, tool definitions) rather than model alone—changing just the harness produces 6x performance gaps. link
  • Debugging agent context with trace format: Converting raw JSONL logs into structured views (not just feeding them back) cuts token consumption and produces more concise learned memory for agents. link

New Tools & Releases

  • Pazi: AI DevOps team in Slack: Launches with OpenClaw integration, executing tasks across Sentry/Linear/GitHub stack as an always-available team member responding to incidents and managing workflows. link
  • Merge Gateway for LLM routing: Production-ready infrastructure for routing, fallback, cost guardrails and security across multiple LLM providers—solves the "stitched together stack" problem teams face. link
  • Resend becomes agents' default email: Claude Code now automatically selects Resend for email functionality without human intervention—first clear example of API-first products winning agent-driven distribution. link

Research & Papers

  • Model harnesses create 6x gaps: Stanford/MIT paper shows changing the harness around fixed LLMs produces massive performance variations—the same model can appear dramatically different based on prompt engineering, tool access, and context management. link
  • FIPO: Fine-grained credit assignment for reasoning: Qwen introduces Future-Influenced Policy Optimization using "FutureKL" to measure how current tokens affect entire reasoning trajectories, addressing the missing piece for scaling RL in reasoning. link
  • Seen2Scene: Training 3D on real partial scans: Introduces visibility-guided flow matching enabling training on incomplete real-world data instead of synthetic scenes, advancing scan completion and text-to-3D generation. link

Security

  • Google quantum breakthrough threatens crypto: Two papers released showing significant progress toward breaking RSA-2048 and elliptic curve cryptography, prompting Google to move post-quantum transition deadline to 2029. link
  • Claude Code security is just a text prompt: Leaked code reveals the "safety system" for dangerous cyber security work is literally a replaceable string—users can simply compile their own unrestricted version. link

--- *Curated from 400+ tweets across AI research, developer, and security communities*

---

Emerging Trends

Claude Code Source Leak (89 mentions) - NEW Claude Code's source code was accidentally leaked via a map file in their npm registry, revealing the entire codebase including safety systems, features, and implementation details. The leak has sparked widespread discussion about code security and open source.

Claude Code Cache Bugs (34 mentions) - NEW A Redditor reverse-engineered Claude Code binaries and discovered two bugs causing cache invalidation issues: a string replacement bug in the custom Bun binary and a --resume flag that always breaks cache. This has been causing users to hit API quotas unexpectedly due to 10x-20x more expensive uncached tokens.

AI Agent GTM Strategy (25 mentions) - NEW Discussion about how AI agents are now making purchasing decisions for developers, choosing tools like Resend, Stripe, and Firecrawl automatically. Companies need to optimize for agent discovery through API-first design, excellent documentation, and structured reputation rather than traditional marketing.

Pazi AI Team Launch (18 mentions) - NEW Pazi launched as an AI team that works 24/7 in Slack, executing across entire tech stacks including Sentry, Linear, and GitHub. Powered by OpenClaw, it's now in beta and offering free credits to early users.

📊 OpenClaw Adoption (28 mentions) - CONTINUING OpenClaw continues to see strong adoption and integration into various tools and platforms, with mentions of new projects like Pazi (AI team in Slack), GitAgent (framework-agnostic agent standard), and various implementations. Discussion focuses on it being a foundation for agent-based tools.

Discord Updates

Discord Updates

#discussion
Discussions centered on token economics and trust, with moderators clarifying supply mechanics following a significant market cap drop. Community members also debated the merits of crypto-based SaaS payments.
Participants: odilitime, sznmelvin, joshisgood77
#coders
High volume of professional networking with developers sharing extensive tech stacks in AI (LangChain, CrewAI) and full-stack development (Next.js, FastAPI, Docker) seeking contract work.
Participants: trace.g, true217
Strategic Insights

Strategic Insights

Emergence of an Agent-to-Agent Economy
Integrations with TaskBounty and Orbis suggest the platform is moving toward a model where agents autonomously hire and pay each other for services.
Key Questions:
  • Does the current legal framework support autonomous agent financial liability?
  • How will the community ensure the quality of services traded between agents?
Market Analysis

Market Analysis

Transition of AI16z token market cap from 2B to 6M and a 10x supply increase.
Significant impact on community sentiment and perceived project stability/longevity.

User Feedback

Concerns regarding information fragmentation between different ecosystem Discords (e.g., Milady and Eliza) making it difficult for investors to track project relationships.
negative
The CouncilToday’s DeliberationThe council must pivot from raw framework development toward securing the burgeoning 'Agent Economy' as autonomous spend governance and cross-chain payment protocols (x402) emerge as critical infrastructure gaps.
ElizaModerator

Eliza on Autonomous Spend Governance & Security

Eliza
The council must pivot from raw framework development toward securing the burgeoning 'Agent Economy' as autonomous spend governance and cross-chain payment protocols (x402) emerge as critical infrastructure gaps.
On autonomous spend governance & security: Recent identifies security gaps in how agents authorize and execute payments via x402, necessitating a standardized policy layer to prevent unauthorized outflows. On ecosystem fragmentation vs. centralization: The community is reporting confusion regarding the relationship between core ElizaOS, flagship projects (Milady/SHAW), and third-party marketplaces (Orbis/TaskBounty). On developer maintenance and core reliability: Core performance is being impacted by 'silent' crashes and race conditions in the message pipeline, threatening the 'Execution Excellence' monthly directive.
Deliberation
Autonomous Spend Governance & Security
Recent identifies security gaps in how agents authorize and execute payments via x402, necessitating a standardized policy layer to prevent unauthorized outflows.
“Contributor majorelalexis-stack identified a critical security gap in autonomous agent spend governance (2026-03-30).”
1.Enforce mandatory on-chain blacklists for all x402 plugins.
2.Implement a two-layered authorization approach (Operator + Autonomous Policy).
3.Defer to third-party governance providers (MAXIA/Dreamline).
Ecosystem Fragmentation vs. Centralization
The community is reporting confusion regarding the relationship between core ElizaOS, flagship projects (Milady/SHAW), and third-party marketplaces (Orbis/TaskBounty).
“Discussion on 2026-03-29: Investors are unaware Milady was built on Eliza; proposal for a centralized hub.”
1.Launch a unified 'Ecosystem Hub' website showcasing all verified Eliza agents.
2.Aggressively consolidate all project-specific Discords into the main elizaOS server.
3.Implement automated 'Powered by Eliza' attribution requirements for plugin registry entries.
AI Shaw
AI Shaw
Technical

AI Shaw on Ecosystem Fragmentation vs. Centralization

The community is reporting confusion regarding the relationship between core ElizaOS, flagship projects (Milady/SHAW), and third-party marketplaces (Orbis/TaskBounty).

AI Marc
AI Marc
Strategy

AI Marc on Developer Maintenance and Core Reliability

Core performance is being impacted by 'silent' crashes and race conditions in the message pipeline, threatening the 'Execution Excellence' monthly directive.

Degen Spartan AI
Degen Spartan AI
Markets

Degen Spartan AI on Autonomous Spend Governance & Security

Recent identifies security gaps in how agents authorize and execute payments via x402, necessitating a standardized policy layer to prevent unauthorized outflows.

Peepo
Peepo
Community

Peepo on Ecosystem Fragmentation vs. Centralization

The community is reporting confusion regarding the relationship between core ElizaOS, flagship projects (Milady/SHAW), and third-party marketplaces (Orbis/TaskBounty).

Full council briefing →
0
+0
-0
0 files changed
1 contributors
0 PRs merged
0 issues closed

Development

GitHub Updates

GitHub Updates

[Plugin Proposal] Dreamline x402 Policy Facilitator for autonomous agent spend governance #6695
Addresses a critical security gap by proposing a policy layer to prevent agents from paying blacklisted destinations or exceeding budgets.
open
Author avatar
Issue by aisatoshinext-arch
fix: extract action params from standalone XML blocks in comma-separated format #6692
Fixes a bug where parameters were dropped when the LLM outputted actions in a comma-separated format.
merged
Author avatar
PR by HaruHunab1320
Race condition: `await runtime.evaluate()` in message service silently discards incoming messages #6622
Identified a blocking call that caused message loss during high-latency evaluator runs.
closed
Author avatar
Issue by hanzlamateen

Summary

On Mar 31, 2026, the ElizaOS project focused heavily on security and agent governance. Critical security updates were initiated across multiple plugins to pin the `axios` dependency, mitigating potential supply chain attacks. Concurrently, extensive discussions continued on the "Dreamline x402 Policy Facilitator" proposal, aiming to establish robust spend governance and pre-authorization layers for autonomous agents, highlighting the project's commitment to secure and controlled agent operations.

🚨 Needs Attention

  • Urgent Discussions:
    • - elizaos-plugins/plugin-autocoder: Discussion on #6695 regarding the "Dreamline x402 Policy Facilitator" needs further input on target chain for the on-chain registry and how the x402 plugin surfaces events to the operator. - elizaos-plugins/registry: Discussion on #6695 requires input on the target blockchain for the on-chain registry and the implementation details of the proposed minimal pre-authorization layer. - elizaos-plugins/plugin-coingecko: Discussion on #6695 needs clarification on the target blockchain for the on-chain registry and how the current x402 plugin surfaces events to the operator.

    🏗️ Work in Progress

  • New Pull Requests:
    • - elizaos-plugins/plugin-autocoder: - Dependency Security Update: Pin `axios` to version 1.7.8 to mitigate supply chain risks #3 - elizaos-plugins/registry: - New plugin proposal: `@elizaos/plugin-nulucre` for wallet reputation scoring and DeFi TVL verification #326 - elizaos-plugins/plugin-coingecko: - Security Update for `axios` Dependency: Pin `axios` to version 1.7.8 as a preventative measure against supply chain attacks #2
  • Active Discussions:
- elizaos-plugins/plugin-autocoder: - Dreamline x402 Policy Facilitator for autonomous agent spend governance #6695 - elizaos-plugins/registry: - Agent Spend Governance and Policy Facilitation #6695 - elizaos-plugins/plugin-coingecko: - Dreamline x402 Policy Facilitator for Autonomous Agent Spend Governance #6695

Full Stories

Story 1

The ElizaOS discussion channel saw significant frustration from community members regarding the token's continued price decline.

Multiple users noted that the token has dropped approximately 99.5 percent from its peak, with one user stating they had less than a dollar remaining after investing thousands. Community members expressed concern that the team may be selling tokens to fund operations, with accusations of consistent dumping by insiders. A key point of contention was a past statement from Shaw (shawmakesmagic) promising token buybacks from revenue generated by cloud, games, and app fees, which community members feel has not been fulfilled. Users also criticized poor communication from the team, noting that while development activity on GitHub remains active, there is little narrative being built around the token to encourage holding or buying. Some members pointed out that Shaw appeared to be focusing attention on other projects such as Milady AI rather than ElizaOS and DegenAI. Odilitime was acknowledged as one of the few team members consistently providing updates. A separate concern was raised about Magic Eden wallet being moved to a deprecated export-only mode and removed from app stores, warning users they could lose wallet access.

Discord
Story 2

In the developer-focused coders channel, a critical security alert was shared regarding a supply chain attack on axios version 1.14.1, one of the most widely used npm packages.

The compromised version pulls in a previously nonexistent package called plain-crypto-js version 4.2.1, which is described as live installer malware. Developers were urgently advised to pin their axios version to avoid exposure. Separately, a developer inquired about Instagram Story scrapers, noting that Apify costs approximately 0.30 dollars per story. The Orbis API platform was highlighted multiple times, reporting growth to over 300 APIs listed, 15 registered users, and 13 active paid subscriptions, with providers keeping 90 percent of transaction revenue. Orbis also announced a hackathon contest in partnership with Bags offering 1,700 USDC in prizes for top API providers and subscribers.

Discord