OpenClaw shipped a new version overnight, and this one is worth reading about. Version 2026.4.10, published this morning on GitHub, introduces Active Memory - a new plugin that gives your AI assistant a dedicated memory layer it manages automatically. No more telling it to "remember this." The changelog also includes GPT-5 family model support via a new Codex provider, a major overhaul of the Microsoft Teams integration, a new command-line tool for controlling what your AI can execute, and a long list of security fixes. If you're running OpenClaw in your business, this article walks through what changed in plain English, whether you need to update now, and what the install change is (if any).
Why This Release Is Different From the Usual Maintenance Updates
OpenClaw releases on a rolling schedule, roughly weekly. Most updates are a mix of small fixes and minor feature additions - useful, but not something that changes how you work day to day. 2026.4.10 is different because Active Memory, the headline feature, is the kind of change that alters the daily experience of working with an AI assistant. It's not just a fix. It's a new behavior.
Here's the short version before we go deep: OpenClaw now has an optional memory system that runs automatically in the background during your conversations. It reads what you've told it before, figures out what's relevant to right now, and surfaces that context before it answers you. You don't have to do anything special. You don't have to say "check your memory" or "remember that I prefer X." It does that work for you.
That's genuinely useful for business owners who use OpenClaw every day. Let me explain why.
Active Memory: The Feature That Changes How Your Agent Works
Most memory systems in AI tools today have a basic problem: they're passive. The AI stores information when you tell it to, and retrieves it when you ask for it. But the moment where memory matters most is often the moment before you ask - when the AI is about to give you advice, draft a response, or plan a task and would benefit from knowing your preferences, your clients, your past decisions. By the time you remember to say "oh, and keep in mind that..." the answer is already half-formed.
Active Memory solves this by giving OpenClaw a dedicated memory sub-agent that runs before each main reply in eligible conversations. This sub-agent reads your stored memory, decides what's relevant to the current conversation, and passes that context to the main agent before it responds. It's automatic. It's quiet. And it means your AI assistant comes to every conversation already briefed on what matters.
Think of it like the difference between a new employee and a seasoned one. A new employee answers every question without context - they don't know your clients, your preferences, your quirks. A seasoned employee walks into a meeting already knowing the backstory. Active Memory is how OpenClaw becomes the seasoned employee.
The feature ships with a few configuration options worth knowing about:
- Message mode - includes recent messages in the memory context. Good for fast-moving conversations where you need continuity without interruption.
- Recent mode - pulls in a broader window of recent interactions. Useful if your conversations are spread over multiple sessions.
- Full context mode - does a comprehensive memory scan before each reply. More thorough, but takes slightly longer.
You can also inspect what the memory agent is doing in real time using /verbose, which shows you exactly what it's pulling in. That transparency matters if you're using OpenClaw for client work and need to know what context it's operating on. And if you want to tune the behavior for specific agents you've built, there are prompt and thinking overrides available.
Active Memory is opt-in in this release. You have to enable the plugin. It doesn't activate automatically on update. That's the right call - it's a significant behavior change, and you should set it up deliberately rather than find out it's already running. Official documentation is at docs.openclaw.ai/concepts/active-memory.
GPT-5 and Codex Models Now Work Properly
The second big change in this release is support for GPT-5 family models through a new Codex provider. If you're using OpenClaw with OpenAI models, here's what changed and why it matters.
Previously, if you wanted to use OpenAI's GPT models in OpenClaw, they all went through the same OpenAI provider path. That worked fine for older models, but GPT-5 (and the emerging Codex model family) have different authentication, context threading, and model discovery requirements. OpenClaw was handling them with workarounds.
This release splits things cleanly: codex/gpt-* models now use a dedicated Codex-managed provider with its own auth flow, native thread handling, and model discovery. openai/gpt-* models still go through the standard OpenAI path. If you've been using GPT-4 or similar via OpenClaw, nothing changes for you. If you want to try GPT-5, the path is now properly supported rather than improvised.
For business owners who care about model choice: this is OpenClaw's way of keeping up with where OpenAI's product line is going. The Codex models are OpenAI's direction for agentic and coding workloads. Having a clean integration means your investment in OpenClaw doesn't strand you on older model generations.
Microsoft Teams: A Lot Was Fixed
If your business uses Microsoft Teams and you've been running an OpenClaw bot in your workspace, this section matters. The changelog for Teams in 2026.4.10 is unusually long - which means the previous state of the integration had more gaps than you might have realized.
Here's a plain-English summary of the Teams fixes:
- Media downloads now work properly. Personal DMs, Bot Framework conversations, and OneDrive/SharePoint shared files were failing silently in some configurations. That's fixed. If your team has been sending files to the bot and getting no useful response, this was likely the reason.
- SSO sign-in callbacks are working. Single sign-on flows in Teams were broken in some environments. This is now resolved, which matters if you're deploying OpenClaw for a team and want users to authenticate cleanly without IT intervention.
- Thread replies now land in the right place. One of the stranger bugs: replies from the bot would sometimes appear in the wrong thread. Fixed.
- New message actions added. You can now pin, unpin, mark as read, react, and list reactions directly through OpenClaw in Teams. These are small usability improvements that add up in a busy workspace.
- Scheduled announcements now deliver correctly. If you have scheduled cron jobs that post updates to Teams conversations, those were failing in some configurations. Fixed.
The short version: if you have OpenClaw deployed in Teams, the 2026.4.10 update is a meaningful improvement in reliability. The previous release had accumulated a lot of rough edges in the Teams connector, and this release addresses most of them in one pass.
The Exec Policy Tool: Who Controls What Your AI Can Run
This one is for business owners who have already deployed OpenClaw as an agent in their workflow and need to think about permissions. Version 2026.4.10 adds a new command-line tool: openclaw exec-policy.
When OpenClaw runs commands on your computer or server - whether that's running a script, calling an API, or executing a tool - it uses an approval system to decide what it's allowed to do. That approval system existed before, but managing it was manual and a bit opaque. The new exec-policy command gives you a straightforward way to inspect, set, and sync what's approved.
It has three subcommands:
show- displays the current exec policy so you know exactly what your agent is allowed to runpreset- applies a named policy profile (for example, "restrict to read-only" or "allow standard tools")set- lets you configure specific tool permissions directly
For business owners, this is a governance tool. If you're deploying OpenClaw to handle real business tasks - sending emails, querying databases, updating records - you want to be able to audit and control what it can do without digging through config files. Exec policy is that control surface. Our core concepts guide covers how OpenClaw's permission model works if you want the bigger picture before touching this.
Security Hardening: What It Means for You
The security section of this release is long. In typical developer-release-notes style, it lists dozens of individual fixes with ticket numbers. I'm not going to walk through all of them, but here are the categories that matter for business owners.
Browser security tightening. OpenClaw's browser tool - the one that lets your agent visit web pages and interact with them - got stricter controls on what sites it can navigate to, especially for self-hosted deployments. If your agents are doing web research or form submissions, this tightening is mostly invisible to you. But if you're running a custom deployment and your agents can no longer reach certain internal URLs, this is why: the SSRF (server-side request forgery) defaults got more restrictive. There's a configuration option to allow specific internal ranges if needed.
Exec security hardening. Several fixes in this release prevent scenarios where a plugin or external input could influence what commands OpenClaw runs. If you've set up OpenClaw to execute scripts as part of your workflow, these fixes make that execution more trustworthy. Nothing breaks - the behavior from your end is the same - but the surface area for misuse has been reduced.
Hook and agent security. System events that fire hooks (automated triggers in your OpenClaw setup) are now marked as untrusted, and hook display names are sanitized before being passed to scheduled jobs. This is a subtle fix, but it matters: it closes a path where a malformed event could influence a scheduled task's behavior. If you're using OpenClaw's heartbeat or cron features, this release is a good reason to update.
The practical message: 2026.4.10 is a security-meaningful release, not just a feature drop. If you're running OpenClaw in a business setting where it has access to real data or can take real actions, updating promptly is the right call.
Other Changes Worth Noting
A few more items from the changelog that matter for typical business deployments:
Agent timeout extended to 120 seconds. If you're using slower models or running complex tasks, the previous timeout was causing unnecessary failures. The new default gives long-running operations more runway before triggering a retry. If you've been getting mysterious timeouts on legitimate tasks, this may quietly fix them.
Cron scheduling fixes. Several fixes address edge cases where scheduled jobs would fire at the wrong time, skip runs, or accumulate stale state. If you're running any scheduled tasks through OpenClaw (daily reports, recurring follow-ups, automated checks), the scheduling is more reliable in this version.
Windows exec fix. A bug specific to Windows was causing CLI commands to hang or get killed with a forced termination signal when stdout and stderr drained before the process signaled it was done. That's fixed. If you're running OpenClaw on Windows and have had commands mysteriously stall, this was the culprit.
macOS Talk Mode gets local speech. For Mac users, OpenClaw's Talk Mode (voice input/output) now has an experimental local MLX speech provider. That means voice processing can happen on-device rather than through a remote API. This is opt-in and experimental, but it's a meaningful privacy improvement for anyone using Talk Mode with sensitive conversations.
Should You Update Now?
Yes, and here's why: the combination of Active Memory, security hardening, and Teams reliability fixes makes this a release with broad practical value - not just for power users, but for anyone running OpenClaw in a real business context.
There are no announced breaking changes in 2026.4.10. The Active Memory feature is opt-in. The Codex/OpenAI split only affects you if you're using GPT-5 class models. The security tightening is mostly invisible unless you're running custom self-hosted deployments with unusual network paths.
If you're using OpenClaw on a standard desktop setup, the update should be smooth. If you're running a gateway or server deployment for a team, test in a non-production environment first - that's always the right call with a release this large.
To check your current version, run openclaw --version in your terminal. If it's anything before 2026.4.10, there's a meaningful delta worth picking up. Our install guide covers how to update if you need a refresher.
Do Any of Our Guide Pages Need Updating?
I checked through the changes against our existing guides. A few areas are worth flagging for future review:
The core concepts guide may need a section on Active Memory once the feature stabilizes - it's a significant enough addition to how OpenClaw works that business owners new to the platform should understand it as a core capability, not a footnote.
The install guide doesn't need changes for this release - there are no new Node.js requirements or install command changes in 2026.4.10. The update process is unchanged.
The exec policy addition is new enough that it probably warrants its own section in our core concepts guide over the next few weeks, especially for business owners who are deploying OpenClaw with real-world execution permissions.
The Bigger Picture
OpenClaw's release cadence is relentless. A version number like 2026.4.10 tells you this is the tenth significant release of April 2026 alone. The project moves fast - and for business owners, that's both an opportunity and a challenge.
The opportunity: every release adds capabilities that make the tool more useful. Active Memory would have been a headline feature in any AI product six months ago. It's shipping as a point release in OpenClaw.
The challenge: keeping up with what's changed, what it means for your deployment, and what you should actually do about it. That's part of what we cover here. If you want to understand how OpenClaw has evolved as a platform beyond just this release, our main OpenClaw explainer is the right starting point.
Active Memory is the kind of feature that separates AI tools that feel smart from AI tools that feel like they actually know you. For business owners who interact with their AI assistant every day, that difference is tangible. It's worth turning on.
Sources: OpenClaw 2026.4.10 release notes (github.com/openclaw/openclaw/releases/tag/v2026.4.10, April 11, 2026) · OpenClaw Active Memory documentation (docs.openclaw.ai/concepts/active-memory)