DEV Community: Om Shree

DeepSeek Just Dropped V4. Here's What the Benchmarks Actually Tell You.

Om Shree — Fri, 24 Apr 2026 09:01:03 +0000

Open-source AI has spent two years being "almost there." With DeepSeek-V4-Pro, the gap with frontier closed-source models isn't almost closed — in some benchmarks, it's gone.

The Problem It's Solving

The standard narrative has been simple: closed-source models from OpenAI, Google, and Anthropic sit at the frontier. Open-source models follow, months behind, at a fraction of the cost but with a meaningful capability tax. You pay in quality for what you save in dollars.

DeepSeek-V4-Pro-Max — the maximum reasoning effort mode of DeepSeek-V4-Pro — is being positioned as the best open-source model available today, significantly advancing knowledge capabilities and bridging the gap with leading closed-source models on reasoning and agentic tasks. Hugging Face That's a bold claim. The benchmark data makes it harder to dismiss than the usual open-source PR.

How It Actually Works

DeepSeek-V4-Pro ships as a 1.6 trillion parameter Mixture-of-Experts model with 49 billion parameters activated per token, while DeepSeek-V4-Flash runs at 284 billion total with 13 billion activated. Both support a one million token context window. Hugging Face

The architecture is doing real work here, not just scaling. A hybrid attention mechanism combining Compressed Sparse Attention (CSA) and Heavily Compressed Attention (HCA) dramatically improves long-context efficiency — in the 1M-token context setting, DeepSeek-V4-Pro requires only 27% of single-token inference FLOPs and 10% of KV cache compared with DeepSeek-V3.2. Hugging Face That's not a marginal improvement. That's a fundamentally different inference cost profile at scale.

Manifold-Constrained Hyper-Connections (mHC) strengthen residual connections across layers while preserving model expressivity Hugging Face , and the Muon optimizer handles training stability. This isn't DeepSeek iterating on V3 — it's a ground-up architectural rethink.

The reasoning modes matter for how you deploy. Both Pro and Flash support three effort levels: standard, high, and max. For Think Max reasoning mode, DeepSeek recommends setting the context window to at least 384K tokens. Hugging Face The Flash-Max mode is particularly interesting — Flash-Max achieves comparable reasoning performance to the Pro version when given a larger thinking budget, though its smaller parameter scale places it slightly behind on pure knowledge tasks and the most complex agentic workflows. Hugging Face

What Developers Are Actually Using It For

The benchmark table that Frank Fiegel at Glama flagged this morning tells the real story — specifically, the agentic and coding numbers.

On LiveCodeBench, V4-Pro leads the pack at 93.5, ahead of Gemini (91.7) and Claude (88.8). Codeforces rating — a real-world competitive programming measure — puts V4-Pro at 3206, ahead of GPT-5.4 (3168) and Gemini (3052). OfficeChai Competitive programming benchmarks are notoriously hard to game; this is the kind of number that makes engineers pay attention.

On SWE-Verified (real software engineering tasks), V4-Pro sits at 80.6 — within a fraction of Claude (80.8) and matching Gemini (80.6). On Terminal Bench 2.0, V4-Pro (67.9) beats Claude (65.4) and is competitive with Gemini (68.5), though GPT-5.4 leads at 75.1. OfficeChai

For math reasoning: on IMOAnswerBench, V4-Pro scores 89.8 — well ahead of Claude (75.3) and Gemini (81.0), though GPT-5.4 edges ahead at 91.4. OfficeChai The one clear gap is Humanity's Last Exam, where V4-Pro scores 37.7 — just below GPT-5.4 (39.8), Claude (40.0), and Gemini (44.4). OfficeChai Factual world knowledge retrieval is still where closed-source models hold a real edge.

DeepSeek says V4 has been optimized for use with popular agent tools including Claude Code and OpenClaw CNBC , which signals the team is building for production agentic deployment, not just benchmark positioning.

Why This Is a Bigger Deal Than It Looks

The capability story is interesting. The cost story is the one that matters for anyone running production workloads.

In comparison, OpenAI's GPT-5.4 costs $2.50 per 1M input tokens and $15.00 per 1M output tokens, while Claude Opus 4.6 costs $5 per 1M input tokens and $25 per 1M output tokens. DeepSeek — at least on benchmarks — delivers similar performance to these models at a 50-80% cost reduction. OfficeChai

The timing is not accidental. OpenAI shipped GPT-5.5 the same day. DeepSeek needed a launch window where an open-source 1M-context MoE at a fraction of the cost would not be buried under a closed-source announcement. Ofox Shipping on the same day as your biggest competitor's release is a calculated move.

The V3.2 to V4-Pro jump on Arena AI's live code leaderboard is 88 Elo — roughly the same delta between the third and thirteenth ranked models on the current board. It is a genuine generational step, not a refresh. Ofox

The MCPAtlas Public benchmark in the LinkedIn post — where V4-Pro-Max scores 73.6 against Opus 4.6's 73.8 — is the number that stands out most for anyone building MCP-integrated agent pipelines. Open-source is now essentially at parity on structured tool use. That's the gap that just closed.

Availability and Access

The weights are hosted on Hugging Face and ModelScope in FP8 and FP4+FP8 mixed precision formats, released under the MIT License for research and commercial use. Android Sage

DeepSeek's pricing sits at $0.14/million tokens input and $0.28/million tokens output for Flash, and $1.74/million input and $3.48/million output for Pro. Simon Willison The API is live today via OpenRouter and DeepSeek's own endpoint, supporting both OpenAI ChatCompletions and Anthropic protocols.

Running a 1.6T parameter model locally requires significant GPU infrastructure — even in FP4+FP8 mixed precision, the memory requirements are substantial. Android Sage For most teams, the API is the practical path. Flash-Max gives you near-Pro reasoning at Flash pricing, which is the configuration worth benchmarking against your specific workloads first.

The gap between open-source and frontier AI just got measurably smaller — and for the first time, in some categories that actually matter for production agentic systems, it's not a gap at all. The question for teams running closed-source models at frontier prices is no longer "when will open-source catch up?" It's "what are we still paying for?"

Follow for more coverage on MCP, agentic AI, and AI infrastructure.

Microsoft Fabric Just Exposed Its MCP Architecture. Here's What It Actually Changes for Data Teams.

Om Shree — Fri, 24 Apr 2026 01:17:59 +0000

Enterprise data platforms have spent decades building walls around their data. Microsoft just shipped the protocol that lets AI agents walk through those walls — natively, securely, and without a single custom integration.

The Problem It's Solving

Every time an engineering team wants to connect an AI agent to a data platform, they rebuild the same plumbing from scratch: OAuth2 flows, token management, rate-limiting logic, API versioning, error handling. That's before the agent even does anything useful. Multiply that across a company running GitHub Copilot, Claude, Cursor, and Copilot Studio simultaneously, and the integration surface becomes unmanageable.

The deeper issue is that AI tools have no shared language for talking to enterprise systems. Each integration is bespoke, brittle, and built by someone who had better things to do. The agent either gets too little context or too much — and neither produces reliable outputs against production infrastructure.

How the Fabric MCP Architecture Actually Works

Microsoft Fabric is now shipping two distinct MCP entry points, each targeting a different level of autonomy.

Fabric Local MCP is now Generally Available. It's an open-source server that runs on the developer's machine, giving AI assistants deep knowledge of Fabric's APIs. It also enables local-to-cloud data operations — upload data to OneLake, create items, inspect table schemas — all within a single conversation. The Local MCP can wrap the Fabric CLI as tools, meaning CI/CD pipelines can use it to deploy changes with no human in the loop. Authentication is integrated, so there's no manual token management. The recommended install path is a VS Code extension that configures everything automatically.

Fabric Remote MCP is in Preview. This is the cloud-hosted server — no local setup required. It lets AI agents perform authenticated operations directly in a Fabric environment: managing workspaces, handling permissions, executing tasks on behalf of teams. This is the entry point for autonomous agents running in Copilot Studio, not developers pair-programming at a terminal.

Both run inside the security model, audit trail, and RBAC boundaries Fabric already enforces. The agents can only access what the authenticated user can access. There are no additional roles to provision, no shadow permissions, no new attack surface to manage.

The underlying protocol making this possible is MCP — originally created by Anthropic and now adopted by GitHub, Cloudflare, Stripe, and a growing list of enterprise platforms. Rather than creating unique integrations for each AI tool, exposing the platform as an MCP server means any MCP-compatible client can connect instantly. Microsoft Fabric

What Teams Are Actually Using It For

The use cases split cleanly by role.

A developer building a data pipeline uses the Local MCP to let GitHub Copilot or Claude look up the correct Fabric API spec, generate code against it, upload data to OneLake, and validate the result — all within one conversation thread. The agent isn't guessing at APIs or hallucinating parameter names. It's reading the live spec through the MCP server.

A data team running autonomous workflows points Copilot Studio at the Remote MCP. The agent provisions workspaces, adjusts permissions, and manages resources on behalf of the team without anyone opening the Fabric portal.

A CI/CD pipeline uses the Fabric CLI wrapped as MCP tools to deploy changes on a schedule, no human in the loop, no interactive auth required.

And separately, OneLake MCP is now Generally Available as part of the same extension, letting agents traverse the full OneLake hierarchy — from workspace to item to table schema to physical Delta Lake files — through natural language. An admin could ask an agent to inventory every item in a workspace, a data engineer could check table optimization across lakehouses, and an analyst could explore an unfamiliar dataset without writing a query. Microsoft Fabric

Why This Is a Bigger Deal Than It Looks

When Microsoft previewed the Fabric Local MCP in October, the announcement became one of their most-read posts, approaching 100K views. Microsoft Fabric That's not a vanity metric — it's a signal that data engineers are actively looking for exactly this kind of native agent integration, not another middleware layer to manage.

The more consequential signal is architectural. Microsoft didn't build a Fabric-specific agent framework. They implemented MCP — the same protocol Anthropic, GitHub, Cloudflare, and Stripe are converging on — and exposed Fabric through it. That's a deliberate bet that the agentic ecosystem will standardize on one protocol, and that being MCP-native is table stakes for enterprise platforms going forward.

The analogy Microsoft uses in their own post is precise: MCP is to AI what USB was to hardware — a universal connector that replaces a tangle of proprietary cables with a single standard. Microsoft Fabric USB didn't make hardware more capable. It made capability composable. That's exactly what MCP does for data infrastructure.

For teams evaluating where to build agentic data workflows, this changes the calculus. Fabric is no longer just a lakehouse or a BI platform. It's now a surface that any MCP-compatible agent can operate against, with enterprise-grade governance baked in, not bolted on.

Availability and Access

Fabric Local MCP is Generally Available now. Install via the VS Code Marketplace extension — it configures automatically and works with GitHub Copilot, Cursor, Claude Desktop, and any MCP-compatible client. Fabric Remote MCP is in Preview. OneLake MCP tools ship automatically as part of the Fabric MCP extension if you already have it installed — no additional configuration required.

The question enterprise data teams should be asking isn't whether to adopt MCP-native tooling. It's how quickly they can deprecate the custom integration layers they've already built. That migration just got a lot easier.

Follow for more coverage on MCP, agentic AI, and AI infrastructure.

Google Just Launched an Official Agent Skills Repository. Here's What It Actually Solves.

Om Shree — Fri, 24 Apr 2026 01:15:08 +0000

Google just shipped an official repository of Agent Skills at Google Cloud Next 2026. It's a quiet announcement, but it points at one of the most persistent unsolved problems in production agentic AI.

The Problem It's Solving

MCP servers were supposed to fix context. Give your agent a live, grounded connection to documentation, and it wouldn't hallucinate outdated APIs or confuse one SDK version with another. And that largely works — Google already runs an MCP server for its developer docs.

But there's a compounding cost. When agents lean heavily on MCP servers, they pull massive amounts of context into their window on every request. The model drowns in raw documentation, token costs spike, and coherence drops. The community calls this "context bloat," and it gets worse the more products an agent is expected to know.

The real gap isn't access to information. It's the absence of condensed, agent-optimized expertise that loads on demand rather than all at once.

How Agent Skills Actually Works

Agent Skills is an open format — originally developed by Anthropic and released as a community standard — for giving agents packaged, structured expertise. At its core, a skill is a folder containing a SKILL.md file with metadata and task-specific instructions. It can also bundle scripts, reference docs, templates, and other assets. Think of it as agent-first documentation: compact, purposeful, and written for a machine that needs to act, not just read.

The mechanism that makes it practical is progressive disclosure. At startup, an agent loads only the name and description of each available skill — just enough to know whether a skill is relevant to the current task. When there's a match, the full instructions are pulled into context. The agent then executes, optionally running bundled scripts or referencing additional files.

Full context only loads when it's actually needed. That's the design decision that separates this from dumping a documentation site into a system prompt.

What Developers Are Actually Using It For

Google's official repository launches at github.com/google/skills with thirteen skills out of the gate. Seven are product-specific: AlloyDB, BigQuery, Cloud Run, Cloud SQL, Firebase, the Gemini API, and GKE. Three map to the Well-Architected Framework pillars — Security, Reliability, and Cost Optimization. And three are "recipe" skills covering onboarding, authentication, and network observability.

Installing them is a single command: npx skills install github.com/google/skills. They work across Antigravity, Gemini CLI, and any third-party agent that implements the Skills spec.

The product-specific skills are the immediately practical ones. An agent working against BigQuery or GKE no longer needs to maintain a live MCP connection to documentation just to get accurate syntax, service limits, or recommended patterns. The skill carries that knowledge, loads it when relevant, and stays out of the way otherwise.

Why This Is a Bigger Deal Than It Looks

The Agent Skills format wasn't built by Google — it was built by Anthropic and open-sourced. Google adopting it as the vehicle for their official documentation layer is a meaningful signal: this is becoming infrastructure, not a framework-specific feature.

For teams building agents on Google Cloud, the practical implication is real. You can now equip an agent with accurate, maintained, Google-authored knowledge about Cloud Run or Firebase without inflating every prompt with raw documentation. The skills are versioned, auditable, and composable — which matters when you're running multi-step workflows across multiple GCP products.

The deeper shift here is architectural. MCP solved access. Agent Skills solves delivery. They're complementary, and the combination starts to look like a serious answer to the context problem that's been quietly breaking production agents for the past year.

Availability and Access

The repository is live now at github.com/google/skills. Google has confirmed additional skills will ship in the coming weeks and months. The Agent Skills format spec is open, meaning any agent platform can implement support, and any team can build and distribute their own skills using the same structure.

Context bloat has been treated like an engineering nuisance. Google just made the case that it's an infrastructure problem — and shipped a solution for it. The question now is how quickly the rest of the ecosystem follows with their own official skills repositories.

Follow for more coverage on MCP, agentic AI, and AI infrastructure.

The Bitwarden CLI Just Got Backdoored. Here's What the Supply Chain Attack Actually Did.

Om Shree — Fri, 24 Apr 2026 01:11:43 +0000

Bitwarden serves over 10 million users and 50,000 businesses. On April 22, 2026, for exactly 93 minutes, its CLI was shipping malware.

This was not a phishing campaign. Nobody tricked a Bitwarden employee into clicking a link. The attackers walked straight through the CI/CD pipeline, injected malicious code into an official release, and let Bitwarden's own npm publishing mechanism do the distribution for them.

The Problem It's Solving (For the Attackers)

Supply chain attacks are effective precisely because they subvert trust. You don't need to compromise a developer's machine directly if you can compromise the tool they're already running with elevated permissions in their build pipeline.

The affected package version was @bitwarden/cli@2026.4.0, and the malicious code was published in bw1.js, a file included in the package contents. The Hacker News The Bitwarden CLI sits in a privileged position in developer environments — it's commonly used for secrets injection and automated deployments in CI/CD pipelines. That makes it a high-value target.

The compromise was connected to the ongoing Checkmarx supply chain campaign, with a threat group hijacking the npm package and injecting malicious code designed to steal sensitive data from developer workstations and CLI environments. Security Boulevard The researchers who caught it — Socket, JFrog, Ox Security, and StepSecurity — identified it as part of a broader pattern that has been running since at least March 2026.

How the Attack Actually Worked

The attackers gained access by exploiting a GitHub Actions workflow in Bitwarden's CI/CD pipeline, mirroring previously documented techniques in the Checkmarx campaign, where threat actors leveraged stolen credentials to inject malicious workflows, exfiltrate secrets, and tamper with build outputs before distribution. CyberInsider

Once inside, the payload was embedded quietly into a legitimate build. The malicious payload, embedded in a file called bw1.js, ran during package installation and harvested GitHub and npm tokens, SSH keys, environment variables, shell history, and cloud credentials. Yahoo!

The exfiltration destination is worth noting. The stolen data was encrypted with AES-256-GCM and exfiltrated to audit.checkmarx[.]cx, a domain impersonating Checkmarx. The Hacker News Typosquatting a security company's domain to hide malware traffic is a particularly cynical touch.

The blast radius doesn't stop at the developer's machine either. If GitHub tokens are found, the malware weaponizes them to inject malicious Actions workflows into repositories and extract CI/CD secrets — meaning a single developer with the affected version installed can become the entry point for a broader supply chain compromise, with the attacker gaining persistent workflow injection access to every CI/CD pipeline the developer's token can reach. The Hacker News

There's also an attribution wrinkle that security researchers are still untangling. While the shared tooling strongly suggests a connection to the same malware ecosystem as the Checkmarx campaign, the operational signatures differ: the ideological branding is embedded directly in the malware, from the Shai-Hulud repository names to the "Butlerian Jihad" manifesto payload to commit messages proclaiming resistance against machines. Socket That points to either a splinter group or a campaign evolution — not a clean attribution to TeamPCP, who claimed the original Checkmarx attack.

What Developers Are Actually Exposed To

Only the npm CLI package was affected. Bitwarden's Chrome extension, MCP server, and other official distribution channels remain uncompromised. Cyber Security News

The malicious package was active between 5:57 PM and 7:30 PM ET on April 22, 2026. Bitwarden That's a 93-minute exposure window. Narrow, but enough.

Security researcher Adnan Khan noted this is the first known compromise of a package using npm's trusted publishing mechanism, which was designed to eliminate long-lived tokens. BeInCrypto That's significant. Trusted publishing was supposed to be the hardened path. The attackers didn't bypass it — they compromised the GitHub Actions workflow upstream of it, then let the trusted mechanism publish for them.

TeamPCP's broader campaign separately targets crypto wallet data, including MetaMask, Phantom, and Solana wallet files, and has chained similar attacks against Trivy, Checkmarx, and LiteLLM since March 2026, targeting developer tools that sit deep in build pipelines. Yahoo!

Why This Is a Bigger Deal Than It Looks

Bitwarden confirmed the incident but contained the framing carefully: no end-user vault data was accessed, no production systems compromised. That's true, and it matters. But the more important story here isn't about Bitwarden specifically.

The attack is another example of the increasing cybersecurity risks to CI/CD architectures as they become more foundational in the software development pipeline, with threat actors expanding their targeting of them in supply chain campaigns. Security Boulevard

The vector — GitHub Actions compromise leading to poisoned npm releases — is repeatable. It has been used against Trivy, Checkmarx's own tooling, and LiteLLM. The Bitwarden compromise isn't an isolated incident; it's the latest iteration of a campaign that is actively refining its technique against high-trust developer tooling.

And the MCP angle is worth flagging: the malicious bw1.js payload shares core infrastructure with the previously analyzed mcpAddon.js, including an identical C2 endpoint. Cyber Security News As MCP servers proliferate across developer toolchains, they're becoming targets in the same supply chain vector. The attack surface is expanding in lockstep with adoption.

Availability and Access (What To Do Right Now)

If you installed @bitwarden/cli@2026.4.0 during the window: treat your environment as fully compromised. Rotate every secret the machine had access to — GitHub tokens, npm credentials, cloud provider keys, SSH keys, everything.

Socket recommends downgrading to version 2026.3.0 or switching to official signed binaries from Bitwarden's website. BeInCrypto

On endpoints and runners, hunt for outbound connections to audit[.]checkmarx[.]cx, execution of Bun where it is not normally used, and access to files such as .npmrc, .git-credentials, .env, and cloud credential stores. For GitHub Actions, review whether any unapproved workflows were created on transient branches. Socket

A CVE for Bitwarden CLI version 2026.4.0 is being issued in connection with this incident. CyberInsider

The Bitwarden CLI attack is a clean demonstration of where the real risk in developer infrastructure lives right now: not in the applications themselves, but in the build systems that ship them. One poisoned GitHub Actions workflow, one 93-minute publish window, and a trusted tool becomes a credential harvester running inside your pipeline with your own permissions.

The question isn't whether your password manager's vault is safe. It's whether you can verify the integrity of every tool in your build chain. Most teams can't.

Follow for more coverage on MCP, agentic AI, and AI infrastructure.

Google Just Split Its TPU Into Two Chips. Here's What That Actually Signals About the Agentic Era.

Om Shree — Thu, 23 Apr 2026 03:47:11 +0000

Training and inference have always had different physics. Google just decided to stop pretending one chip could handle both.

At Google Cloud Next '26 on April 22, Google announced the eighth generation of its Tensor Processing Units — but for the first time in TPU history, that generation isn't a single chip. It's two: the TPU 8t for training, and the TPU 8i for inference and agentic workloads. That architectural split is the most meaningful signal in this announcement, and most coverage has buried it.

The Problem It's Solving

Standard RAG retrieves. Agents reason, plan, execute, and loop back. That distinction matters enormously at the infrastructure level.

Chat-based AI inference has a relatively forgiving latency budget. A user submits a prompt, waits a second or two, reads the response. Agentic workflows don't work that way. A primary agent decomposes a goal into subtasks, dispatches specialized agents, collects results, evaluates them, and decides what to do next — all in real time, potentially across thousands of concurrent sessions. The per-step latency compounds. If your inference chip is optimized for throughput over latency (which it was, because that's what training needs), you end up with agent loops that are sluggish, expensive, and hard to scale.

Previous TPU generations, including last year's Ironwood, were pitched as unified flagship chips. Google's internal experience running Gemini, its consumer AI products, and increasingly complex agent workloads apparently showed that a single architecture forces uncomfortable trade-offs. So they split the roadmap.

How the TPU 8t and TPU 8i Actually Work

The TPU 8t is the training powerhouse. It packs 9,600 chips in a single superpod to provide 121 exaflops of compute and two petabytes of shared memory connected through high-speed inter-chip interconnects. That's roughly 3x higher compute performance than the previous generation, with doubled ICI bandwidth to ensure that massive models hit near-linear scaling. At the cluster level, Google can now connect more than one million TPUs across multiple data center sites into a training cluster — essentially transforming globally distributed infrastructure into one seamless supercomputer.

The TPU 8i is the more architecturally interesting chip. With 3x more on-chip SRAM over the previous generation, TPU 8i can host a larger KV Cache entirely on silicon, significantly reducing the idle time of the cores during long-context decoding. The key innovation is a component called the Collectives Acceleration Engine (CAE) — a dedicated unit that aggregates results across cores with near-zero latency, specifically accelerating the reduction and synchronization steps required during autoregressive decoding and chain-of-thought processing. The result: on-chip latency of collectives drops by 5x.

Google also redesigned the inter-chip network topology specifically for 8i. The previous 3D torus topology prioritized bandwidth. For 8i, Google changed how chips connect together using fully connected boards aggregated into groups — a high-radix design called Boardfly that connects up to 1,152 chips together, reducing the network diameter and the number of hops a data packet must take to cross the system, achieving up to a 50% improvement in latency for communication-intensive workloads.

In raw spec terms, the 8i delivers 9.8x the FP8 EFlops per pod, 6.8x the HBM capacity per pod, and a pod size that grows 4.5x from 256 to 1,152 chips compared to the prior generation.

The economic headline: TPU 8i delivers 80% better performance per dollar for inference than the prior generation.

What Teams Are Actually Using This For

The split architecture is most directly useful for three categories of workload.

Frontier model training at labs and large enterprises. TPU 8t was designed in partnership with Google DeepMind and is built to efficiently train world models like DeepMind's Genie 3, enabling millions of agents to practice and refine their reasoning in diverse simulated environments. If you're training large proprietary models, the 8t's near-linear scaling at million-chip clusters changes the economics of when you can afford to retrain.

High-concurrency agentic inference is where the 8i shines. Multi-agent pipelines, MoE model serving, chain-of-thought reasoning loops — all of these hammer the all-to-all communication patterns that the Boardfly topology specifically addresses. The implication is lower latency per agent step at scale, which compounds significantly when you're running thousands of parallel agent sessions.

Reinforcement learning post-training sits between the two. Google's new Axion-powered N4A CPU instances handle the complex logic, tool-calls, and feedback loops surrounding the core AI model — offering up to 30% better price-performance than comparable agent workloads on other hyperscalers. The intended stack is TPU 8t for pre-training, TPU 8i for RL and inference, and Axion for orchestration logic.

Google is also wrapping all of this in upgraded networking. The Virgo Network's collapsed fabric architecture offers 4x the bandwidth of previous generations and can connect 134,000 TPUs into a single fabric in a single data center. Storage got overhauled too: Google Cloud Managed Lustre now delivers 10 TB/s of bandwidth — a 10x improvement over last year — with sub-millisecond latency via TPUDirect and RDMA, allowing data to bypass the host and move directly to the accelerators.

Why This Is a Bigger Deal Than It Looks

The obvious read on this announcement is "Google vs. Nvidia." That framing is mostly wrong, and Google itself isn't pretending otherwise. Google promises its cloud will have Nvidia's latest chip, Vera Rubin, available later this year, and the two companies are co-engineering the open-source Falcon networking protocol via the Open Compute Project. This is not a replacement strategy — it's a portfolio strategy.

The more important signal is what the architectural split says about where the AI workload is going. Seven generations of TPUs were built on the assumption that training and inference are different phases of the same pipeline — you train, then you serve. The 8t/8i split encodes a different belief: that agentic inference is so architecturally distinct from training that they require fundamentally different silicon. That's a bet on the permanence of agentic workflows, not just a current optimization.

For enterprise buyers, the TPU v8 reframes the 2026–2027 cloud evaluation in concrete ways: teams training large proprietary models should look at 8t availability windows and Virgo networking access. Teams serving agents or reasoning workloads should evaluate 8i on Vertex AI and whether HBM-per-pod sizing fits their context windows.

There's also a vertical integration argument here that's easy to underestimate. Google co-designs its chips with DeepMind, runs them on its own networking fabric, manages its own storage layer, and orchestrates everything through GKE. Native PyTorch support for TPU — TorchTPU — is now in preview with select customers, allowing models to run on TPUs as-is with full support for native PyTorch Eager Mode. That removes one of the biggest friction points developers have historically had with TPUs: you no longer need to rewrite your training code to access Google's silicon. Combined with vLLM support on TPU, the migration path from an Nvidia-based setup is shorter than it's ever been.

Availability and Access

TPU 8t and TPU 8i will be available to Cloud customers later in 2026. You can request more information now to prepare for their general availability. The chips are integrated into Google's AI Hypercomputer stack, supporting JAX, PyTorch, vLLM, and XLA. Deployment options range from Vertex AI managed services to GKE for teams that want infrastructure-level control.

The honest caveat: these are self-reported benchmarks against Google's own prior generation. Independent third-party numbers from cloud customers and evaluators will emerge over the next two quarters, and those will be the numbers that actually matter for procurement decisions.

The split TPU roadmap isn't just a chip announcement — it's Google encoding its architectural thesis about what AI infrastructure looks like in an agentic world directly into silicon. Every other hyperscaler is going to have to answer the same question: do you build one chip to do everything, or do you specialize?

Follow for more coverage on MCP, agentic AI, and AI infrastructure.

NeoCognition Just Raised $40M to Fix the One Thing Every AI Agent Gets Wrong

Om Shree — Thu, 23 Apr 2026 03:34:27 +0000

Every AI agent demo looks impressive until you actually depend on one. That 50% task completion rate you've quietly accepted as "normal"? NeoCognition just called it out directly, and raised $40 million to do something about it.

The Problem It's Solving

The foundational critique that NeoCognition is building on is blunt: current agents — whether from Claude Code, OpenClaw, or Perplexity's computer tools — successfully complete tasks as intended only about 50% of the time. That is not a UX problem or a prompt engineering problem. It's a structural one. Today's agents are stateless generalists. They bring no accumulated knowledge of your environment, your workflows, or your domain's specific constraints to each task. Every time you invoke one, it's starting from scratch.

The standard industry response to this has been fine-tuning — custom-engineering an agent for a specific vertical and hoping it holds. That works until the domain shifts, the tooling changes, or you need to deploy the same agent somewhere new. Then you're back to zero.

How NeoCognition Actually Works

NeoCognition was started by Yu Su, Xiang Deng, and Yu Gu, who all worked together in Su's AI agent lab at Ohio State University. Su's team began developing LLM-based agents before the ChatGPT moment, and their research — including Mind2Web and MMMU — is now used by OpenAI, Anthropic, and Google. This is not a product team that pivoted into agents. It's the research behind the agents you're already using, now building something opinionated about what those agents got wrong.

The core thesis is drawn from how humans actually acquire expertise. NeoCognition's agents continuously learn the structure, workflows, and constraints of the environments they operate in, and specialize into domain experts by learning a world model of work. The phrase "world model" is doing significant work here. Rather than applying general reasoning to every task, these agents are designed to build an internal map of a specific micro-environment — its rules, its dependencies, its edge cases — and continuously refine that map through experience.

The Palo Alto startup argues that its agents learn on the job as specialists rather than relying on fixed general training, which is the architectural distinction that matters. Fixed training is a snapshot. A world model grows.

What Enterprises Are Actually Using It For

NeoCognition's primary target is the enterprise market, and specifically the SaaS layer. NeoCognition intends to sell its agent systems primarily to enterprises, including established SaaS companies, which can use them to build agent workers or to enhance existing product offerings. The framing here is interesting: they're not just selling agents to enterprises, they're selling the infrastructure for SaaS companies to make their own products agentic.

The Vista Equity Partners participation is strategic, not just financial. As one of the largest private equity firms in the software space, Vista can provide NeoCognition with direct access to a vast portfolio of companies looking to modernize their products with AI. That's a go-to-market lever, not just a check. You don't close Vista for the cap table optics — you close them because they own the distribution you need.

The deeper implication for enterprises is the safety argument. Deeper understanding of their environments enables NeoCognition's agents to be more responsible and safer actors in high-stake settings. An agent that understands why a workflow exists — not just what the workflow is — is less likely to take a technically correct action that's contextually wrong. That's the difference between a tool and a trusted system.

Why This Is a Bigger Deal Than It Looks

The investor list deserves more attention than most coverage is giving it. Angel investors and founding advisors include Lip-Bu Tan, CEO of Intel, Ion Stoica, co-founder and executive chairman of Databricks, and leading AI researchers like Dawn Song, Ruslan Salakhutdinov, and Luke Zettlemoyer. That last trio — Song, Salakhutdinov, Zettlemoyer — are foundational researchers in modern deep learning and NLP. When researchers of that caliber put their names on a company, they're endorsing the technical thesis, not just the team.

The timing reflects a broader pattern in AI investment in 2026: capital is increasingly flowing not towards frontier model development — dominated by a small number of well-capitalized labs — but towards the infrastructure and agent layer above it. The model wars are effectively over for now. The next real competition is in what those models can reliably do, and that's an infrastructure and learning problem, not a parameter-count problem.

What NeoCognition is proposing — agents that build structured world models of their operating environments — is also the missing architectural primitive for MCP-based agent pipelines. Right now, most agentic systems using MCP are still stateless: each tool call happens in context, but the agent isn't learning the tool ecosystem it operates in. An agent layer that builds persistent, structured knowledge of its environment and the tools available to it would meaningfully change what's achievable in production agentic workflows.

Availability and Access

NeoCognition has just emerged from stealth, so there's no public product available yet. The company currently has about 15 employees, the majority of whom hold PhDs. This is explicitly still a research-to-product transition — the $40M is funding that transition. Enterprise access will likely come through direct partnership channels, given the Vista relationship and the SaaS-first go-to-market. Developers wanting to follow the research can track Su's prior work through his Ohio State lab page.

The 50% reliability ceiling on current agents isn't a model problem — it's a memory and specialization problem. NeoCognition is making a structural bet that the next unlock in agent reliability isn't more parameters; it's agents that actually learn where they're deployed. If they're right, the companies building on today's stateless agent architectures are building on borrowed time.

Follow for more coverage on MCP, agentic AI, and AI infrastructure.

Google's Project Jitro Just Redefined What a Coding Agent Is. Here's What It Actually Changes.

Om Shree — Wed, 22 Apr 2026 03:35:56 +0000

Project Jules used to tell your AI what to do. Jitro tells it what you want. That gap — between task execution and outcome ownership — is the entire bet Google is making with its next-generation coding agent.

The Problem With Every Coding Agent Right Now

Every major AI coding tool today, GitHub Copilot, Cursor, Windsurf, OpenAI's Codex — operates on the same underlying model: you define the work, the agent does it. You write the prompt, you review the output, you write the next prompt. The developer is still the scheduler, the project manager, and the QA team. The AI is a very fast, very capable executor.

That's genuinely useful. But it hits a ceiling. When your goal is "reduce memory leaks in the backend by 20%" or "get our accessibility score to 100%," you don't want to translate that into ten sequential prompts across a week. You want to hand it off. No current tool actually lets you do that.

How Project Jitro Actually Works

Google is internally developing Project Jitro as an autonomous AI system that moves beyond prompt-based coding to independently execute high-level development goals. It's built on Jules, Google's existing asynchronous coding agent — but the architecture is meaningfully different.

Rather than asking developers to manually instruct an agent on what to build or fix, Jules V2 appears designed around high-level goal-setting — KPI-driven development, where the agent autonomously identifies what needs to change in a codebase to move a metric in the right direction.

The workspace model is the critical piece. A dedicated workspace for the agent suggests Google envisions Jitro as a persistent collaborator rather than a one-shot tool. Early signals point to a workspace where developers can list goals, track insights, and configure tool integrations — a layer of continuity that current coding agents don't offer.

From leaked tooling definitions, the Jitro workspace API exposes operations like: list goals, create a goal after helping articulate it clearly, list insights, get update history for an insight, and list configured tool integrations including MCP remote servers and API connections. That last item is significant — Jitro integrates through Model Context Protocol (MCP) remote servers and various API connections to ensure it has the context it needs.

Transparency is baked in by design. When you set a goal in the Jitro workspace, the AI doesn't just operate silently — it surfaces its reasoning process, explaining why it chose a specific library or restructured a database table. You stay in control by approving the general direction, while the AI handles the execution.

What Engineering Teams Are Actually Going to Use This For

The use cases where this model genuinely wins are the ones that are currently painful in proportion to their importance: reducing error rates becomes the objective instead of debugging individual functions; improving test coverage becomes the target instead of writing test cases manually across multiple files; increasing conversions becomes the priority instead of adjusting isolated page elements without strategy alignment.

The primary beneficiaries would be engineering teams managing large codebases where incremental improvements compound — performance optimization, test coverage, accessibility compliance.

Jules V1 already demonstrated that the asynchronous model works. During the beta, thousands of developers tackled tens of thousands of tasks, resulting in over 140,000 code improvements shared publicly. Jules is now out of beta and available across free and paid tiers, integrated into Google AI Pro and Ultra subscriptions. Jitro inherits that async foundation and extends it to goals that span sessions, not just tasks.

Why This Is a Bigger Deal Than It Looks

The shift from prompt-driven to goal-driven AI isn't a UX improvement — it's a change in the unit of work. Right now, developer productivity is measured by how good your prompts are. Jitro changes that to how clearly you can define outcomes.

Routine tasks like debugging, writing boilerplate code, or running tests may increasingly be handled by AI systems. As a result, developers may shift toward higher-level responsibilities — guiding AI systems, reviewing outputs, and aligning technical work with business goals.

This marks a departure from the task-level paradigm seen across competitors like GitHub Copilot, Cursor, and even OpenAI's Codex agent, all of which still rely on developers defining specific work items. If Jitro ships as described, it resets what the category baseline looks like. Every competitor will be asked why their tool still needs a prompt for every action.

The MCP integration angle is also worth watching closely. A goal-oriented coding agent that natively connects to MCP remote servers can reach across your entire toolchain — CI/CD, monitoring, issue trackers — rather than reasoning only over local files. That's a different class of tool.

The honest caveat: the risk is that autonomous goal-pursuing agents introduce unpredictable changes, and trust will be the key barrier to adoption. None of the UI is visible yet, so the full scope remains unclear. There's a real question about what "approve the direction" actually looks like in practice when the agent is making dozens of decisions across a large codebase.

Availability and Access

Project Jitro is still pre-launch. The upcoming experience is expected to launch under a waitlist, with Google I/O 2026 on May 19 as the likely announcement moment alongside broader Gemini ecosystem updates. The Jules team has published a waitlist page with messaging that reads: "Manually prompting your agents is so… 2025."

Current Jules users on Google AI Pro and Ultra are the most likely early access recipients. No public timeline beyond "2026" has been confirmed.

The line between "AI that helps you code" and "AI that owns a development objective" is the line Jitro is trying to cross. Whether it lands or not at I/O, the framing alone forces every other coding tool to answer the same question: how long until your users stop writing prompts?

Follow for more coverage on MCP, agentic AI, and AI infrastructure.

Anthropic's Most Dangerous Model Just Got Accessed by People Who Weren't Supposed to Have It

Om Shree — Wed, 22 Apr 2026 01:28:17 +0000

Anthropic built a model so dangerous they refused to release it publicly. Then a Discord group got in anyway.

The Model They Wouldn't Ship

Claude Mythos Preview is Anthropic's most capable model to date for coding and agentic tasks. Anthropic But it was never meant to reach the public. During testing, Mythos improved to the point where it mostly saturated existing cybersecurity benchmarks, prompting Anthropic to shift focus to novel real-world security tasks — specifically zero-day vulnerabilities, bugs that were not previously known to exist. Anthropic

What they found was stark. Mythos Preview had already identified thousands of zero-day vulnerabilities across critical infrastructure — many of them critical — in every major operating system and every major web browser. Anthropic In one documented case, Mythos fully autonomously identified and exploited a 17-year-old remote code execution vulnerability in FreeBSD that allows anyone to gain root on a machine running NFS. No human was involved in either the discovery or exploitation of this vulnerability after the initial request to find the bug. Anthropic

This is why the model never went public.

Project Glasswing: The Controlled Release

Announced on April 7, Mythos was deployed as part of Anthropic's "Project Glasswing," a controlled initiative under which select organizations are permitted to use the unreleased Claude Mythos Preview model for defensive cybersecurity. Yahoo!

Launch partners included Amazon Web Services, Anthropic, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorganChase, the Linux Foundation, Microsoft, NVIDIA, and Palo Alto Networks. Access was also extended to over 40 additional organizations that build or maintain critical software infrastructure. Anthropic The logic was clear: get defenders ahead of the curve before the capabilities proliferate to actors who won't use them carefully.

Claude Mythos Preview is available to Project Glasswing participants at $25/$125 per million input/output tokens, accessible via the Claude API, Amazon Bedrock, Google Cloud's Vertex AI, and Microsoft Foundry. Anthropic committed $100M in model usage credits to cover Project Glasswing throughout the research preview. Anthropic

The perimeter was tight by design. The news today is that it didn't hold.

How the Discord Group Got In

A "private online forum," the members of which have not been publicly identified, managed to gain access to the tool through a third-party vendor. The unauthorized group tried a number of different strategies to gain access to the model, including using "access" enjoyed by a person currently employed at a third-party contractor that works for Anthropic. TechCrunch

Members of the group are part of a Discord channel that seeks out information about unreleased AI models. The group has been using Mythos regularly since gaining access to it, and provided evidence to Bloomberg in the form of screenshots and a live demonstration of the software. TechCrunch

The method they used to find the endpoint is particularly revealing. The group, which gained access on the very same day Mythos was publicly announced, "made an educated guess about the model's online location based on knowledge about the format Anthropic has used for other models." TechCrunch This wasn't a sophisticated breach — it was pattern recognition applied to a known naming convention. The group reportedly described themselves as being interested in exploring new models, not causing harm.

Anthropic said it is investigating the claims and, so far, has seen no sign that its own systems were affected — the allegation points to possible misuse of access outside Anthropic's core network, not a confirmed breach of the company's internal defenses. Prism News

Why This Is a Bigger Deal Than It Looks

The immediate reassurance — no core systems compromised, the group wasn't malicious — is accurate but beside the point. The problem isn't what this specific group did. It's what this incident reveals about the entire premise of Project Glasswing.

Anthropic's controlled release strategy rests on the assumption that access can be meaningfully gated through vendor relationships. A small group of unauthorized users reportedly accessed Mythos on the same day Anthropic announced limited testing Prism News — meaning the access controls failed within hours of the first public announcement, before most Glasswing partners had even begun their work. If the group could guess the model's endpoint from Anthropic's known URL patterns, so can threat actors with more resources and worse intentions.

There's also a pattern here worth naming. This is the third significant information control failure at Anthropic in recent weeks. The Claude Code source leak in March exposed 512,000 lines of unobfuscated TypeScript via a missing .npmignore entry. Before that, a draft blog post describing Mythos as "by far the most powerful AI model" ever built at Anthropic was left in a publicly accessible data store. That March 26 leak of draft materials — which Anthropic said resulted from human error in its content-management configuration — was actually Mythos's first public exposure. Prism News

Then there's the government subplot. The National Security Agency is using Mythos Preview despite top officials at the Department of Defense — which oversees the NSA — insisting Anthropic is a "supply chain risk." The department moved in February to cut off Anthropic and force its vendors to follow suit. The military is now broadening its use of Anthropic's tools while simultaneously arguing in court that using those tools threatens U.S. national security. Axios Meanwhile, CISA — the agency whose entire mandate is critical infrastructure protection — reportedly does not have access to the model. Axios

The entity designed to defend critical systems can't get in. A Discord group can.

What Anthropic Actually Said

"We're investigating a report claiming unauthorized access to Claude Mythos Preview through one of our third-party vendor environments," an Anthropic spokesperson said. The company found no evidence that the supposedly unauthorized activity impacted Anthropic's systems at all. TechCrunch

That's a factually careful statement. It's also a familiar shape: acknowledge the narrow, deny the broader implication. Anthropic has been here before.

The Vendor Problem Nobody Wants to Solve

The deeper structural issue is that enterprise AI deployments at frontier capability levels require trust chains that extend across dozens of organizations. Anthropic's 40-organization Glasswing rollout means 40 distinct security postures, 40 sets of contractors, and 40 potential lateral entry points for anyone who knows what they're looking for.

Anthropic said it does not plan to make Mythos Preview generally available, but its eventual goal is to enable users to safely deploy Mythos-class models at scale — for cybersecurity purposes, but also for the myriad other benefits that such highly capable models will bring. Simon Willison That goal is legitimate. But reaching it requires solving vendor access governance at a level the industry hasn't had to reckon with before. This incident is an early indication of what the stakes look like when the effort falls short.

A model capable of finding zero-days in every major operating system and browser has now been accessed by people outside the intended perimeter. The question isn't whether the Discord group caused harm. It's whether the perimeter can hold when the people on the other side are actually trying.

The line between "interested in playing around" and "interested in breaking things" isn't enforced by intent. It's enforced by access controls. Anthropic's have now failed twice in the same month.

Follow for more coverage on MCP, agentic AI, and AI infrastructure.

Anthropic Just Passed OpenAI in Revenue. Here's What Actually Built That Lead.

Om Shree — Mon, 20 Apr 2026 06:46:06 +0000

A year ago, the consensus was that OpenAI had an insurmountable lead. The brand. The user base. ChatGPT with hundreds of millions of users. The head start. In April 2026, Anthropic crossed $30 billion in annualized revenue and left OpenAI's $25 billion behind — the first time any rival has led this race since ChatGPT launched in November 2022.

The Number That Shocked Even the Analysts

Anthropic's annualized revenue run-rate hit $30 billion in April 2026, officially overtaking OpenAI's $25 billion — the first time any rival has surpassed OpenAI since ChatGPT launched in 2022. Vucense

Epoch AI had modeled it. Analysts debated the timing. It was supposed to happen even under the most optimistic assessments in August 2026. It happened in April. SaaStr

The trajectory itself is the story. Anthropic went from $87 million run-rate in January 2024, to $1 billion by December 2024, to $9 billion by end of 2025, to $14 billion in February 2026, to $19 billion in March, to $30 billion in April. That last sequence — $14B to $30B in roughly 8 weeks — is hard to make sense of in traditional software terms. SaaStr

For context: Salesforce took about 20 years to reach $30 billion in annual revenue. Anthropic did it in under 3 years from a standing start. SaaStr

The Enterprise Bet That Everyone Underestimated

OpenAI's revenue composition is more consumer-heavy, with ChatGPT Plus and Pro subscriptions making up a large share. Anthropic's composition runs roughly 80% enterprise — higher retention, lower churn, and contracts that expand over time rather than cancelling when novelty fades. Robo Rhythms

The customer numbers make this concrete. Enterprise customers spending over $1 million annually doubled to 1,000+ in under two months. Eight of the Fortune 10 are Anthropic customers. Vucense

In the enterprise LLM API market, Anthropic accounts for 32% compared to OpenAI's 25%. Seven out of every ten new enterprise customers choose Anthropic. Tradingkey

Enterprise buyers treat a large funding round as a signal of platform stability. Companies that had been hesitant to commit multi-year API contracts moved forward after Anthropic's February 2026 Series G because Anthropic looked like it was in the race to stay. The doubling of $1M+ clients in under two months right after the Series G confirms that signal-driven buying happened at scale. Robo Rhythms

Claude Code: The Single Product That Changed Everything

None of this happens without Claude Code. Launched in May 2025, Claude Code reached an annualized revenue of $1 billion by November, and surpassed $2.5 billion by February 2026 — a product growing from zero to $2.5 billion in nine months. Reviewing SaaS industry history, no faster case has been found. KuCoin

Business subscriptions to Claude Code have quadrupled since the start of 2026, and enterprise use has grown to represent over half of all Claude Code revenue. Anthropic

Claude Code holds a 54% market share in the AI programming tool segment — far exceeding GitHub Copilot and Cursor. Tradingkey

The reason enterprises pay for it is structural, not incremental. GitHub Copilot helps you complete the next line as you write code — you're still the one doing the work. Claude Code doesn't just autocomplete; it handles entire workflows. KuCoin That's the difference between a feature and a budget line replacement.

And Claude Code is available on every major surface. Claude is the only frontier AI model available on all three of the world's largest cloud platforms: AWS Bedrock, Google Cloud Vertex AI, and Microsoft Azure Foundry. The-ai-corner

The Training Cost Gap Nobody Is Talking About Enough

Revenue is the headline. The cost structure is the real story.

OpenAI is projected to spend $125 billion per year on training by 2030. Anthropic's projection for the same period: around $30 billion. Same race. 4x difference in cost. The-ai-corner

OpenAI is burning approximately $17 billion in cash this year. Internal documents project a $14 billion loss for 2026. The company does not project positive free cash flow until 2029. Anthropic projects positive free cash flow by 2027 — three years ahead of its main competitor, while generating more revenue. SaaStr

A new agreement with Google and Broadcom will deliver approximately 3.5 gigawatts of next-generation TPU capacity starting in 2027. Rather than relying solely on Nvidia GPUs, Anthropic is diversifying across Google TPUs, AWS Trainium chips, and Nvidia hardware — matching workloads to the chips best suited for them. Medium

Anthropic is investing its revenue advantage into infrastructure before it needs it. That's a different kind of discipline than raising $120 billion and spending it on training runs.

Why This Is a Bigger Deal Than a Revenue Chart

The revenue story is inseparable from Anthropic's deliberate choice to prioritise enterprise over consumers. The $30B ARR is earned by being useful to businesses, not by harvesting user attention. Vucense

The Pentagon labelled Anthropic a supply chain risk for refusing to arm autonomous weapons with Claude. Revenue accelerated anyway — from $19B to $30B ARR in the weeks after that clash became public. The enterprise customer base that drives Anthropic's revenue appears to have either ignored or positively responded to Anthropic's refusal to compromise. Vucense

One caveat worth stating plainly: OpenAI has argued that Anthropic is using a gross revenue accounting treatment with its deals with Amazon and Google that inflates top-line figures. The real net figure, by OpenAI's accounting, would be lower. Gardenzhome That dispute isn't settled. But even accounting for it, the trajectory is real, the enterprise customer count is real, and the Claude Code numbers are real.

Availability and What It Means for Developers

Anthropic operates its models on a diversified range of AI hardware — AWS Trainium, Google TPUs, and NVIDIA GPUs — which means it can match workloads to the chips best suited for them. Anthropic

The IPO question is now live. Anthropic is targeting October 2026, aiming to raise $60B+ at a $380B valuation. No S-1 has been filed. The timeline is subject to market conditions and the SEC's review of accounting methodology questions. Vucense

Anthropic's $30 billion run rate exceeds the trailing twelve-month revenues of all but approximately 130 S&P 500 companies. A company that was essentially pre-revenue in early 2024 now out-earns most of the Fortune 500. Medium

The company that left OpenAI to build AI more carefully just built a bigger business doing it. That's not an accident — it's a thesis proving out in real time. The question now isn't whether Anthropic belongs in the same conversation as OpenAI. It's whether the enterprise-first, developer-first model it validated is the one the rest of the industry will be chasing for the next decade.

Follow for more coverage on MCP, agentic AI, and AI infrastructure.

Vercel Just Confirmed a Security Breach. Here's What Actually Got Exposed — and Why It's Bigger Than One Company.

Om Shree — Mon, 20 Apr 2026 00:42:45 +0000

Vercel is the deployment layer for a meaningful percentage of the modern web. That's exactly what makes yesterday's confirmed breach something every developer should understand, not just Vercel customers.

The Problem It's Solving for Attackers

Vercel is a cloud platform that provides hosting and deployment infrastructure for developers, with a strong focus on JavaScript frameworks. The company is known for developing Next.js, a widely used React framework, and for offering services such as serverless functions, edge computing, and CI/CD pipelines that enable developers to build, preview, and deploy applications. Bleeping Computer In short: Vercel sits at the center of how thousands of startups and enterprises ship code. That's not an incidental detail. That's exactly why it became a target.

On April 19, 2026, Vercel published a security bulletin confirming that the company detected unauthorized access and has since engaged external incident response experts to investigate and contain the breach. Law enforcement has also been notified, and the company says it is continuing its forensic analysis while maintaining service availability. CyberInsider

How the Attack Actually Happened

This wasn't a brute-force attack on Vercel's perimeter. The entry point was far more insidious — and a warning for every engineering team running a modern SaaS stack.

Vercel's investigation revealed that the incident originated from a small, third-party AI tool whose Google Workspace OAuth app was the subject of a broader compromise, potentially affecting its hundreds of users across many organizations. Vercel Vercel has not publicly named the specific tool. The Verge reported that Vercel has not disclosed which specific third-party AI vendor served as the attack vector. Startup Fortune

The architecture of the attack matters here. Attackers do not always need to smash through a front door when they can slip in through a trusted integration. Some reporting said the intrusion may have started through a compromised third-party AI tool linked to Google Workspace, rather than a direct attack on Vercel itself. Prism News

Once inside, the blast radius expanded fast. Developer Theo Browne shared additional details, noting that Vercel's Linear and GitHub integrations bore the brunt of the attack. Yahoo!

What Teams Are Actually Dealing With Right Now

Here's what got exposed, based on what's been confirmed and what threat actors are claiming — those are two different things worth keeping separate.

A person claiming to be a member of ShinyHunters posted a file containing 580 employee records, including names, Vercel email addresses, account status, and activity timestamps. The same actor claimed access to internal deployments, API keys, NPM tokens, GitHub tokens, source code, and database data. Vercel has not independently verified those assertions. Prism News

It should be noted that while the hacker claims to be part of the ShinyHunters group, threat actors linked to recent attacks attributed to the ShinyHunters extortion gang have denied to BleepingComputer that they are involved in this incident. Bleeping Computer

The ransom demand adds another layer. In messages shared on Telegram, the threat actor claimed they were in contact with Vercel regarding the incident and that they discussed an alleged ransom demand of $2 million. Bleeping Computer The group is offering what they describe as access keys, source code, and database contents from Vercel, asking $2 million, with an initial payment of $500,000 in Bitcoin. Techweez

On the customer side, the immediate concern is environment variables. The main concern for Vercel customers is environment variables — configuration values your app uses at runtime, which includes things like API keys, database credentials, and signing tokens. The problem is anything that wasn't marked sensitive. Those values should be treated as compromised and rotated immediately. Techweez

However, environment variables marked as "sensitive" within the platform remained protected. Yahoo!

Why This Is a Bigger Deal Than One Breach

The reason this incident matters beyond Vercel's own customer list comes down to two words: supply chain.

What makes the claim worth paying attention to is the scale ShinyHunters is alluding to. Vercel hosts Next.js, which reportedly sees around 6 million weekly downloads. The group suggests that access to Vercel's internals could enable a supply chain attack — essentially, tampering with packages that millions of developers download and run in their own software. Techweez

If even part of that access turns out to be real, the fallout could extend well beyond employee privacy. Secrets and tokens can be reused to reach build systems, package registries, and source repositories, which is why researchers warned that the incident could become a supply-chain problem for startups, enterprises, and ordinary users relying on apps hosted or deployed through Vercel, including Next.js projects. Prism News

For crypto and Web3 developers specifically, the situation is acute. Many crypto and Web3 frontends deploy on Vercel, from wallet connectors to decentralized application interfaces. Projects storing API keys, private RPC endpoints, or wallet-related secrets in non-sensitive environment variables face potential exposure risk. The breach does not threaten blockchains or smart contracts directly, as those operate independently of frontend hosting. However, compromised deployment pipelines could theoretically allow build tampering for affected accounts. Yahoo!

And then there's the IPO angle. This breach lands at a brutal moment for Vercel's business trajectory. Reports from just days earlier highlighted a planned IPO following a reported 240% revenue surge, driven largely by enterprise adoption of AI-powered deployment workflows. Security incidents are notoriously damaging during a quiet period, when companies are legally restricted in how they can communicate with investors and the public. Startup Fortune

Availability and Access: What You Should Do Right Now

Vercel's guidance to customers covers several concrete steps: review account and environment activity logs for suspicious behavior, rotate environment variables and API keys, and leverage built-in features for managing sensitive variables. Substack

Vercel has also rolled out updates to its dashboard, including an overview page of environment variables and an improved interface for managing sensitive environment variables. Bleeping Computer

Vercel is publishing an IOC (indicator of compromise) to support the wider community in investigating and vetting potential malicious activity. They recommend that Google Workspace administrators and Google account owners check for usage of the compromised app immediately. Vercel

If you use Vercel: rotate every secret that wasn't explicitly marked sensitive. If your project built or deployed during the breach window, audit it regardless of whether you're in the "limited subset" Vercel is directly contacting. The investigation is still ongoing — the scope could expand.

The deeper lesson here isn't about Vercel specifically. It's about what happens when a small, trusted AI tool with OAuth access to your workspace becomes the softest point in your entire deployment chain — and you had no way to know it was compromised until someone started selling your tokens on BreachForums.

Credential hygiene and OAuth scope reviews aren't optional maintenance tasks anymore. They're the front line.

Follow for more coverage on MCP, agentic AI, and AI infrastructure.

Anthropic Just Launched Claude Design. Here's What It Actually Changes for Non-Designers.

Om Shree — Sun, 19 Apr 2026 05:31:03 +0000

Figma has been the unchallenged design layer for product teams for years. On April 17, 2026, Anthropic quietly placed a bet that the next design tool doesn't look like Figma at all — it looks like a conversation.

The Problem It's Solving

Design has always had a bottleneck that nobody talks about openly: the distance between the person with the idea and the person who can execute it. A founder has a vision for a landing page. A PM sketches a feature flow on a whiteboard. A marketer needs a campaign asset by end of day. In every case, they're either waiting on a designer, wrestling with a tool that wasn't built for them, or shipping something that looks like it was made in a hurry — because it was.

Even experienced designers face a version of this. Exploration is rationed. There's rarely time to prototype ten directions when you have two days before a stakeholder review. So teams commit early, iterate less, and ship with more uncertainty than they'd like.

Claude Design is Anthropic's answer to both problems simultaneously.

How It Actually Works

The product is powered by Claude Opus 4.7, Anthropic's latest and most capable vision model. The core loop is simple: describe what you need, Claude builds a first version, and you refine it through conversation. But the details of how that refinement works are what separate this from a glorified prompt-to-image tool.

You can comment inline on specific elements — not the whole design, a specific button or heading. You can edit text directly in the canvas. And in a genuinely interesting touch, Claude can generate custom adjustment sliders for spacing, color, and layout that let you tune parameters live without writing another prompt.

The brand system integration is the piece that makes this credible for actual teams rather than solo experiments. During onboarding, Claude reads your codebase and design files and assembles a design system — your colors, typography, components. Every project after that uses it automatically. Teams can maintain multiple systems and switch between them per project.

Input is flexible: start from a text prompt, upload images, DOCX, PPTX, or XLSX files, or point Claude at a codebase. There's also a web capture tool that grabs elements directly from your live site, so prototypes match the real product rather than approximating it.

Collaboration is organization-scoped. Designs can be kept private, shared view-only with anyone in the org via link, or opened for group editing where multiple teammates can chat with Claude together in the same canvas. Output formats include internal URLs, standalone HTML files, PDF, PPTX, and direct export to Canva.

The handoff to Claude Code is the closing piece of the loop. When a design is ready to build, Claude packages it into a handoff bundle that Claude Code can consume directly. The intent is to eliminate the translation layer between design and implementation entirely.

What Teams Are Actually Using It For

Anthropic lists six use cases, and they span a wider range of roles than you'd expect from a "design tool." Designers are using it for rapid prototyping and broad exploration. PMs are using it to sketch feature flows before handing off to engineering. Founders are turning rough outlines into pitch decks. Marketers are drafting landing pages and campaign visuals before looping in a designer to finish.

The early testimonials from teams are specific enough to be useful. Brilliant's senior product designer noted that their most complex pages — which previously required 20+ prompts in other tools — needed only 2 prompts in Claude Design. Datadog's PM described going from rough idea to working prototype before anyone leaves the room, with the output already matching their brand guidelines. Those aren't marketing abstractions; they're describing a workflow compression that most product teams would recognize as real.

Why This Is a Bigger Deal Than It Looks

The obvious read is that this is Anthropic entering the design tool market. The less obvious read is that Anthropic is extending the Claude Code workflow upward into the creative layer.

Claude Code already handles the bottom of the product development stack — reading codebases, writing and editing files, managing git workflows. Claude Design handles the top — ideation, visual prototyping, stakeholder-ready output. The handoff bundle between the two is not a nice-to-have; it's the architectural seam Anthropic is betting on. If that seam works reliably, the design-to-deployment loop stops requiring multiple tools, multiple handoffs, and multiple rounds of translation.

The Canva integration is also worth noting. Canva's CEO described the partnership as making it seamless to bring ideas from Claude Design into Canva for final polish and publishing. That positions Claude Design as the ideation and prototyping layer, with Canva as the finishing and distribution layer — rather than as direct competitors. It's a smart separation that gives Claude Design a clear lane without requiring it to replace every workflow Canva owns.

Availability and Access

Claude Design launched April 17, 2026, in research preview. It's available for Claude Pro, Max, Team, and Enterprise subscribers, included with your existing plan and counted against subscription limits. Extra usage can be enabled if you hit those limits.

Enterprise organizations get it off by default — admins enable it through Organization settings. Access is at claude.ai/design.

The research preview label matters. This is not a finished product. Anthropic says integrations with other tools are coming in the weeks ahead.

The gap between "person with an idea" and "polished thing that exists" has always been where time, money, and momentum go to die. Claude Design is a direct attempt to close it — and the Claude Code handoff suggests Anthropic is thinking about the full stack, not just the canvas.

Follow for more coverage on MCP, agentic AI, and AI infrastructure.

Anthropic Just Gave Claude a Design Studio. Here's What Claude Design Actually Does.

Om Shree — Sat, 18 Apr 2026 04:44:41 +0000

Figma has been the unchallenged center of digital design for years. Yesterday, Anthropic quietly placed a bet that AI can change that.

On April 17, Anthropic launched Claude Design - a new product under its Anthropic Labs umbrella that lets you collaborate with Claude to build visual work: prototypes, slides, wireframes, landing pages, one-pagers, and more. It's powered by Claude Opus 4.7, their latest vision model, and it's rolling out in research preview for Pro, Max, Team, and Enterprise subscribers right now.

This isn't Claude generating pretty mockups you paste into Figma. This is a full design loop - ideation, iteration, export, and handoff - without ever leaving the chat.

The Problem It's Solving

Anthropic frames the core issue well: even experienced designers ration exploration. There's never enough time to prototype ten directions, so you pick two or three and commit. And for founders, PMs, and marketers who have a strong vision but no design background, turning ideas into shareable visuals has always required either hiring someone or learning tools that take months to master.

Claude Design is trying to solve both problems at once. Give designers room to explore widely. Give everyone else a way to produce visual work that doesn't look like a Canva template from 2019.

How the Workflow Actually Works

The flow is more structured than you'd expect from a chat-based tool.

Your brand gets built in first. During onboarding, Claude reads your codebase and design files to build a design system - your colors, typography, components. Every project after that inherits it automatically. No more pasting hex codes into every prompt.

You can start from anything. A text prompt, uploaded images, a DOCX, PPTX, or XLSX file, your codebase, or a live website via the web capture tool. If you want the prototype to look like your actual product, you point it at your site and Claude pulls the elements directly.

Iteration happens inline. You can comment on specific elements, edit text directly, or use custom adjustment knobs - built by Claude - to tweak spacing, color, and layout live. Then ask Claude to apply changes across the entire design at once.

Collaboration is organization-scoped. Keep designs private, share a view-only link inside your org, or grant edit access so teammates can jump into the same conversation with Claude together.

Export goes everywhere. Standalone HTML, PDF, PPTX, a shareable internal URL, or directly to Canva. The Canva integration is a first-class feature - designs land as fully editable Canva files, ready to refine and publish.

Handoff goes to Claude Code. When a design is ready to build, Claude bundles everything into a handoff package you pass to Claude Code with a single instruction. Design to implementation in one pipeline.

What Teams Are Actually Using It For

Anthropic lists six core use cases, and they're more specific than the usual "boost your productivity" marketing copy:

Realistic prototypes - Designers turn static mockups into interactive, shareable prototypes without touching code or going through PR review.
Product wireframes - PMs sketch feature flows and hand off directly to Claude Code for implementation, or to designers for refinement.
Design explorations - Quick generation of a wide range of visual directions to explore before committing.
Pitch decks and presentations - From rough outline to on-brand deck in minutes, exported as PPTX or sent to Canva.
Marketing collateral - Landing pages, social media assets, campaign visuals, ready for designer polish.
Frontier design - Code-powered prototypes with voice, video, shaders, 3D, and built-in AI.

That last one is the most interesting. "Frontier design" positions this beyond Figma's territory entirely - into interactive, AI-native artifacts that traditional design tools can't produce at all.

What Early Users Are Saying

Three companies shared early reactions, and the numbers are specific enough to be credible.

Brilliant, the interactive learning platform, noted that their most complex pages - which previously took 20+ prompts to recreate in other tools - required only 2 prompts in Claude Design. Their Senior Product Designer called the prototype-to-production handoff with Claude Code "seamless."

Datadog's product team reported going from rough idea to working prototype before anyone leaves the room. Work that previously took a week of back-and-forth between briefs, mockups, and review rounds now happens in a single conversation.

Canva co-founder and CEO Melanie Perkins framed the integration as a natural extension of their mission - bringing Canva to wherever ideas begin. When a design exits Claude Design into Canva, it becomes fully editable and collaborative immediately.

Why This Is a Bigger Deal Than It Looks

Most AI design tools have been wrappers - you describe something, get an image, manually replicate it in your actual design tool. Claude Design is different in structure. The brand system, the inline editing, the Claude Code handoff, the Canva export - these aren't convenience features. They're the infrastructure of a complete design workflow.

What Anthropic is building here is a design agent, not a design assistant. One that holds context about your brand, your product, your team's work, and the full history of a project. That's the same pattern we've seen with Claude Code in engineering - an AI that doesn't just answer questions but participates in the actual production pipeline.

The implications for teams without dedicated design resources are significant. A founder with a clear vision and access to Claude Pro can now go from napkin sketch to investor-ready prototype without a single design hire. A PM can produce a feature wireframe precise enough to hand off to engineering directly. A marketer can generate a campaign landing page in a conversation.

Availability and Access

Claude Design is available now in research preview for Pro, Max, Team, and Enterprise subscribers at claude.ai/design. Access is included in your existing plan and uses your subscription limits, with the option to enable extra usage if you go beyond them.

For Enterprise orgs, it's off by default - admins can enable it via Organization settings.

Anthropic says integrations with more tools are coming in the next few weeks.

Design just became part of the agentic stack. The question now is how fast the design community actually adopts it - and what Figma does next.

Follow for more coverage on MCP, agentic AI, and AI infrastructure.