Security

Anthropic released a Security Guidance plugin for Claude Code through the plugin marketplace and said internal use cut security-related PR comments by 30-40%. Teams can also enforce repo or MDM-distributed claude-security-guidance.md rules, making Claude Code a first-pass policy check before review.

Posts citing court filings said OpenAI had to preserve deleted ChatGPT and some non-ZDR API logs from May to September 2025 and later hand over 20 million de-identified chats in the NYT case. The issue matters because deleted chats were not immediately gone for affected users, including people storing sensitive creative or client work in ChatGPT.

Claude Code introduced /ultrareview in research preview, sending parallel bug-hunting agents to scan critical changes and return findings in the CLI or Desktop. That matters because Pro and Max users get three free runs through May 5, and analysis threads frame it as a lower-noise answer to conventional AI review false positives.