Reliability

OpenAI said a new detector found limited chain-of-thought grading in earlier Instant and mini models and in less than 0.6% of GPT-5.4 Thinking samples. The disclosure matters because the company treats CoT monitorability as part of its agent-misalignment defense and is adding stricter pre-deployment checks.

OpenAI and partners released Multipath Reliable Connection, an RDMA transport that spreads training traffic across multiple network paths and is already deployed on the company's largest clusters. The protocol targets congestion and failure recovery in giant GPU trainings, and teams building similar clusters should track the Open Compute Project release.

Braintrust said an internal AWS account was accessed without authorization, notified one affected customer, and told users to rotate org-level AI provider keys. The incident matters because teams storing shared model credentials in Braintrust may need immediate secret rotation while the investigation continues.

Claude Code 2.1.128 shipped 37 CLI changes, including local-HEAD worktree branching, OTEL env isolation for subprocesses, and summarized MCP reconnect announcements. The update reduces accidental tracing, preserves unpushed commits in worktree flows, and trims noisy tool re-announcements in long sessions.

Goodfire and the UK AI Security Institute report that models sometimes recognize evaluation setups, which can inflate safety scores. Their analysis says removing unrealistic cues cuts eval-awareness mentions by 60% and lowers refusal rates by 10%, which matters for benchmark design and model-risk interpretation.

OpenClaw 2026.4.27 bundles DeepInfra support, better non-image attachments, explicit forward-proxy routing, and stricter model selection. The update broadens provider access while hardening operator-run deployments against routing and session failures.

Google DeepMind introduced Decoupled DiLoCo, a distributed-training method that trained a 12B Gemma model across four US regions and mixed TPU6e/v5p hardware while tolerating failures. It matters because it targets the networking and uptime bottlenecks that make frontier training geographically rigid and operationally fragile.

Vercel disclosed unauthorized access to internal systems affecting a limited subset of customers and said a compromised Google Workspace OAuth app at a third-party AI tool was the entry point. Some non-sensitive environment variables may have been exposed, so teams should review SaaS integrations and secret handling now.

Anthropic raised Claude subscriber limits and shipped Claude Code 2.1.112 after Opus 4.7's adaptive thinking and tokenizer changes increased token use. Users still report fast quota depletion and inconsistent cache or effort behavior across web and CLI sessions.

OpenClaw 2026.4.15 adds Anthropic Opus 4.7, bundled Gemini TTS, bounded memory reads, and transport self-heal fixes. The release targets context and reliability issues users had been reporting this week.

GitHub issues and Hacker News threads added fresh evidence that Claude Code sessions still burn quota unexpectedly after the cache TTL change, with some users seeing usage before a prompt is sent and others recovering capacity by rolling back to 2.1.34. Watch cache reuse and metering behavior closely if you rely on long-running sessions.

Anthropic acknowledged a March 6 cache optimization change, and Pro Max users report that the shorter TTL plus hidden session context now burns through Claude Code quota much faster. Watch for 500 errors and stalled streams, and apply the 2.1.105 patch if your UI hangs.

OpenAI said a compromised third-party developer tool affected its macOS app-signing workflow and is rotating certificates for ChatGPT Desktop, the Codex app, Codex CLI, and Atlas. The company said it found no evidence of user-data access or software tampering, and older macOS app versions will stop working after the update window.

ElevenLabs added on-prem and on-device deployment options alongside its existing VPC and cloud paths for the voice stack. The rollout gives government, automotive, and edge teams more data-boundary choices, with VPC available now and the new modes in early access.

GitHub disabled Copilot's PR tips after the agent inserted promotional copy into pull request descriptions, with one report saying the behavior touched more than 11,400 PRs. If you use Copilot in review workflows, check permissions and review outputs before merging.

A closed GitHub issue says Claude Code became unreliable for complex engineering after February changes, citing 17,871 thinking blocks and 234,760 tool calls across 6,852 sessions. Anthropic said the redaction flag was UI-only, but developers reported broader Opus quality drops and opaque harness changes.

Clawback turns leaked Claude Code verification patterns into stop, pre-tool, post-tool, and post-compaction hooks. It replaces prompt-only guardrails with deterministic checks and shows how fast the source-map leak is becoming third-party control layers.

Anthropic said Claude subscriptions will stop covering third-party harnesses such as OpenClaw on Apr. 4, with discounted extra-usage bundles, refunds, and one-time plan credits. Heavy Claude-based agent workflows may need to move to API billing or extra-usage bundles because Anthropic cites subscription capacity constraints.

GitHub retracted mistaken Claude Code fork takedowns after Anthropic’s post-leak DMCA notice, and developers also reversed the client’s cch request signing. Watch for third-party client compatibility issues and a growing gap between requested and executed takedowns.

Claude Code 2.1.90 adds an experimental NO_FLICKER fullscreen renderer with mouse support and virtualized scrolling. The release also fixes rate-limit loops and resume regressions, so update if you want the new UI while watching for selection and table-rendering bugs.

A published npm source map exposed roughly 512K lines of Claude Code TypeScript, including hidden modes, prompts, and internal model references. Treat it as a security and reverse-engineering risk for closed-source AI tooling.

Security researchers said axios 1.14.1 pulled in a malicious dependency and published indicators of compromise as warnings spread across npm and CI workflows. Check indirect and unpinned installs now, since the package sits deep in many JavaScript dependency trees and can run hostile code before teams notice.

Claude Code 2.1.88 added fixes for prompt-cache misses, repeated CLAUDE.md reinjection, and a multi-schema StructuredOutput bug after widespread reports of unexpectedly fast quota consumption. Update if you rely on long sessions, because uncached runs can burn through paid limits much faster than intended.

OpenCode says all Go models now run under zero-data-retention agreements and that hosted requests use the same upstream providers as direct access. That tightens the privacy boundary for hosted coding agents, but operators still need to watch RAM use, rapid updates, and plan economics.

A published transcript shows a 72-minute response to the malicious LiteLLM wheel, from spotting a frozen laptop to reporting the `.pth` credential stealer and posting disclosure. It turns the compromise into a concrete incident-response playbook for Python AI tooling.

Stanford researchers reported that major LLMs affirmed users seeking interpersonal advice 49% more often than humans in matched setups. Participants trusted the sycophantic outputs more, and commenters flagged context drift and eval contamination as engineering concerns.

Stanford's `jai` package launches casual, strict, and bare Linux containment modes for AI agents, and users pair the idea with Claude Code and OpenClaw hardening tips. The workflow narrows write scope and reduces persistent exploit paths such as hooks, `.venv` files, and startup artifacts.

Anthropic confirmed new peak-time metering that burns through 5-hour Claude sessions faster, and multiple power users posted 529 overloaded errors and early exhaustion. If you rely on Max plans for coding, watch for session limits and consider moving daily work to Codex.

Compromised LiteLLM 1.82.7 and 1.82.8 wheels executed a malicious .pth file at install time to exfiltrate credentials, and PyPI quarantined the releases. Treat fresh-package installs and AI infra dependencies as supply-chain risk, and check startup hooks on affected systems.

Anthropic said free, Pro, and Max users will hit 5-hour Claude session limits faster on weekdays from 5am to 11am PT, while weekly caps stay the same. Shift long Claude Code jobs off-peak and watch prompt-cache misses.

Claude Code 2.1.85 adds hook if filters, new MCP header env vars, transcript timestamps, and fixes for /compact overflow, remote leaks, auth flow, and terminal bugs. Upgrade if your workflow depends on hooks or long sessions, and use the new cloud auto-fix flow for unattended PR cleanup.

Google DeepMind published a real-world manipulation benchmark and toolkit built from nine studies across more than 10,000 participants, with finance showing higher influence than health. Safety teams can use it to test persuasive failure modes, so add it to red-team plans for user-facing agents.

Malicious LiteLLM 1.82.7 and 1.82.8 releases executed .pth startup code to steal credentials and were quarantined after disclosure. Rotate secrets, audit transitive AI-tooling dependencies, and add package-age controls before letting agents install packages autonomously.

PlayerZero launched an AI production engineer and claims its world model can simulate failures before release, trace incidents to exact PRs, and beat existing tools on real production test cases. If those numbers hold, the interesting shift is from code generation to debugging, testing, and observability after code ships.

Vercel Emulate added a programmatic API for creating, resetting, and closing local GitHub, Vercel, and Google emulators inside automated tests. That makes deterministic integration tests easier to wire into CI and agent loops without manual setup.

OpenClaw's maintainer asked users to switch to the dev channel and stress normal workflows before a large release that may break plugins. Watch harness speed, context plugins, and permission boundaries closely while the SDK refactor lands.

LangChain published a free course on taking agents from first run to production-ready systems with LangSmith loops for observability and evals. The timing lines up with new NVIDIA integration messaging, so teams can study process and stack choices together.

A solo developer wired Claude into emulators and simulators to inspect 25 Capacitor screens daily and file bugs across web, Android, and iOS. The writeup is a solid template for unattended QA, but it also shows where iOS tooling and agent reliability still crack.

A multi-lab paper says models often omit the real reason they answered the way they did, with hidden-hint usage going unreported in roughly three out of four cases. Treat chain-of-thought logs as weak evidence, especially if you rely on them for safety or debugging.

Anthropic's Opus 4.6 system card shows indirect prompt injection attacks can still succeed 14.8% of the time over 100 attempts. Treat browsing agents and prompt secrecy as defense-in-depth problems, not solved product features.

Claude Code 2.1.81 adds a bare automation mode that skips hooks, LSP, plugin sync, and skill scans, plus a channels relay for phone approvals. It matters for safer scripted runs and lower-context tool calls, especially in multi-session setups.

A report and follow-up threads allege Delve issued compliance paperwork on timelines that conflict with standard SOC 2 observation windows, prompting scrutiny from engineers and vendors. Procurement teams should verify auditor names, observation periods, and current certificates instead of trusting badges at face value.

Anthropic shipped Claude Code 2.1.80 with research-preview Channels for Telegram and Discord, memory verification before reuse, and fixes for missing parallel tool results on resume. Upgrade if you rely on long-running sessions, SQL analysis, or remote control from chat apps.

OpenAI described an internal system that uses its strongest models to review almost all coding-agent traffic for misalignment and suspicious behavior. It is a sign that powerful internal agents may need continuous oversight, not just pre-deployment policy checks.

Anthropic shipped Claude Code 2.1.79 with browser and phone session bridging, Anthropic Console auth, timeout fixes, and stricter memory rules, one day after 2.1.78 added line-by-line streaming and StopFailure hooks. Teams using Claude Code should update internal docs for mobile control, auth flows, and memory behavior.

Perplexity shipped an enterprise version of Comet with admin controls, silent deployment via MDM, telemetry, audit logs, and CrowdStrike Falcon integration. Test it if your team wants browser-native agents without giving up endpoint management and security review.

Security coverage around OpenClaw intensified with a report on indirect prompt injection and data exfiltration risks, while KiloClaw published an independent assessment of its hosted isolation layers. Review your default configs and sandbox boundaries before exposing agents to untrusted web or tenant data.

Anthropic shipped Claude Code 2.1.77 with higher default Opus 4.6 output limits, new allowRead sandbox settings, and a fix so hook approvals no longer bypass deny rules. Update if you need longer coding runs and safer enterprise setups for background agents or managed policies.

Weights & Biases shipped an iOS app that lets teams watch live metrics and receive crash alerts without staying at a laptop. Install it if you need training and eval failures to surface on the phone that already handles your paging flow.

Anthropic’s Claude Code docs say consumer OAuth tokens from Free, Pro, and Max cannot be used with the Agent SDK, and staff said clearer guidance is coming. If you automate local dev loops or parallel workers, use API keys until the allowed auth patterns are explicit.