AI News Digest — April 4, 2026

The agentic coding era accelerates: GitHub opened the floodgates with a full Copilot SDK for building custom AI agents in five languages, Anthropic made a surprise move to lock down third-party Claude access, and a sophisticated social engineering attack compromised a widely-used npm package. Here’s your daily briefing.

GitHub Copilot SDK — Public Preview

GitHub released the Copilot SDK into public preview, and it’s a significant evolution of the platform. The SDK lets developers build custom tools, agents, and extensions that integrate directly with Copilot’s infrastructure — across five languages: Node.js, Python, Go, .NET, and Java.

Key capabilities:

Custom tools and agents: Define your own tools that Copilot can invoke during coding sessions — think internal API lookups, custom linters, deployment triggers, or documentation generators
Streaming responses: Real-time token streaming for responsive UX
OpenTelemetry integration: Built-in observability for tracking agent performance and usage
Bring Your Own Key (BYOK): Use your own model provider keys instead of relying solely on GitHub’s defaults
Permission framework: Fine-grained control over what agents can and can’t do — critical for enterprise deployments
Blob attachments: Pass binary data (images, files) to and from agents

This is GitHub’s answer to the growing ecosystem of AI coding agents. Rather than just being a completion engine, Copilot is becoming a platform. If you’re building developer tools, the SDK is available now in the @github/copilot-sdk npm package and equivalent PyPI/Go modules.

GitHub Copilot CLI — `/fleet` for Parallel Agent Dispatch

Alongside the SDK, GitHub introduced /fleet in Copilot CLI — a command that dispatches multiple AI agents in parallel. Instead of running a single agentic task sequentially, /fleet spins up several agents simultaneously to handle different aspects of a task.

Use cases include parallel code review across multiple files, simultaneous test generation and documentation updates, or running multiple refactor strategies and comparing results. For developers working in large codebases, this could meaningfully reduce iteration time on complex multi-file changes.

Anthropic Cuts Third-Party Claude Access

In a move that sent ripples through the AI developer community, Anthropic announced that Claude subscriptions will no longer cover third-party access starting April 4. The change effectively bans services like OpenClaw (and presumably other wrapper/aggregator apps) from using Claude under individual subscription credentials.

The implication is clear: if you want Claude API access through a third-party tool, you’ll now need to pay separately for API usage rather than piggybacking on a personal Claude Pro/Team subscription. For developers building tools that integrate with Claude, this means you need your own Anthropic API key and direct billing relationship — no more routing through consumer subscriptions.

This move aligns with Anthropic’s broader strategy of controlling how Claude is accessed and ensuring direct billing relationships with all API consumers.

A sophisticated supply chain attack on the axios npm package was disclosed today, and the attack vector is a cautionary tale for every open source maintainer.

What happened: An attacker social-engineered the axios maintainer, convincing them to add a dependency called plain-crypto-js to the package. That dependency contained malicious code that could exfiltrate data from projects using axios.

Why it matters: Axios is one of the most downloaded npm packages in existence — billions of weekly downloads across the JavaScript ecosystem. Any compromise at that level has enormous blast radius.

Lessons for developers:

Audit dependency additions carefully, even when they come from trusted maintainers
Use npm audit and lockfiles religiously
Consider pinning exact versions and using npm ci in CI/CD
For critical packages, subscribe to security advisories (GitHub Dependabot, Snyk, etc.)

The axios team has since removed the malicious dependency and published a patched version. If you’re running axios, update immediately.

HuggingFace Ecosystem Embraces Gemma 4

Following Google’s Gemma 4 release (covered in yesterday’s digest), HuggingFace rolled out comprehensive ecosystem support across their entire platform:

Transformers: Full integration with the transformers library for all four Gemma 4 variants
llama.cpp: GGUF quantized versions available for local inference
MLX: Apple Silicon optimized builds for M-series Macs
transformers.js: WebGPU-powered in-browser inference — run Gemma 4 E2B directly in the browser
mistral.rs: Rust-based inference backend support
TRL: Fine-tuning recipes and RLHF training pipelines
Unsloth Studio: 2x faster fine-tuning with memory optimization

The breadth of this ecosystem integration is remarkable — within 48 hours of release, you can run Gemma 4 in Python, JavaScript, Rust, on CPU, GPU, Apple Silicon, or in a browser. The Apache 2.0 licensing means all of this is commercially viable. If you’re evaluating open models for production use, Gemma 4’s ecosystem readiness is a strong signal.

Cursor Launches Agent-Based Coding Workflows

Cursor, the AI-first code editor, launched new agent-based coding workflows that go beyond simple code completion. The new system allows developers to describe multi-step tasks in natural language and have Cursor’s AI agent plan, execute, and verify the changes across multiple files.

The approach is similar to what GitHub is building with Copilot agents but integrated directly into the editor experience. Early reports suggest it handles refactoring, test writing, and feature implementation across codebases with reasonable reliability.

For developers tracking the agentic coding space, the competition between Cursor, GitHub Copilot, and independent agents (Claude Code, Aider, etc.) is heating up fast.

OpenAI Closes $122B Funding Round

OpenAI officially closed its $122 billion funding round, making it the largest single funding event in AI history. The company also disclosed that ChatGPT now has 900 million weekly active users — a staggering number that puts it in the same league as the largest consumer platforms globally.

Meanwhile, OpenAI COO Brad Lightcap is transitioning to a “special projects” role, suggesting an internal reorganization as the company scales. The combination of massive funding, enormous user base, and leadership changes signals that OpenAI is positioning for its next phase — likely involving infrastructure, hardware, and enterprise products beyond ChatGPT.

Anthropic Acquires Coefficient Bio, Forms PAC

Two notable moves from Anthropic:

Coefficient Bio acquisition (~$400M): Anthropic acquired a biotech company specializing in AI-driven drug discovery. This is a surprising vertical expansion — Anthropic is moving beyond pure AI model development into applied AI for life sciences.
Political Action Committee: Anthropic registered a federal PAC, signaling that the company intends to engage more directly in AI policy and regulation discussions in Washington.

Taken together, these suggest Anthropic is thinking beyond the model provider business and investing in both application domains and political influence.

Perplexity AI is being sued over allegations that it shared user conversations with Meta and Google for AI training purposes. The lawsuit claims that Perplexity’s data sharing practices violated user privacy expectations and potentially breached its own terms of service.

This case could set important precedent for how AI search and chat tools handle conversation data. If you’re building tools that process user conversations, this is worth watching closely — the legal landscape around AI training data is still very much in flux.

Salesforce Slack AI Makeover

Salesforce rolled out a massive AI-powered redesign of Slack with over 30 new features, including:

AI-generated conversation summaries
Smart channel recommendations
Automated action item extraction from messages
AI-powered search across channels and DMs
Integrated AI drafting for messages and threads

For developers building on the Slack platform, these changes mean the API and interaction patterns may evolve. Salesforce is clearly betting that AI-native collaboration tools will be the next competitive battleground.

Simon Willison’s Corner: Agentic Engineering

Simon Willison shared key insights on agentic engineering from a recent podcast appearance:

The term “agentic” is settling on a specific meaning: systems where an LLM operates in a loop, deciding which tools to call based on intermediate results
The key challenge isn’t building agents — it’s building reliable ones that don’t go off the rails
Tool design is the new prompt engineering: How you define the tools an agent can access matters more than how you phrase the system prompt
Evaluation is the bottleneck: We need better frameworks for measuring whether agents actually completed tasks correctly

He also noted that the most successful agentic applications so far are narrow and well-scoped — coding assistants, data analysis pipelines, and research tools — rather than general-purpose agents.

Quick Hits

LiteLLM/Mercor security breach: A security incident was disclosed affecting LiteLLM and Mercor — details are still emerging, but if you use either service, rotate your API keys as a precaution.
KiloClaw launched for shadow AI governance: A new tool for enterprises to discover and manage unauthorized AI tool usage across their organizations — addressing the growing “shadow AI” problem.
Okta CEO doubles down on AI agent identity: Following yesterday’s announcement, more details emerged on Okta’s plans to build authentication infrastructure specifically for AI agents acting on behalf of humans.

Tool & Release Radar

What	Details
GitHub Copilot SDK (Public Preview)	Build custom Copilot agents in Node.js, Python, Go, .NET, Java
GitHub Copilot CLI `/fleet`	Parallel agent dispatch for multi-task coding
HuggingFace Gemma 4 ecosystem	transformers, llama.cpp, MLX, WebGPU, TRL, Unsloth support
Cursor Agent Workflows	Multi-step agentic coding in the editor
Axios (patched)	Fix for supply chain attack — update immediately

This digest is published daily at 5pm AEST. Got a tip or a tool we should cover? Drop it in the comments. Tomorrow’s edition will cover developments from April 5, 2026.