Kleiner Perkins closed a $3.5B fund split $1B early-stage and $2.5B growth-stage, explicitly structured around AI bets. This signals top-tier conviction that the AI investment window is still wide open at both ends of the company lifecycle. The fund size and structure confirm late-stage AI companies will have dry powder available to avoid down-round pressure.
Anthropic shipped an 'auto mode' for Claude Code that reduces approval friction for multi-step coding tasks, while embedding safety guardrails to limit blast radius. This is a deliberate step toward agentic coding workflows where the model self-directs execution loops. It positions Claude Code as a direct competitor to Cursor, Devin, and GitHub Copilot Workspace in the autonomous dev tools race.
OpenAI open-sourced a set of safety policies and developer tools specifically scoped to protect minor users in AI applications. The release lowers compliance overhead for consumer app builders targeting under-18 audiences. This is partly regulatory positioning — COPPA enforcement and EU AI Act age-verification requirements are converging on this exact problem.
Databricks acquired Antimatter (data access controls) and SiftD.ai (AI-specific threat detection) to build a native AI security layer into its platform. This is a direct move to own the security narrative as enterprises push sensitive workloads into Lakehouse environments. It signals that standalone AI security startups face an accelerating acqui-hire or get-bundled dynamic from platform players.
A self-propagating worm has been found compromising open source packages and deploying a destructive wiper payload targeting machines geolocated in Iran. The self-propagation mechanism through package ecosystems makes this significantly more dangerous than a static supply chain compromise. This is part of a broader wave of supply chain attacks hitting developer infrastructure this week, including the LiteLLM and Trivy incidents.
Trivy, one of the most widely deployed open source container vulnerability scanners, has been compromised in an active supply chain attack. The irony of a security tool becoming the attack vector makes this particularly high-impact — Trivy runs with elevated permissions in many CI/CD pipelines by design. Rotate secrets and verify your Trivy binary hash immediately if you're running it in automated workflows.
Triggered by the LiteLLM supply chain attack, Simon Willison revisits the 'dependency cooldown' concept — deliberately delaying installation of newly published package versions by 48-72 hours to allow community detection of malicious packages before they hit production. The idea is operationally simple but culturally counter to the default 'always latest' mindset baked into most CI pipelines. Given this week's cluster of supply chain incidents, the proposal has renewed urgency.
LiteLLM versions 1.82.7 and 1.82.8 on PyPI contained a hidden credential stealer in a `.pth` file, meaning the malicious code executed automatically at Python startup without any explicit `import litellm` — simply having the package installed was sufficient for compromise. LiteLLM is one of the most widely used AI infrastructure libraries, sitting in the dependency tree of thousands of production AI applications. Any environment that installed these versions should be treated as fully compromised.
Arm is breaking from its pure IP licensing model to produce its own CPU, co-developed with Meta as the launch customer. This is a structural shift that puts Arm in direct competition with its own licensees — Qualcomm, Apple, and Ampere should all be recalibrating their roadmaps. Meta's involvement suggests the chip is optimized for hyperscale AI inference workloads, not general compute.
Sebastian Raschka published a visual explainer covering the full attention variant landscape — MHA, GQA, MLA, sparse attention, and hybrid architectures — with architectural diagrams mapping the tradeoffs. This is a high-signal reference for anyone evaluating or building model architectures, as attention design is now the primary lever for inference cost and context length scaling. The timing aligns with MLA (from DeepSeek) and hybrid sparse-dense attention becoming production choices, not just research options.
That's today's briefing.
Get it in your inbox every morning — free.
Help us improve AI in News
Got a suggestion, bug report, or question?