AI News Digest — 2026-04-01

Highlights

OpenAI Raises $122B at $852B Valuation: Led by Amazon, Nvidia, and SoftBank, OpenAI’s monster funding round includes $3B from retail investors and positions the company for a near-term IPO.
Axios npm Package Compromised in Supply Chain Attack: The JavaScript HTTP client library with 100M+ weekly downloads was hijacked — possibly by North Korean threat actors — to deliver cross-platform RATs to Linux, Windows, and macOS.
Google Vertex AI Agents Can Be Weaponized Against Cloud Infrastructure: Palo Alto researchers demonstrate how over-privileged Vertex AI agents can be exploited to exfiltrate sensitive data and compromise cloud environments.
Quantum Computers Need Far Fewer Resources to Break Elliptic Curve Encryption: New research tightens the timeline for “Q Day,” reducing the resource estimate needed to break widely-used cryptography.
Anthropic Accidentally Publishes Claude Code Source Code: Parts of the Claude Code source were briefly made public — Anthropic’s second significant disclosure mishap in recent weeks.

News

AI Security

Axios NPM Package Compromised in Precision Attack (Dark Reading) — Versions 1.14.1 and 0.30.4 were found to inject a malicious dependency delivering RATs; North Korean actors suspected.
Hackers Compromise Axios npm Package to Drop Cross-Platform Malware (BleepingComputer) — Full technical breakdown of how the npm account was hijacked and the malware payload delivered.
Axios Supply Chain Attack Pushes Cross-Platform RAT via Compromised npm Account (The Hacker News) — StepSecurity identified the fake “plain-crypto-js” dependency as the infection vector.
Google’s Vertex AI Has an Over-Privileged Problem (Dark Reading) — Palo Alto Networks Unit 42 shows how misuse of Vertex AI’s permission model can cascade into cloud-wide breaches.
Vertex AI Vulnerability Exposes Google Cloud Data and Private Artifacts (The Hacker News) — AI agents can be weaponized to gain unauthorized access across an organization’s cloud environment.
Cisco Source Code Stolen in Trivy-Linked Dev Environment Breach (BleepingComputer) — Threat actors leveraged credentials stolen in the earlier Trivy supply chain attack to breach Cisco’s internal development environment.
AI and Quantum Are Forcing a Rethink of Digital Trust (Dark Reading) — DigiCert CEO outlines how AI-generated identities and quantum threats are upending the foundations of PKI and digital trust.
Quantum Computers Need Vastly Fewer Resources Than Thought to Break Vital Encryption (Ars Technica) — New neutral-atom advances shrink the resource barrier to breaking elliptic curve cryptography.
How to Categorize AI Agents and Prioritize Risk (BleepingComputer) — Token Security’s framework for CISOs: AI agent risk scales with access to systems and level of autonomy.
The AI Arms Race – Why Unified Exposure Management Is Becoming a Boardroom Priority (The Hacker News) — Threat actors are weaponizing AI to accelerate attacks; organizations need exposure management that matches that speed.
Iran Deploys ‘Pseudo-Ransomware,’ Revives Pay2Key Operations (Dark Reading) — Iranian APTs are blurring lines between state-sponsored and cybercriminal activities against US organizations.
TeamPCP Breaches Cloud, SaaS Instances With Stolen Credentials (Dark Reading) — Threat group demonstrates rapid attacks on AWS, Azure, and SaaS using compromised credentials, shrinking defenders’ response window.

USA

OpenAI, Not Yet Public, Raises $3B From Retail Investors in Monster $122B Fund Raise (TechCrunch) — Values OpenAI at $852B; funds will go toward frontier AI compute, Codex, and ChatGPT global expansion.
Accelerating the Next Phase of AI (OpenAI Blog) — Official announcement of the $122B round including a $455B order with Oracle for AI data center infrastructure.
Anthropic Accidentally Publishes Claude Code Source Code for Anyone to Find (The Decoder) — Follows a recent internal blog post leak about Anthropic’s Mythos model; the source code was briefly publicly accessible.
OpenAI Launches a Codex Plugin That Runs Inside Anthropic’s Claude Code (The Decoder) — Developers can now invoke OpenAI’s Codex for code review and task delegation without leaving the Claude Code interface.
California Sets Its Own AI Rules for State Contractors, Pushing Back Against Federal Policy (The Decoder) — Governor Newsom’s executive order requires state-contracted companies to implement anti-AI-misuse safeguards, countering the federal deregulatory posture.
Oracle Reportedly Lays Off Thousands to Bankroll Its Massive AI Infrastructure Bet (The Decoder) — With stock down 25% and a $455B OpenAI order whose materialization is uncertain, Oracle is betting its workforce on data center expansion.
AI Benchmarks Are Broken. Here’s What We Need Instead. (MIT Technology Review) — AI-vs-human framing fails to capture real-world collaborative deployment; new evaluation paradigms are needed.
Frontier Radar #2: Why AI Productivity Gets Lost Between Benchmarks and the Balance Sheet (The Decoder) — Verification overhead, incomplete metrics, and organizational inertia prevent benchmark gains from translating into economic impact.
Workers Around the World Are Not Getting What They Want From AI (Rest of World) — A 60-country survey finds the majority of workers facing AI-driven job displacement do not trust companies or governments to manage the transition.
Art Schools Are Being Torn Apart by AI (The Verge) — Creative education programs are fracturing as generative AI rewrites the value of design and animation skills.
You Can Now Use ChatGPT with Apple’s CarPlay (The Verge) — iOS 26.4 adds support for “voice-based conversational apps” in CarPlay; ChatGPT is the first to ship.
Yupp Shuts Down After Raising $33M From a16z Crypto’s Chris Dixon (TechCrunch) — Crowdsourced AI model feedback startup closes less than a year after launch despite backing from prominent Silicon Valley investors.
Nomadic Raises $8.4M to Wrangle the Data Pouring Off Autonomous Vehicles (TechCrunch) — Converts AV and robot footage into structured, searchable datasets using deep learning.
Exclusive: Runway Launches $10M Fund and Builders Program (TechCrunch) — Runway backs early-stage companies building on its AI video models, eyeing “video intelligence” as the next frontier.
Google’s Veo 3.1 Lite Cuts Video Generation Costs by More Than Half (The Decoder) — Pricing drops below half the next-cheapest model while matching its generation speed.
Qwen3.5-Omni Learned to Write Code from Spoken Instructions and Video Without Anyone Training It To (The Decoder) — Alibaba’s omnimodal model shows emergent capability for code generation from audio/video input that wasn’t explicitly trained.

Europe

Nebius Plans $10 Billion AI Data Center in Finland Near Russian Border (The Decoder) — A 310-megawatt facility in Lappeenranta signals continued AI infrastructure investment in Northern Europe.
Dutch Finance Ministry Takes Treasury Banking Portal Offline After Breach (BleepingComputer) — Cyberattack detected two weeks ago prompted shutdown of the government’s treasury banking digital portal while investigation continues.

Japan (AI & Tech)

ComfyUIにメモリ最適化技術「Dynamic VRAM」が追加 (Gigazine) — The node-based AI generation tool now enables high-speed local image and video generation on low-VRAM PCs by default.
東京都、「データセンター建設のガイドライン」策定 (ITmedia AI+) — Tokyo Metropolitan Government formalizes guidelines for data center construction, facilitating dialogue between operators and residents.
Microsoft 365 CopilotにOpenAIとAnthropicのAIモデルを1つのプロンプトで同時実行する機能が追加される (Gigazine) — Microsoft 365 Copilot’s Researcher feature begins testing dual-model execution, running OpenAI and Anthropic models simultaneously for higher-quality reports.
OpenAIがClaude Code用のCodexプラグインをリリース (Gigazine) — Developers can now invoke OpenAI Codex for code review and task delegation directly within Claude Code.
大阪ガスはいかにAIを「優秀な部下」に変えたのか (ITmedia AI+) — Osaka Gas adopted a “psychological immersion model” to overcome employee resistance and achieved 90%+ AI utilization across the company.
廃止されるSoraは1日100万ドルもコストがかかっていたという指摘 (Gigazine) — OpenAI’s discontinued video generation product Sora reportedly cost up to $1M per day to operate, explaining its shutdown six months after launch.
MetaがSAM 3.1をリリース、複数オブジェクトの追跡能力を向上 (Gigazine) — SAM 3.1 improves multi-object tracking in video, building on Meta’s Segment Anything Model 3.

Research Papers

Benchmarks & Evaluation

FormalProofBench: Can Models Write Graduate Level Math Proofs That Are Formally Verified? — Introduces a private benchmark pairing natural-language problems with Lean 4 formal statements drawn from qualifying exams; tests whether AI can produce proofs accepted by a formal checker, targeting the gap between LLM math fluency and verified correctness.
MonitorBench: A Comprehensive Benchmark for Chain-of-Thought Monitorability in Large Language Models — Proposes the first open-source benchmark for studying CoT monitorability, addressing the problem of chains-of-thought that do not faithfully reflect the factors actually driving model decisions — a key interpretability and oversight concern.
Beyond Completion: Probing Cumulative State Tracking to Predict LLM Agent Performance — Introduces WMF-AM, a calibrated probe of arithmetic state tracking evaluated on 20 open-weight models; finds that task completion rate is an insufficient proxy for agent capability and that intermediate state tracking is a better predictor.

Security & Adversarial

Kill-Chain Canaries: Stage-Level Tracking of Prompt Injection Across Attack Surfaces and Model Safety Tiers — Instruments prompt injection attacks on five frontier LLM agents with cryptographic canary tokens tracked through four kill-chain stages (Exposed, Persisted, Relayed, Executed), pinpointing where each model’s defenses activate or fail across different attack surfaces.
Colluding LoRA: A Compositional Vulnerability in LLM Safety Alignment — Demonstrates that benign-appearing LoRA adapters, when linearly composed, can unlock harmful behaviors invisible in any individual adapter — a novel threat to the modular LLM ecosystem where adapters are shared and combined at deployment.
SafetyDrift: Predicting When AI Agents Cross the Line Before They Actually Do — Models multi-step agent safety trajectories as absorbing Markov chains to compute the probability a sequence of individually-safe actions will culminate in a violation, enabling predictive rather than reactive oversight.

Compliance & Regulation

Transparency as Architecture: Structural Compliance Gaps in EU AI Act Article 50 II — Shows through synthetic data and fact-checking case studies that the EU AI Act’s August 2026 dual-transparency mandate (human- and machine-readable labeling of AI-generated content) is structurally incompatible with current generative AI architectures.
T-Norm Operators for EU AI Act Compliance Classification — Presents the first pilot study comparing Łukasiewicz, Product, and Gödel t-norm operators in a neuro-symbolic reasoning system for classifying AI systems into EU AI Act risk categories (prohibited, high-risk, limited-risk, minimal-risk) across 1,035 annotated examples.

Alignment & Safety

Evaluating Human-AI Safety: A Framework for Measuring Harmful Capability Uplift — Argues that AI safety evaluations should measure “harmful capability uplift” — the marginal increase in a user’s ability to cause harm with a frontier model beyond what conventional tools already enable — reframing safety as a human-centered metric rather than a model-centered one.
Reward Hacking as Equilibrium under Finite Evaluation — Proves under five minimal axioms that any optimized AI agent will systematically under-invest effort in quality dimensions not covered by its evaluation system, establishing reward hacking as a structural equilibrium rather than a correctable bug, regardless of alignment method (RLHF, DPO, etc.).

Applications

Towards a Medical AI Scientist — Introduces the first autonomous AI system for clinical medicine that generates hypotheses, designs experiments with specialized medical data modalities, and drafts manuscripts — extending the “AI Scientist” paradigm to a domain requiring evidence grounding and safety standards.

Guardrails & Robustness

Unsafe by Reciprocity: How Generation-Understanding Coupling Undermines Safety in Unified Multimodal Models — Finds that tightly coupling image generation and multimodal understanding in unified architectures (UMMs) creates safety blind spots: representations shared for performance also propagate unsafe content across modalities in ways that isolated models do not.

Key Themes

AI infrastructure spending accelerates: OpenAI’s $122B raise and Oracle’s workforce cuts to fund data centers signal the industry is entering an infrastructure-first phase, even as productivity ROI remains elusive.
Supply chain and developer tooling under attack: The Axios npm compromise and Cisco Trivy-linked breach show that attacks are moving upstream into developer infrastructure, amplifying blast radius.
AI agent security as an emerging discipline: Vertex AI over-privilege, prompt injection kill chains, and SafetyDrift all reflect a maturing research agenda around the unique security risks of agentic AI systems.
EU AI Act enforcement approaching: Multiple research papers address Article 50 compliance gaps and risk classification, reflecting urgency as the August 2026 deadline nears.
Quantum threat timeline compressing: Reduced resource estimates for breaking elliptic curve cryptography — combined with the Turing Award for quantum cryptography’s inventors — signal that post-quantum migration is moving from theoretical to operational priority.

For detailed summaries of selected research papers, see papers.md.