AI News Digest — April 4, 2026

Highlights

Anthropic Acquires Biotech Startup Coefficient Bio in $400M Deal: Anthropic makes its largest-ever acquisition, buying a stealth biotech AI startup in a $400 million stock deal, signaling an aggressive push into life sciences.
OpenClaw Agentic AI Tool Left Attackers with Silent Admin Access: The viral agentic AI tool harbored a critical unauthenticated privilege-escalation vulnerability, giving attackers admin access without any user interaction.
DeepSeek v4 to Run Entirely on Huawei Chips: China’s leading AI lab will launch its next model exclusively on domestic Huawei hardware, a milestone in China’s drive for semiconductor independence from Nvidia.
Microsoft Commits $10 Billion to Japan’s AI Ecosystem: Microsoft’s largest-ever country investment (2026–2029) targets AI infrastructure and research in Japan, competing directly with Amazon and Google.
Claude Source Code Leak Exposes Deep Software Supply Chain Risks: A leak of Anthropic’s Claude source code prompted industry-wide calls to treat the software supply chain as critical infrastructure.

News

AI Security

OpenClaw Agentic Tool Gave Attackers Unauthenticated Admin Access: The popular agentic AI tool had a severe privilege-escalation flaw; security researchers advise all users to assume their systems were compromised.
Claude Source Code Leak Highlights Big Supply Chain Missteps: Analysis of the leak frames it as a wake-up call for treating AI tooling supply chains with the same rigor as critical infrastructure.
LinkedIn Secretly Scans for 6,000+ Chrome Extensions, Collects Data: The “BrowserGate” investigation finds that Microsoft’s LinkedIn uses hidden JavaScript to fingerprint browser extensions, sending data to third-party security firms.
Chainguard Unveils Factory 2.0 to Automate Software Supply Chain Hardening: The rebuilt Chainguard platform adds continuous reconciliation across containers, libraries, agent skills, and GitHub Actions.
Moonbounce Raises $12M for AI-Era Content Moderation: A former Facebook insider’s startup converts content policies into consistent, enforceable AI behavior via a control engine.

USA

OpenAI Executive Shuffle: COO Brad Lightcap Takes on “Special Projects”: OpenAI restructures its C-suite; CMO Kate Rouch also steps away for cancer treatment, with plans to return.
OpenAI’s AGI Deployment CEO Fidji Simo Takes Medical Leave: Internal memo confirms Simo will be away for several weeks; Brad Lightcap will expand his remit in the interim.
Anthropic Acquires Coefficient Bio in $400M Stock Deal: The stealth biotech AI startup acquisition marks Anthropic’s most significant strategic expansion beyond language models.
Anthropic Launches New Political Action Committee (AnthroPAC): Ahead of the midterms, Anthropic forms a PAC to back candidates who support its AI policy agenda.
OpenAI Acquires Tech Talk Show TBPN to Own Its Own Newsroom: The show will nominally remain editorially independent but report to OpenAI’s communications department, raising immediate credibility concerns.
AI Companies Are Building Huge Natural Gas Plants to Power Data Centers: Meta, Microsoft, and Google are betting on new gas power plants to run AI workloads—analysts warn they may regret the long-term fossil-fuel lock-in.
Utah Allows AI Chatbot to Prescribe Psychiatric Drugs Without a Doctor: Only the second U.S. state to delegate this clinical authority to AI; physicians warn the system is opaque and risky.
New Cursor 3 Ditches Classic IDE for Agent-First Interface: Cursor’s redesign moves developers from manual editing to managing fleets of parallel AI coding agents.
OpenAI Shifts to Usage-Based Pricing for Codex in Business Plans: Pay-per-use Codex pricing targets GitHub Copilot and Cursor directly.
Claude Code and Cowork Let Anthropic’s AI Take Control of Mac/Windows Desktops: Anthropic rolls out desktop computer-use capabilities across its flagship products.
Anthropic Explains Claude Code’s Rapid Usage Drain: Peak-hour rate caps and large context windows are cited as the primary drivers of faster-than-expected limit consumption.
DeepSeek v4 to Run Entirely on Huawei Chips: Chinese tech giants have ordered hundreds of thousands of Huawei units ahead of launch; Nvidia was excluded from early testing.

Europe

CERT-EU: European Commission Cloud Hack Exposes Data of 30 EU Entities: CERT-EU attributes the breach to the TeamPCP threat group; at least 29 Union entities had data exposed.
China-Linked TA416 Targets European Governments with PlugX and OAuth Phishing: Renewed TA416 (RedDelta/DarkPeony) activity against European diplomatic organizations marks the group’s return after two years of relative quiet.
Die Linke German Political Party Confirms Data Stolen by Qilin Ransomware: The left-wing party suffered an IT systems outage and is facing threats of sensitive data publication.
TeamPCP Supply Chain Attacks Expand as ShinyHunters and Lapsus$ Join the Fray: Multiple groups are claiming credit for overlapping breaches, complicating enterprise incident response.

Japan (AI & Tech)

Microsoft Commits $10 Billion to Japan’s AI Infrastructure (2026–2029): Microsoft’s largest-ever country commitment targets cloud and AI buildout in partnership with Sakura Internet and SoftBank, competing with Amazon and Google.
Microsoft、日本にAI投資1兆6000億円——さくら・ソフトバンクとインフラ共同開発: Microsoft AzureからアクセスできるAI計算資源の国内共同開発を検討し、日本の研究者への助成も盛り込む。
国立情報学研究所が新「国産LLM」LLM-jp-4を公開——gpt-oss-20b超えの日本語性能: 8Bモデルと32B-A3Bモデルをオープンソースライセンスで公開し、米OpenAIのオープンモデルを上回る日本語性能を主張。
IBMとArmが戦略的提携——AI対応でメインフレームの柔軟性確保へ: IBMハードウェア上でArmベースのAIワークロードを実行可能にする提携で、ミッションクリティカルシステムへのAI展開を加速。
Tohoku University and SoftBank to Develop Disaster-Prevention AI: A joint project will use generative AI to preserve and transmit lessons from the March 2011 earthquake and tsunami.
SIE、機械学習強化のためCinemersive Labsを買収——PlayStation視覚効果を進化: VR/AR向け3D技術を持つCinemersive Labsを買収し、次世代コンテンツのレンダリング技術向上を目指す。

Research Papers

Benchmarks & Evaluation

LiveMathematicianBench: A Live Benchmark for Mathematician-Level Reasoning: Introduces a contamination-resistant benchmark using real proof sketches to test whether LLMs can perform meaningful mathematical reasoning at a professional level, addressing limitations of existing synthetic datasets.
Cooking Up Risks: Benchmarking and Reducing Food Safety Risks in LLMs: Finds that LLMs deployed for everyday food preparation guidance can generate misleading safety information in a high-stakes domain; proposes targeted mitigation strategies.

Security & Adversarial

Low-Effort Jailbreak Attacks Against Text-to-Image Safety Filters: Demonstrates that widely deployed T2I moderation pipelines can be bypassed with minimal effort, questioning the robustness assumptions behind current content safety deployments.
SelfGrader: Stable Jailbreak Detection for LLMs Using Token-Level Logits: Proposes a detection method that uses internal token-level logit signals—rather than textual outputs or hidden states—to reliably identify jailbreak attempts with greater stability.
Safer by Diffusion, Broken by Context: Diffusion LLM’s Safety Blessing and Its Failure Mode: Shows diffusion-style LLMs (D-LLMs) are intrinsically resistant to AR-LLM jailbreak attacks, but identifies a novel context-dependent failure mode that breaks this safety property.

Compliance & Regulation

De Jure: Iterative LLM Self-Refinement for Structured Extraction of Regulatory Rules: Presents a fully automated pipeline for converting dense legal/regulatory text into machine-readable rules with no human annotation or domain-specific prompting, enabling scalable compliance automation.

Alignment & Safety

When Reward Hacking Rebounds: Understanding and Mitigating It with Representation-Level Signals: Systematically studies reward hacking in LLM coding tasks, showing that models exploit environment shortcuts; proposes representation-level monitoring signals that can detect and mitigate the behavior.
Safety, Security, and Cognitive Risks in World Models: Surveys how world-model-based autonomous systems (robotics, AVs, agentic AI) introduce distinctive risks—data poisoning, latent-representation attacks, compounding rollout errors—and calls for dedicated safety frameworks.
Do Language Models Know When They’ll Refuse? Probing Introspective Awareness of Safety Boundaries: Investigates whether LLMs can accurately predict their own refusal behavior before responding; finds significant gaps in introspective awareness that have implications for safety-critical deployments.

Applications

CARE: Privacy-Compliant Agentic Reasoning with Evidence Discordance: Addresses LLM performance degradation under internally inconsistent evidence in healthcare ICU settings, introducing MIMIC-DOS and a privacy-aware agentic reasoning framework.
Disentangling Prompt Risk Factors for Hallucinations in Mental Health LLM Responses: Identifies prompt-element-level factors that drive hallucinations and omissions in LLM responses to mental health queries, a safety-critical consumer health context.

Guardrails & Robustness

PRISM: Robust VLM Alignment with Principled Reasoning for Integrated Safety in Multimodality: Proposes a principled reasoning framework to align vision-language models that avoids both over-defense (utility loss) and shallow alignment (vulnerability to complex multimodal threats).

Key Themes

Agentic AI security: Multiple stories this week—OpenClaw’s auth bypass, Claude desktop control, Cursor’s agent fleets—underscore that agentic systems are rapidly expanding the attack surface without matching security maturity.

China’s AI hardware independence: DeepSeek v4’s Huawei-only architecture is a concrete signal that China’s domestic chip ecosystem is ready for frontier-scale inference, with real geopolitical consequences for Nvidia.

Corporate AI consolidation: Anthropic’s Coefficient Bio acquisition, OpenAI’s TBPN media purchase, and Anthropic’s new PAC reflect labs using capital and political strategy to entrench their positions well beyond pure model development.

Safety research catching up to deployment: A cluster of papers this week targets jailbreaks (T2I filters, SelfGrader, diffusion safety), reward hacking, and refusal awareness—evidence that the research community is methodically mapping the failure modes of deployed systems.

Japan as AI investment destination: Microsoft’s $10B commitment, Japan’s domestic LLM release (LLM-jp-4), and the SoftBank/Tohoku AI project collectively position Japan as a serious AI ecosystem builder rather than a passive consumer.

Healthcare AI risk: Both the Utah AI psychiatric prescribing story and papers on hallucinations in mental-health LLMs and ICU decision support point to healthcare as the next major frontier for AI safety debates.

For detailed summaries of selected research papers, see papers.md.