AI News Digest — April 17, 2026

Highlights

Claude Opus 4.7 Launches with Coding Leap and Reduced Cyber Capabilities: Anthropic’s new flagship model makes a major jump in advanced software engineering while deliberately scaling back cybersecurity attack capabilities during training.
OpenAI Codex Becomes an Always-On Coding Agent: Updated with computer use, image generation, memory, and plugin support for macOS and Windows, Codex is now a direct, persistent rival to Claude Code.
Physical Intelligence’s π0.7 Robot Brain Figures Out Untaught Tasks: The new model represents an early but meaningful step toward a general-purpose robot brain, capable of generalizing beyond its training distribution.
ATHR Vishing Platform Deploys AI Voice Agents for Automated Credential Theft: A new cybercrime-as-a-service platform weaponizes AI voice agents for fully automated phone phishing at scale, combining human operators with AI for social engineering.
AI Traffic to US Retailers Surged 393% in Q1 2026: Adobe data shows AI-referred visitors convert better and generate more revenue than non-AI shoppers, marking a turning point for agentic commerce.

News

AI Security

ATHR Vishing Platform Uses AI Voice Agents for Automated Attacks — A new cybercrime platform harvests credentials via fully automated voice phishing, using both human operators and AI agents for social engineering.
New Microsoft Defender “RedSun” Zero-Day PoC Grants SYSTEM Privileges — Researcher “Chaotic Eclipse” published a second Defender zero-day exploit in two weeks, protesting Microsoft’s handling of vulnerability disclosures.
Hackers Exploit Marimo Flaw to Deploy NKAbuse Malware from Hugging Face — Attackers are exploiting a critical vulnerability in the Marimo reactive Python notebook to host and distribute a new NKAbuse malware variant via Hugging Face Spaces.
North Korea’s Sapphire Sleet Uses ClickFix to Target macOS Users — Fake job offers and phony Zoom updates deliver ClickFix attacks that steal credentials and sensitive data from Mac users.
Anthropic’s Claude Opus 4.7 Deliberately Scales Back Cyber Capabilities — Anthropic made an intentional training-time decision to reduce the new flagship model’s offensive cybersecurity capabilities even as its coding ability surged.
Google Expands Gemini AI to Fight Malicious Ads — Google blocked 8.3 billion ads in 2025 using Gemini models, increasingly targeting harmful content directly rather than suspending advertiser accounts.
Human Trust of AI Agents — Bruce Schneier highlights research showing humans expect rationality and cooperation from LLM opponents in strategic games—raising questions about trust calibration in adversarial AI settings.
Post-Quantum Cryptography Migration at Meta: Framework, Lessons, and Takeaways — Meta shares its PQC migration playbook, introducing “PQC Migration Levels” as a framework for managing complexity across a hyperscale organization.
McGraw Hill Data Breach Affects 13.5 Million Accounts — ShinyHunters leaked data from 13.5 million McGraw Hill accounts stolen via a Salesforce environment breach.

USA

Anthropic Releases Claude Opus 4.7 — The new flagship model is the most powerful generally available Claude to date, with major gains in complex coding, image understanding, and long-horizon task stability.
OpenAI Turns Codex into an Always-On Coding Agent That Watches Your Screen — Codex can now control a Mac autonomously, generate images, remember preferences, and run tasks for weeks—a direct challenge to Anthropic’s Claude Code.
Codex for (Almost) Everything — OpenAI’s official announcement of the expanded Codex app, adding computer use, in-app browsing, image generation, memory, and plugins.
Physical Intelligence’s π0.7 Robot Brain Tackles Untaught Tasks — The new model represents an early but meaningful step toward a general-purpose robot brain capable of generalizing beyond its training scenarios.
Nvidia’s Lyra 2.0 Scales Robot Simulation Training — Lyra 2.0 generates large, coherent 3D environments from a single photo for real-time exploration and direct use in robot simulations.
Apple Sends Siri Developers to AI Coding Bootcamp — Fewer than 200 Siri engineers will complete a multi-week program to learn tools like Claude Code and Codex, signaling Apple’s pivot toward agentic development practices.
Upscale AI in Talks to Raise at $2B Valuation — The AI infrastructure startup is seeking its third funding round just seven months after launch.
AI Traffic to US Retailers Rose 393% in Q1 — Adobe reports that AI-referred visitors convert better and generate more revenue than non-AI shoppers, validating agentic commerce as a growth channel.
InsightFinder Raises $15M to Monitor Where AI Agents Go Wrong — The startup focuses on diagnosing failures across the full AI-augmented tech stack, not just model-level issues.
Meta’s Capacity Efficiency Program Deploys Unified AI Agents at Hyperscale — Meta shares how AI agents with encoded domain expertise automatically identify and fix performance issues across its infrastructure.
Google AI Mode Now Opens Links Side-by-Side in Chrome — Clicking a source in AI Mode now opens it alongside the chat, enabling follow-up questions about on-page content without leaving the conversation.
Gemini Can Now Pull from Google Photos for Personalized Images — The Personal Intelligence feature uses the Nano Banana 2 image model to create personalized images grounded in the user’s own photo library.
Runway CEO Says AI Could Help Hollywood Make 50 Films for the Cost of One — Runway’s CEO argues that volume-driven AI filmmaking will improve studios’ odds of producing hits.
Anthropic CPO Leaves Figma’s Board After Reports of Competing Product — Mike Krieger’s departure adds to investor concerns about AI labs displacing SaaS businesses—a thesis already rattling public markets.
Ronan Farrow on Sam Altman’s ‘Unconstrained’ Relationship with the Truth — Farrow and co-author Marantz discuss their New Yorker deep-dive into OpenAI CEO Sam Altman’s trustworthiness and influence.
Why “Humans in the Loop” in AI War Is an Illusion — With AI playing a growing role in the US-Iran conflict, MIT Technology Review argues that meaningful human oversight of lethal AI decisions is already a fiction.
AI Chat Rulings Prompt Lawyers to Warn: Your Chats Could Be Used Against You — A federal judge ruled a former CEO could not shield AI conversations from prosecutors, triggering broader legal warnings about AI chat privacy.
India’s 1.5 Million Annual IT Graduates Face an Industry Moving On Without Them — Agentic AI is disrupting India’s massive IT industry faster than universities can adapt, forcing companies like Infosys to spend weeks retraining new hires.
US Nationals Behind North Korean IT Worker Laptop Farm Sent to Prison — Two US nationals helped North Korean IT workers infiltrate over 100 companies, including many Fortune 500 firms.

Europe

DeepL Now Wants to Translate Your Voice — The German translation leader is expanding into real-time voice translation, targeting integrations with Zoom and Microsoft Teams.
PowMix Botnet Hits Czech Workers Using Randomized C2 Traffic — Cisco Talos warns of an active campaign targeting Czech Republic workers since December 2025 with a previously undocumented botnet designed to evade network signature detection.
ByteDance Rolls Out Seedance 2.0 to 100+ Countries but Keeps US Off the List — The AI video model is available globally except in the US, likely due to ongoing copyright disputes with Hollywood studios.
6-Year Ransomware Campaign Targets Turkish Homes and SMBs — A long-running campaign exploiting smaller, under-reported targets demonstrates how low-profile ransomware operations can sustain operations for years.
UAC-0247 Targets Ukrainian Clinics and Government in Data-Theft Campaign — CERT-UA reports malware targeting healthcare institutions and government agencies between March and April 2026 to steal data from Chromium browsers and WhatsApp.

Japan (AI & Tech)

「Claude Opus 4.7」登場 — 難関コーディングを任せきれるレベルに、画像認識は解像度3倍超 — ITmedia AI+ covers the launch of Claude Opus 4.7, highlighting its coding capability leap, 3× image resolution improvement, and enhanced instruction-following.
GoogleがGemini 3.1 Flash TTSをリリース — 自然言語で表現を制御可能 — Gigazine reviews Gemini 3.1 Flash TTS, Google’s new voice synthesis AI supporting Japanese and 70+ languages with natural-language emotion control.
Google、次世代音声AI「Gemini 3.1 Flash TTS」 — 自然言語で表現を制御可能に — ITmedia AI+ covers the Gemini 3.1 Flash TTS launch, noting the new “voice tag” feature and SynthID watermarking for safe, controllable speech generation.
GoogleのAI広告システム「AI Max」が正式版に移行 — Google’s AI-driven ad system AI Max for Search campaigns exits beta; Dynamic Search Ads and related products will auto-upgrade in September 2026.
OpenAIが長時間稼働するAIエージェントを構築可能になる「Agents SDK」の更新を発表 — Gigazine reports on OpenAI’s next-generation Agents SDK, which enables agents to safely and efficiently perform file operations, code execution, and command operations.
Claude Codeに条件に応じてタスクを自動で実行するルーチン機能が追加される — Anthropic’s Claude Code gains a routine feature that automatically executes configured tasks on trigger conditions, such as auto-checking pull requests.
もう入門書はいらない？ — Colabに統合されたGeminiの学習モードを使ってみた — ITmedia covers Gemini’s new learning mode and custom instructions in Google Colab, testing whether it can replace traditional programming textbooks.

Research Papers

Benchmarks & Evaluation

AI-Assisted Peer Review at Scale: The AAAI-26 AI Review Pilot — The first large-scale field deployment of AI-assisted peer review at a major conference; every submission received an AI-generated review alongside human ones, with findings on quality and consistency at scale.
Exploration and Exploitation Errors Are Measurable for Language Model Agents — Proposes a framework for systematically quantifying exploration vs. exploitation behavior in LM agents without access to the agent’s internal policy, addressing a core reliability gap in agentic evaluation.
LiveClawBench: Benchmarking LLM Agents on Complex, Real-World Assistant Tasks — A new benchmark that combines multiple difficulty axes (environment, instruction ambiguity) to close the gap between research evaluations and practical agentic deployment challenges.
RiskWebWorld: A Realistic Interactive Benchmark for GUI Agents in E-commerce Risk Management — The first interactive benchmark for evaluating GUI agents in high-stakes e-commerce risk management contexts—investigative, adversarial, and far more demanding than standard consumer-oriented benchmarks.

Security & Adversarial

Activation-Guided Local Editing for Jailbreaking Attacks — A concise two-stage method that uses internal model activations to guide targeted prompt edits for jailbreaks, addressing the transferability limits of token-level attacks and the scalability limits of manual prompt-level attacks.
Between a Rock and a Hard Place: The Tension Between Ethical Reasoning and Safety Alignment in LLMs — Formalizes a new attack surface: safety alignment’s binary safe/unsafe framing leaves models vulnerable when harmful requests are embedded in ethical dilemmas; introduces TRIAL, a multi-turn red-teaming methodology that exploits this gap.
Formalizing the Safety, Security, and Functional Properties of Agentic AI Systems — Addresses the fragmented inter-agent communication ecosystem (MCP, A2A) by proposing formal safety, security, and functional property specifications for multi-agent systems operating in high-stakes applications.
In-Context Autonomous Network Incident Response: An End-to-End LLM Agent Approach — Demonstrates LLM agents that autonomously learn and adapt incident response strategies from raw system logs and alerts, bypassing the handcrafted simulator modeling required by prior reinforcement learning approaches.

Alignment & Safety

Two Pathways to Truthfulness: On the Intrinsic Encoding of LLM Hallucinations — Shows that truthfulness signals in LLMs arise from two distinct internal pathways—question-anchored and answer-anchored—with implications for interpretability-based hallucination detection.
Alignment as Institutional Design: From Behavioral Correction to Transaction Structure in Intelligent Systems — Argues that RLHF-style behavioral correction is structurally analogous to an economy without property rights, proposing an institutional economics framing for scalable alignment that does not rely on perpetual supervision.
Document-tuning for Robust Alignment to Animals — Investigates synthetic-document finetuning as a mechanism for instilling values orthogonal to existing alignment efforts; releases the Animal Harm Benchmark (AHB) as an evaluation tool.

Applications

Building Trust in the Skies: A Knowledge-Grounded LLM-based Framework for Aviation Safety — Proposes a retrieval-augmented, knowledge-grounded architecture to make LLMs suitable for aviation safety decision-making where hallucinations and unverifiable outputs are unacceptable.
Can Coding Agents Be General Agents? — Evaluates coding agents on end-to-end business process automation in an open-core ERP system, identifying gaps where the agentic coding paradigm falls short of general-purpose use.
SemiFA: An Agentic Multi-Modal Framework for Autonomous Semiconductor Failure Analysis Report Generation — A four-agent pipeline that autonomously generates structured semiconductor failure analysis reports from inspection images in under one minute, compressing hours of expert work.

Guardrails & Robustness

The Cognitive Companion: A Lightweight Parallel Monitoring Architecture for Detecting and Recovering from Reasoning Degradation in LLM Agents — Addresses the 30% reasoning degradation rate on hard multi-step tasks with a zero-overhead Probe-based monitoring companion that detects looping, drift, and stuck states.
Bi-Predictability: A Real-Time Signal for Monitoring LLM Interaction Integrity — Introduces a bidirectional token confidence metric for continuous, lightweight integrity monitoring of LLM interactions—filling the gap between expensive semantic judges and inadequate unidirectional perplexity measures.

Key Themes

Agentic AI arms race — The OpenAI Codex vs. Claude Code rivalry has escalated to persistent computer-use agents; Apple is retraining hundreds of engineers to keep pace.
AI as attack surface and defense — The ATHR vishing platform and Marimo/Hugging Face exploit show AI infrastructure becoming both a weapon and a vulnerability; Google and Meta are counter-deploying AI for ad fraud and PQC.
Capability vs. safety tradeoffs — Anthropic’s deliberate reduction of Opus 4.7’s cyber capabilities signals a new era of targeted capability suppression at training time, generating debate about governance responsibility.
Commercial AI maturation — 393% retail traffic growth, Canva AI 2.0, Roblox agentic game tools, and DeepL voice translation mark AI moving from experimentation to core business infrastructure.
Human oversight under pressure — From the Anthropic/Pentagon AI war debate to AI chat discovery rulings, the legal and ethical frameworks for human control of AI are being stress-tested in real time.
Robotics momentum — Physical Intelligence’s π0.7, Nvidia Lyra 2.0, and a wave of simulation tooling signal the physical AI sector is accelerating toward general-purpose robot capabilities.

For detailed summaries of selected research papers, see papers.md.