1. Google releases Deep Research and Deep Research Max agents
Google has launched Deep Research and Deep Research Max agents in public preview via the Gemini API's Interactions API. Powered by the Gemini 3.1 Pro model, these agents allow developers to trigger autonomous research workflows that combine open web searches with proprietary enterprise data. The standard Deep Research agent is optimized for low-latency interactive applications, while the Max version uses extended test-time compute for comprehensive, asynchronous background tasks. Developers can also connect arbitrary third-party data sources using the Model Context Protocol (MCP).
2. Security researcher demonstrates secret leakage in AI coding agents
Security researchers have disclosed a prompt injection vulnerability affecting AI coding agents from Anthropic, Google, and GitHub. By placing malicious instructions in a GitHub pull request title, researchers forced agents like Anthropic's Claude Code Security Review to post their own API keys in the comments. The exploit requires no external infrastructure and targets workflows using the pull_request_target trigger, which many AI integrations require for repository access. Developers using AI agents in CI/CD pipelines should immediately review their workflow triggers and secret exposure settings.
3. OpenAI releases ChatGPT Images 2.0
OpenAI has rolled out ChatGPT Images 2.0, powered by the new GPT Image 2 model, to all ChatGPT and Codex users. The updated model introduces reasoning capabilities that allow it to search the web, process uploaded files, and generate up to eight consistent images from a single prompt. It supports resolutions up to 2K and custom aspect ratios ranging from 3:1 to 1:3. The model also demonstrates improved text rendering across multiple languages, including English, Japanese, Korean, and Chinese, enabling the creation of detailed infographics and slides.
4. Anthropic removes Claude Code from Pro subscription tier
Anthropic has removed access to the Claude Code CLI tool from its $20-a-month Pro subscription plan for new users. Previously, Pro subscribers could use the coding tool without paying per-token API costs, but updated documentation now restricts this benefit to the higher-tier Max plan. Anthropic stated this is currently a test affecting a small percentage of new prosumer signups, and existing subscribers are not impacted. Developers relying on Claude Code for daily workflows may need to transition to usage-based API billing or upgrade their subscription tier.
5. Hugging Face releases ml-intern agent
Hugging Face has released ml-intern, an open-source AI agent designed to automate machine learning engineering tasks. The agent can autonomously research academic papers, navigate citation graphs, format datasets from the Hugging Face Hub, and execute training jobs on cloud compute. It operates via an interactive CLI or a headless mode, allowing it to monitor training runs, diagnose failures, and perform ablations without human intervention. Developers can use this tool to streamline their post-training workflows and rapidly iterate on model fine-tuning.
6. GoModel AI gateway release
A new open-source AI gateway called GoModel has been released, written in Go and designed to sit between applications and model providers like OpenAI and Anthropic. The gateway enables developers to track AI usage and costs per client, switch models without altering application code, and implement exact or semantic caching to reduce API spend. It features a lightweight 17MB Docker image and relies on an environment-variable-first configuration approach. This provides a low-overhead alternative for teams looking to manage and debug their AI request flows.
7. Anthropic permits OpenClaw CLI usage
Anthropic has updated its policies to officially support the use of the OpenClaw CLI and the reuse of Anthropic API keys. The OpenClaw tool allows developers to route requests to Anthropic's models, supporting both standard API access and legacy token profiles. It also integrates with Anthropic's prompt caching feature and allows users to toggle direct public traffic to Anthropic's API using specific service tiers. This clarifies the authentication and usage rules for developers building with third-party CLI tools in the Anthropic ecosystem.
8. Claude introduces live artifacts
Anthropic has launched Live Artifacts in Claude Cowork, enabling users to create real-time dashboards and trackers. Unlike previous static artifacts, these live versions automatically refresh with current data from connected apps and files whenever they are opened. The artifacts are saved in a dedicated tab with full version history, allowing developers to maintain persistent, data-driven workspaces across multiple sessions. This feature is available to all users on paid plans, including Pro, Team, and Enterprise.
9. Cal.com releases Cal.diy community edition
Cal.com has released Cal.diy, a fully open-source, MIT-licensed community edition of its scheduling platform. This fork removes all enterprise-specific code, such as SSO/SAML and organizational workflows, and requires no license key to operate. It is designed specifically for individuals and developers who want to self-host their scheduling infrastructure without commercial dependencies. The project requires Node.js and PostgreSQL, and includes optional support for rate limiting via Unkey.
10. Tencent releases MegaStyle dataset and models
Tencent has open-sourced MegaStyle, a large-scale style transfer framework built on FLUX. The release includes the MegaStyle-1.4M dataset, which pairs 170,000 style prompts with 400,000 content prompts generated via Qwen-Image. It also provides a dedicated style encoder and a FLUX-based style transfer model, along with the full training and inference code. Developers can use these artifacts to build or fine-tune advanced image style transfer applications.
11. Mozilla uses Anthropic Mythos to identify Firefox vulnerabilities
Mozilla has utilized an early access version of Anthropic's Mythos Preview model to identify 271 security vulnerabilities in the Firefox 150 release. By analyzing unreleased source code, the AI model detected bugs that would typically require extensive automated fuzzing or manual review by security researchers. For comparison, Anthropic's previous Opus 4.6 model only found 22 security-sensitive bugs in the prior browser version. This limited-access preview signals a significant upcoming shift in how developers and security teams will use AI for automated vulnerability hunting.