What is new in Claude Opus 4.7?

Anthropic released Claude Opus 4.7 on April 16, 2026. It scores 64.3 percent on SWE-Bench Pro, almost 10 points above Opus 4.6, and leads on agentic coding, scaled tool use, agentic computer use, and financial analysis benchmarks. It can process images up to 2,576 pixels on the longest edge, more than three times the previous limit. Pricing stays the same at 5 dollars per million input tokens and 25 dollars per million output tokens. Anthropic also opened a Cyber Verification Program so security researchers can use it for vulnerability research and pen testing.

What did OpenAI add to the Codex desktop app on April 16, 2026?

OpenAI shipped a major Codex desktop update on April 16. The headline feature is Computer Use, which lets Codex see, click, and type across other apps on Mac and Windows. On macOS it runs in the background with a separate cursor so you can keep working while agents do their thing. The app also gets a Chromium based in-app browser built on the Atlas engine, image generation through gpt-image-1.5, 111 new plugins including CircleCI and GitLab, multiple terminal tabs, SSH remote devboxes, and scheduled tasks that resume across days.

What was in Microsoft April 2026 Patch Tuesday?

Microsoft fixed 167 vulnerabilities on April 14, 2026, one of the biggest Patch Tuesdays in company history. Two were zero-days. CVE-2026-32201 is a SharePoint Server spoofing flaw that was already being exploited before the fix shipped, with CISA setting an April 28 deadline. CVE-2026-33825 is a publicly disclosed privilege escalation in Microsoft Defender that grants SYSTEM access. The highest CVSS score went to CVE-2026-33824, a 9.8 unauthenticated remote code execution bug in the Windows Internet Key Exchange service. Eight bugs were rated critical.

Why did Snap lay off 1,000 employees?

Snap announced on April 15, 2026 that it was cutting 16 percent of its workforce, about 1,000 people, and closing more than 300 open roles. CEO Evan Spiegel cited rapid AI advances and said 65 percent of new code at the company is already AI-generated. The cuts are projected to save more than 500 million dollars annually by the second half of 2026 and follow pressure from activist investor Irenic Capital. U.S. employees will get four months severance, healthcare, equity vesting, and career transition support. Total layoff costs are estimated at 95 to 130 million dollars.

What is Cursor 3.1 and what changed?

Cursor 3.1 shipped on April 13, 2026. The big addition is a tiled layout in the Agents Window so you can split the editor into panes, run multiple agents in parallel, drag agents between tiles, and persist layouts across restarts. Voice input got an upgrade with batch speech to text behind Ctrl+M. The empty state now lets you pick a branch before launching cloud agents to avoid running on the wrong one. You can jump straight from diffs to specific file lines. Large edits stream 87 percent faster and chat is now near instant.

Dev Weekly Apr 13-19, 2026: Claude Opus 4.7, Codex Computer Use, Patch Tuesday Zero-Day, Snap Layoffs

Q: What is OpenAI GPT-5.4-Cyber?

OpenAI launched GPT-5.4-Cyber on April 14, 2026, a variant of GPT-5.4 tuned for defensive cybersecurity. It is described as cyber-permissive, meaning it has lower refusal rates on dual-use security tasks that the consumer model would block. New capabilities include binary reverse engineering on compiled software without source access and tighter integration with Codex Security for agentic patching. Access is gated through the Trusted Access for Cyber program, with individual verification at chatgpt.com/cyber and tiered enterprise access. The launch came one week after Anthropic announced Claude Mythos.

The big AI labs spent the week trying to outdo each other again. Anthropic shipped Claude Opus 4.7 and took back the top spot on most coding benchmarks. OpenAI gave its Codex desktop app the ability to control your computer and ride a built-in browser. Microsoft pushed one of its largest Patch Tuesdays ever, with an actively exploited SharePoint zero-day in the mix. Snap cut 1,000 jobs and pointed at AI as the reason. Cursor 3.1 added tiled panes for running parallel agents. Cloudflare rebuilt Wrangler from scratch because AI agents are now its biggest API customer. Nvidia open-sourced AI models for quantum error correction. AWS launched a registry for AI agents and put Claude Mythos preview on Bedrock. Researchers found that the major coding agents can be tricked into leaking GitHub tokens. Here is everything that happened.

Developer Tools & Platforms

Cursor 3.1 Adds Tiled Multi-Agent Layouts -

Cursor 3.1 shipped on April 13. The Agents Window now supports a tiled layout so you can split the editor into panes and run multiple agents in parallel. You can drag agents between tiles, expand panes to focus on a specific chat, and your layout persists across restarts.

Voice input got an upgrade. Press and hold Ctrl+M to record a clip, then batch speech-to-text gives more accurate transcription with a waveform display and timer. The empty state now has branch search and selection, so you do not accidentally launch a cloud agent on main. Diffs now jump straight to file lines for manual edits. Under the hood, large edits stream 87 percent faster and chat went from a one second hang to instant.

Cloudflare Expands Agent Cloud and Rebuilds Wrangler -

On April 13, Cloudflare announced a major expansion of its Agent Cloud platform along with a complete rewrite of the Wrangler CLI. The reason: AI agents are now Cloudflare’s primary API customer, and the existing CLI was built for humans.

The new tooling includes Dynamic Workers, an isolate-based runtime for executing AI-generated code, and Artifacts, a Git-compatible storage primitive for agent-generated code. Sandboxes are now generally available with credential injection, PTY support, and persistent interpreters. The new Wrangler is in technical preview via npx cf and includes a Local Explorer for inspecting Workers and bindings during development.

OpenAI Updates Agents SDK with Sandbox Harness -

On April 15, OpenAI shipped the next iteration of its Agents SDK. The big change is a model-native harness with a native sandbox so agents can inspect files, run commands, and edit code in a controlled environment. It comes with configurable memory, sandbox-aware orchestration, filesystem tools matching Codex, MCP support, progressive skill disclosure, custom instructions via AGENTS.md, shell tool execution, and apply_patch for file edits. Python first, TypeScript later. Code mode and subagents are coming next.

GitHub Adds Model Selection for Claude and Codex Agents -

On April 14, GitHub added a model picker for the Claude and Codex agents on github.com. You can now pick between Claude Sonnet 4.6, Opus 4.6, Sonnet 4.5, and Opus 4.5, plus GPT-5.2-Codex, GPT-5.3-Codex, and GPT-5.4 when kicking off a task. Access is included in existing Copilot subscriptions.

AWS Launches Agent Registry, Interconnect Multicloud, and Mythos on Bedrock -

AWS had a busy week. On April 13, Claude Mythos Preview landed on Amazon Bedrock as a gated research preview tied to Project Glasswing, with allowlisted access for internet-critical companies and OSS maintainers.

AWS Agent Registry launched in preview through Amazon Bedrock AgentCore in five compute regions. It is a private catalog for discovering and managing AI agents, tools, skills, and custom resources, with semantic and keyword search, approval workflows, and CloudTrail audit trails.

AWS Interconnect went GA on April 14 for private high-speed connections between AWS and other clouds. Google Cloud is the launch partner, with Azure and OCI later in 2026. MACsec encryption is built in. A Last Mile option simplifies connectivity from branches and DCs through existing network providers. AWS Transform also became available in Kiro and VS Code.

Anthropic Debuts Claude Design -

On April 18, Anthropic launched Claude Design, an experimental tool for creating prototypes, pitch decks, presentations, one-pagers, and mockups from text prompts. It is powered by Claude Opus 4.7 and can pull in DOCX, PPTX, and XLSX files, point at a codebase to learn brand guidelines, or grab elements from any website with a web capture tool. You can refine designs through inline comments, direct text edits, or sliders for spacing, color, and layout. Export to PDF, PPTX, standalone HTML, Canva, or shareable internal URLs. Available in research preview for Pro, Max, Team, and Enterprise plans.

DeepMind Launches Gemini Robotics-ER 1.6 -

On April 15, Google DeepMind released Gemini Robotics-ER 1.6, a foundation model for robots with stronger spatial reasoning. It can process multiple camera streams at once (overhead and wrist-mounted), do precise object detection, work with relational logic, map trajectories, and detect task success. A new capability lets it read complex gauges, sight glasses, and digital readouts, which is a big deal for industrial sites like refineries and plants. The model acts as a high-level reasoning layer that connects to vision-language-action models, Google Search, and custom third-party tools. Boston Dynamics’ Spot is using it for autonomous inspection. Available through the Gemini API and Google AI Studio.

Nvidia Open-Sources Ising for Quantum AI -

Nvidia announced Ising on April 14, billed as the first open AI models for quantum computing. The family ships with two models. Ising Decoding does real-time quantum error correction with up to 2.5x more speed and 3x more accuracy than pyMatching, the open-source baseline. Ising Calibration is a vision-language model that interprets readings from quantum processors and automates calibration, cutting the work from days to hours. Atom Computing, Academia Sinica, Fermilab, Harvard, IQM, Lawrence Berkeley, and the UK National Physical Laboratory are early adopters.

Security

OpenAI Launches GPT-5.4-Cyber for Vetted Security Pros -

On April 14, OpenAI introduced GPT-5.4-Cyber, a variant of its flagship model tuned for defensive security work. It is described as “cyber-permissive,” meaning it has lower refusal rates on dual-use security tasks that the consumer GPT-5.4 would block.

New capabilities include binary reverse engineering on compiled software without source access and tighter integration with Codex Security for agentic patching. Codex Security has already contributed fixes for over 3,000 critical and high-severity vulnerabilities.

Access is gated through OpenAI’s Trusted Access for Cyber program. Individuals can verify at chatgpt.com/cyber. Enterprises go through OpenAI reps. The launch came one week after Anthropic announced Claude Mythos, which makes the timing not subtle.

AI Coding Agents Found Leaking GitHub Credentials -

Researchers disclosed on April 16 that AI coding agents from Anthropic, Google, and Microsoft can be hijacked through “comment and control” prompt injection attacks to steal GitHub credentials. Hostile instructions hidden in code comments or issue text get the agent to run commands that exfiltrate tokens from the dev environment. All three vendors paid bug bounties, but issued quiet patches without public advisories or CVEs. Worth keeping in mind if you let agents touch repos with sensitive credentials.

OpenAI Confirms Limited Exposure From Axios Supply Chain Attack -

The Axios npm breach from late March keeps generating fallout. On April 13, OpenAI confirmed the malicious axios v1.14.1 ran inside a GitHub Actions workflow that handled code-signing certificates for its macOS apps. OpenAI rotated all macOS code-signing certificates and is requiring users to update their apps by May 8. No evidence of user data compromise. A reminder to pin your dependency versions and audit what runs in CI.

CPython Use-After-Free in Decompressors -

CVE-2026-6100 was disclosed on April 13. It is a use-after-free in lzma.LZMADecompressor, bz2.BZ2Decompressor, and gzip.GzipFile that triggers when memory allocation fails and decompressor instances get re-used under memory pressure. One-shot decompression functions are not affected. Patches are in the linked GitHub PR for CPython.

Industry News

Slash Raises $100M at $1.4B Valuation -

On April 16, Slash Financial closed a $100 million Series C at a $1.4 billion valuation. The round was led by Ribbit Capital, Khosla Ventures, and Goodwater Capital. Slash is building an AI-powered banking platform for SMBs and pitching itself as an autonomous finance function for online businesses.

Sygaldry Raises $139M for Quantum AI Servers -

On April 14, Sygaldry raised $139 million across a $105M Series A led by Breakthrough Energy Ventures and a $34M seed led by Initialized Capital. The company wants to build quantum-accelerated AI servers that speed up training and inference while cutting energy use.

Helical Raises $10M for AI Pharma Lab -

On April 14, Helical raised $10 million in seed funding led by redalpine. The company turns biological foundation models into reproducible in-silico discovery workflows for pharma. Notable angels include Aidan Gomez (Cohere CEO) and Clement Delangue (HuggingFace CEO).

The Numbers That Matter

64.3% — Claude Opus 4.7 SWE-Bench Pro score, almost 10 points above Opus 4.6
167 — Vulnerabilities Microsoft fixed in April Patch Tuesday, one of its biggest ever
1,000 — Snap employees laid off, 16 percent of the global workforce
65% — Snap’s new code that is already AI-generated
3 million — Weekly developers using OpenAI Codex
2.5x — Speed gain Nvidia Ising delivers over pyMatching for quantum error correction
$139M — Sygaldry’s funding round for quantum AI servers, the week’s largest

Quick Hits

Claude Opus 4.7 — Released April 16. SWE-Bench Pro 64.3 percent. Leads on agentic coding, scaled tool use, agentic computer use, financial analysis. Vision up to 2,576 px. Pricing unchanged at $5/$25 per million tokens. New tokenizer can use 1.0x-1.35x more tokens. Cyber Verification Program for security pros. Already in Copilot via 7.5x premium multiplier through April 30.

OpenAI Codex Desktop major update — April 16. Computer Use across other apps on Mac and Windows. Built-in Atlas-based browser. gpt-image-1.5 image generation. 111 new plugins. Multiple terminal tabs. SSH remote devboxes. Scheduled tasks. 3M weekly devs.

Microsoft Patch Tuesday — April 14. 167 CVEs. SharePoint zero-day CVE-2026-32201 actively exploited. Defender priv-esc CVE-2026-33825 publicly disclosed. Windows IKE RCE CVE-2026-33824 at CVSS 9.8. Eight critical bugs total.

Snap layoffs — April 15. 16 percent cut, 1,000 employees, 300+ open roles closed. Spiegel cited AI. 65 percent of new code is AI-generated. Saves $500M+/year. Severance of 4 months pay plus benefits in U.S.

Cursor 3.1 — April 13. Tiled layout for parallel agents. Upgraded voice input behind Ctrl+M. Branch search before launching cloud agents. Diff to file navigation. Large edits stream 87 percent faster.

Cloudflare Agent Cloud — April 13. Wrangler CLI rebuilt around AI agents (preview via npx cf). Dynamic Workers isolate runtime. Artifacts Git-compatible storage. Sandboxes GA. Local Explorer for inspecting Workers.

OpenAI Agents SDK — April 15. Native sandbox harness. Agents can inspect files, run commands, edit code. Configurable memory. Filesystem tools like Codex. MCP support. Python first.

GitHub model selection — April 14. Pick between Claude (Sonnet/Opus 4.5/4.6) and Codex (GPT-5.2/5.3/5.4) for github.com agent tasks. Included in existing Copilot plans.

AWS Agent Registry + Interconnect + Mythos — April 13-14. Claude Mythos preview on Bedrock through Glasswing. Agent Registry preview in 5 regions for managing AI agents. Interconnect multicloud GA with Google Cloud as launch partner, MACsec encryption built in.

Anthropic Claude Design — April 18. Text-to-prototype/deck/mockup tool powered by Opus 4.7. Imports DOCX/PPTX/XLSX. Reads codebase for brand guidelines. Web capture for grabbing elements. Exports to PDF, PPTX, HTML, Canva. Research preview for Pro/Max/Team/Enterprise.

Gemini Robotics-ER 1.6 — April 15. Multi-camera spatial reasoning. Reads gauges and instruments. Connects to VLA models, Search, custom tools. Boston Dynamics Spot is using it. Available via Gemini API and AI Studio.

Nvidia Ising — April 14. Open AI models for quantum computing. 2.5x speed and 3x accuracy on error correction decoding. Calibration cuts from days to hours. Used by Atom Computing, Harvard, Fermilab, IQM, Lawrence Berkeley, UK NPL.

OpenAI GPT-5.4-Cyber — April 14. Cyber-permissive variant. Binary reverse engineering. Codex Security agentic patching. Trusted Access for Cyber gating. Verify at chatgpt.com/cyber.

Coding agents leak GitHub creds — April 16. Anthropic, Google, and Microsoft agents vulnerable to “comment and control” prompt injection that exfiltrates tokens. Patched quietly without CVEs.

Axios npm fallout — April 13. OpenAI confirms malicious axios ran in macOS code-signing GitHub Actions workflow. All certs rotated. Users must update by May 8.

CPython CVE-2026-6100 — April 13. Use-after-free in lzma, bz2, gzip decompressors when re-used under memory pressure.

Slash $100M Series C — April 16. $1.4B valuation. Ribbit, Khosla, Goodwater. AI banking for online SMBs.

Sygaldry $139M — April 14. $105M Series A + $34M seed. Quantum-accelerated AI servers.

Helical $10M — April 14. AI pharma lab. Aidan Gomez and Clement Delangue among angels.

Two threads worth pulling on. The first is that Anthropic and OpenAI are now trading the lead on the same day. Opus 4.7 takes back coding and agentic benchmarks on April 16. Codex desktop ships Computer Use the same day. There is no longer a stable “best model” you can plan around for a quarter. If you are picking a default for your codebase, the answer changes weekly, and the tooling around model selection (GitHub’s picker, Cursor’s tiled panes, Copilot CLI’s Rubber Duck from last week) is starting to matter more than which model is on top this Tuesday. The second is that the AI-blamed layoff template has hardened. Spiegel’s memo at Snap reads almost identically to Block’s in February and Bolt’s last week. Cite rapid AI advances, point at percent of new code that is AI generated, project savings, talk about velocity. The American Banker survey from last week showed only 3 percent of financial services firms have actually reduced headcount because of AI. So either the rest of the industry is about to follow, or the AI line is the convenient story for a cut leadership wanted to make anyway. Probably some of both. Microsoft’s 167-CVE Patch Tuesday is a different kind of signal. Two zero-days, one of which was being actively exploited before the patch, plus a 9.8 in IKE that nobody is going to talk about because SharePoint is the headline. If you run anything internet-facing on Windows this week, it is patch first, breakfast second. And the GitHub credential theft via prompt injection is the kind of bug that keeps growing. Three vendors patched quietly without CVEs. There will be more of these.

See you next week.