Is Tim Cook stepping down as Apple CEO?

Yes. Apple announced on April 20, 2026 that Tim Cook is stepping down as CEO after 15 years. John Ternus, currently Senior Vice President of Hardware Engineering, will take over on September 1, 2026. Cook will stay through the summer for the transition and then become executive chairman, focused on engaging policymakers worldwide. Arthur Levinson moves from non executive chairman to lead independent director on the same date. Johny Srouji is promoted to Chief Hardware Officer and will lead the Hardware Engineering group Ternus is leaving. Ternus has been at Apple since 2001 and worked on iPad, AirPods, iPhone, Mac, and Apple Watch.

What is new in OpenAI GPT-5.5?

OpenAI released GPT-5.5 on April 23, 2026. It is a fully retrained agentic model focused on long horizon coding and computer use. It scores 58.6 percent on SWE-Bench Pro, 82.7 percent on Terminal-Bench 2.0, and 84.9 percent on GDPval. It runs at the same per token latency as GPT-5.4 but uses fewer tokens to finish tasks. The rollout started for ChatGPT Plus, Pro, Business, and Enterprise plans plus Codex. API access follows after extra cybersecurity safeguards land.

What happened in the Vercel breach disclosed on April 20, 2026?

Vercel disclosed on April 20, 2026 that an attacker compromised Context.ai, a third party AI tool used by a Vercel employee. The attacker grabbed an OAuth token, took over the employee's Google Workspace account, and pulled environment variables that customers had not marked as sensitive. ShinyHunters claimed the attack and posted the stolen data on BreachForums for 2 million dollars. Vercel told customers to rotate non sensitive environment variables. Next.js, Turbopack, and Vercel's open source projects were not affected.

What is the Anthropic and Amazon $100 billion deal?

On April 20, 2026, Anthropic and Amazon announced an expanded partnership where Anthropic will spend over 100 billion dollars on AWS over the next 10 years. Amazon is investing 5 billion dollars now with up to 20 billion more tied to milestones, on top of an earlier 8 billion dollar investment. The deal locks in up to 5 gigawatts of capacity built on Trainium2, Trainium3, and Trainium4 chips. Nearly 1 gigawatt of Trainium2 and Trainium3 capacity is targeted for end of 2026.

What did Google Cloud Next 2026 ship?

Google Cloud Next 2026 ran in Las Vegas on April 22 and 23, 2026. Google announced Gemini 3.1 Pro for complex workflows, Gemini 3.1 Flash Image for visual assets, Lyria 3 for audio, and the Gemini Enterprise Agent Platform that pulls together build, scale, govern, and optimize for agents. The platform includes Agent Studio for low code creation, Agent Registry for catalogs, Agent Identity, and Agent Gateway. Google also announced 8th generation TPUs and a Wiz AI Application Protection Platform. Sundar Pichai said 75 percent of new code at Google is now AI generated.

Cursor 3.2 shipped on April 24, 2026. The headline addition is async multitasking with the slash multitask command, which spawns sub agents that handle parts of a request in parallel instead of queuing them. Worktrees got better with one click foreground promotion of any branch. A new multi root workspace lets a single agent session target several folders at once, so it can make cross repository changes without retargeting each time.

Why did GitHub pause Copilot Pro sign-ups on April 20, 2026?

GitHub paused new sign-ups for Copilot Pro, Pro+, and Student plans on April 20, 2026. Joe Binder, VP of Product, said agentic workflows have changed Copilot's compute demands and long running parallel sessions consume far more resources than the original plan structure was built for. The free Copilot plan still accepts new users and existing paid users keep working. GitHub also tightened usage limits, removed Opus from Pro plans, and added usage limit displays in VS Code and Copilot CLI.

Dev Weekly Apr 20-26, 2026: Tim Cook Steps Down, GPT-5.5, Vercel Breach, Anthropic-AWS $100B

The biggest story of the week did not come from an AI lab. Apple announced on April 20 that Tim Cook is stepping down after 15 years as CEO and John Ternus will take over on September 1. The rest of the week filled in around it. OpenAI shipped GPT-5.5 on April 23 with a focus on long horizon coding and finally answered Anthropic’s Opus 4.7 from last week. Anthropic put 100 billion dollars on the table for AWS in exchange for 5 gigawatts of compute. Google Cloud Next 2026 ran April 22 and 23 in Las Vegas with Gemini 3.1, an Enterprise Agent Platform, and a fresh batch of TPUs. Vercel disclosed a Context.ai breach that exposed customer environment variables and ended up on BreachForums for 2 million dollars. There was also an emergency ASP.NET Core patch, a Cursor 3.2 release with async sub agents, Kimi K2.6 promoted to GA, and a fresh npm worm hitting agentic AI packages. Here is everything that mattered.

Developer Tools & Platforms

Cursor 3.2 Adds Async Sub Agents and Multi Root Workspaces -

Cursor 3.2 shipped on April 24 with three notable changes. The new /multitask command spawns async sub agents that handle parts of a request in parallel instead of queuing them, which is the same direction GPT-5.5 and Kimi K2.6 are pushing. Worktrees got an upgrade so you can run isolated tasks across branches in the background and promote any branch to the foreground in one click. The biggest workflow change is multi root workspaces. A single agent session can now target a reusable workspace made of multiple folders, so you can make cross repository changes spanning frontend, backend, and shared libraries without retargeting the agent each time.

Kimi K2.6 Promoted to GA with 12 Hour Runs and 300 Agent Swarms -

Moonshot AI flipped Kimi K2.6 from preview to general availability on April 21, eight days after the beta. The trillion parameter MoE backbone is unchanged with 32 billion active parameters and 384 experts. What is new is the execution layer. The context window is now 262,144 tokens with automatic compression so 12 hour runs do not collapse at hour nine. Native primitives spawn and coordinate up to 300 sub agents across 4,000 steps in a single swarm. Benchmarks land at 66.7 percent on Terminal-Bench 2.0 and 58.6 percent on SWE-Bench Pro. Vercel reported a 50 percent improvement on its Next.js benchmark and Factory.ai a 15 percent gain. K2.6 is live on Kimi.com, the Kimi App, the API, and the Kimi Code CLI, with weights on Hugging Face.

OpenAI Ships Workspace Agents in ChatGPT -

On April 22, OpenAI introduced Workspace Agents in ChatGPT, powered by Codex. They replace Custom GPTs for teams. Workspace Agents are shared agents that handle long running workflows inside an org’s permissions and run in the cloud so they can keep working without a chat window open. They show up in ChatGPT and in Slack. The launch went to Business, Enterprise, Edu, and Teachers plans as a research preview.

Eclipse Foundation Launches Open VSX Managed Registry -

On April 21, the Eclipse Foundation launched a managed version of Open VSX for VS Code extensions. The free community registry stays free for developers and open source projects. The managed tier ships a 99.95 percent uptime SLA, multi region infrastructure, 24/7 monitoring, identity based access controls, and usage dashboards. Open VSX serves over 300 million downloads per month with peak daily traffic above 200 million requests across 12,000 extensions and 8,000 publishers. Initial customers are AWS, Google, and Cursor. The launch is positioned as the open alternative to Microsoft’s VS Code Marketplace for AI native IDEs that need production grade reliability.

Atlassian and Google Cloud Tie Rovo to Gemini Enterprise -

Announced at Google Cloud Next on April 22, the expanded partnership puts Gemini 3 Flash behind select Rovo capabilities and lets Rovo run inside Gemini Enterprise. Atlassian also committed to running its AI training workloads on Google Cloud. For teams already using Jira, Confluence, or Bitbucket with Rovo, this is the integration that lets the agent reach out to Workspace data through Gemini.

OpenAI Opens Privacy Filter as an Open Weight Model -

On April 22, OpenAI released Privacy Filter, a 1.5 billion parameter open weight model with 50 million active parameters for detecting and masking personally identifiable information in text. The model supports up to 128,000 tokens of context and is built to run locally so you can do privacy preserving preprocessing without sending data to a hosted API. Useful in front of any logging, analytics, or fine tuning pipeline that touches user input.

Ant Group Releases Ling-2.6-Flash -

Ant Group dropped Ling-2.6-Flash on April 22, a 104 billion parameter MoE model with only 7.4 billion parameters active. It is built around token efficiency, hits an Intelligence Index of 26 on roughly 15 million output tokens (which the company says is 86 percent fewer than comparable models), and runs at up to 340 tokens per second. Pricing is 10 cents per million input tokens and 30 cents per million output tokens. Worth a look if you want a cheap MoE for high throughput agent loops.

GitHub Pauses Copilot Pro Sign-ups -

On April 20, GitHub stopped accepting new sign-ups for Copilot Pro, Pro+, and Student plans. The free plan still accepts new users. Joe Binder, VP of Product, said agentic workflows have changed Copilot’s compute profile and long running parallel sessions burn through far more capacity than the plan structure was built for. GitHub also tightened limits on individual plans, removed Opus from Pro (Pro+ keeps it), and added usage limit displays inside VS Code and the Copilot CLI. The cap is industry wide. Anthropic, OpenAI, and Google have all adjusted limits in recent months.

Security

Microsoft Ships Emergency ASP.NET Core Patch for CVE-2026-40372 -

On April 21, Microsoft released an out of band patch for CVE-2026-40372, a critical privilege escalation flaw in ASP.NET Core. CVSS 9.1. The bug sits in Microsoft.AspNetCore.DataProtection versions 10.0.0 through 10.0.6 and was a regression introduced in .NET 10. The managed authenticated encryptor computed the HMAC over the wrong bytes of the payload and then discarded the hash. That lets an unauthenticated attacker forge protected payloads, bypass integrity validation, forge authentication cookies, and gain SYSTEM access. The fix is .NET 10.0.7. Forged tokens stay valid until you rotate the DataProtection key ring, so patching alone is not enough.

nginx UI CVE-2026-33032 Under Active Exploitation -

CVE-2026-33032 is a missing authentication bug on the /mcp_message endpoint of nginx UI. CVSS 9.8. The endpoint is part of the Model Context Protocol exposure and any unauthenticated attacker on default config can drive privileged MCP operations, change nginx config, restart services, redirect traffic, and drop backdoors. Active exploitation in the wild was confirmed on April 22. Internet scans show roughly 2,600 instances still exposed. The fixed version is 2.3.6. Get off anything 2.3.5 or below and lock down access to the management interface.

CanisterWorm Hits Namastex Labs npm Packages -

A self propagating npm worm hit packages owned by Namastex Labs starting April 21. Affected packages include @automagik/genie, pgserve, and @fairwords/websocket. The worm uses install time execution to steal tokens, credentials, API keys, SSH keys, and configurations from cloud services, CI/CD systems, registries, Kubernetes, Docker, and LLM platforms. It exfiltrates the data and then propagates to additional packages. The TTPs overlap with the earlier TeamPCP/CanisterWorm work. If you ship anything that touches Namastex packages, audit what ran on your CI machines this past week.

GitHub Copilot Training Opt-Out Deadline April 24 -

GitHub updated its Copilot terms to expand what can be used for training including code context, accept and reject patterns, file content, and chat history from private repositories. The deadline to opt out under the previous terms was April 24. Past that date the opt out path is harder to reach. The setting lives at GitHub Settings, then Copilot, then Privacy. Toggle off “Allow GitHub to use my code snippets for product improvements” and “Allow GitHub to use my data for AI model training.”

Aikido Launches Endpoint Security for Developer Devices -

On April 20, Aikido shipped Aikido Endpoint, a lightweight agent that inspects and blocks risky packages, IDE extensions, browser plugins, and AI tools before they install on developer machines. The pitch matches the threat model behind the Vercel breach the same day. Most supply chain attacks start with one developer running something they should not have on a workstation that has access to production credentials.

Industry News

Sundar Pichai Says 75% of New Code at Google Is AI Generated -

In a blog post on April 22, Sundar Pichai said 75 percent of new code at Google is AI generated and reviewed by engineers, up from around 50 percent in fall 2025 and 25 percent in October 2024. He framed it as “agentic” engineering, with engineers orchestrating autonomous workflows rather than prompting for snippets. One complex code migration was reportedly finished six times faster than would have been possible a year ago with engineers alone. The internal platform is called Antigravity. As with Snap last week, the data point lands directly into the AI as cause of layoffs narrative, even though Pichai did not connect the two.

Anthropic Launches the Economic Index Survey -

On April 22, Anthropic announced a monthly Economic Index Survey delivered through Anthropic Interviewer. It samples Claude users with accounts at least two weeks old, rotates the panel each month, and asks about tasks people are handing off to AI, productivity gains, hiring shifts, and expectations for the year ahead. The goal is to combine qualitative responses with usage data to detect economic changes earlier than labor market statistics can.

Reliable Robotics Raises $160M for Autonomous Aircraft -

On April 21, Reliable Robotics closed a 160 million dollar round led by Nimble Partners. The company is scaling its autonomous aircraft system through FAA certification and says it has over 200 systems committed by customers. The biggest funding round of the week.

AcuityMD Raises $80M Series C for Agentic MedTech Sales -

On April 21, AcuityMD raised 80 million dollars in a Series C led by StepStone Group at a 955 million dollar valuation. The platform sells agentic AI for medtech sales teams and is used by over 400 companies.

Orkes Raises $60M Series B for AI Workflow Orchestration -

On April 23, Orkes closed a 60 million dollar Series B. The company sells a workflow orchestration platform that helps developers ship AI applications to production. The pitch leans on Gartner’s projection that AI software spending will hit 450 billion dollars in 2026.

Iron Galaxy Cuts 50 Roles in Orlando -

Iron Galaxy Studios filed a permanent termination of 50 employees at its Orlando facility on April 21. The cuts hit technical and creative roles hardest, including 34 programmers across associate, mid level, and senior bands. The 2026 layoff total across tech is now over 81,000 employees.

Redwood Materials Cuts 10% to Chase Energy Storage -

On April 21, Redwood Materials laid off about 135 employees, 10 percent of its workforce, as it pivots toward an energy storage focus. This is the second cut in five months for the JB Straubel founded battery recycling company.

The Numbers That Matter

58.6% GPT-5.5 SWE-Bench Pro score, below Opus 4.7’s 64.3 percent
82.7% GPT-5.5 Terminal-Bench 2.0 score
75% New code at Google that is AI generated, up from 50 percent in fall 2025
$100B Anthropic’s commitment to AWS over 10 years
5 GW Trainium capacity Anthropic is locking in
9.1 CVSS for ASP.NET Core CVE-2026-40372
9.8 CVSS for nginx UI CVE-2026-33032 under active exploitation
300 Sub agents Kimi K2.6 can coordinate in a single swarm
262,144 Token context window in Kimi K2.6
$2M Price asked for stolen Vercel data on BreachForums
$160M Reliable Robotics round, the largest of the week
15 years Tim Cook’s tenure as Apple CEO before stepping down

Quick Hits

Tim Cook steps down - April 20. John Ternus, SVP Hardware Engineering, named next CEO effective September 1, 2026. Cook moves to executive chairman. Arthur Levinson becomes lead independent director. Johny Srouji promoted to Chief Hardware Officer. Ternus joined Apple in 2001 and worked on iPad, AirPods, iPhone, Mac, and Apple Watch.

OpenAI GPT-5.5 - April 23. Fully retrained agentic model. SWE-Bench Pro 58.6 percent. Terminal-Bench 2.0 82.7 percent. GDPval 84.9 percent. Same per token latency as GPT-5.4 with fewer tokens per task. Plus, Pro, Business, Enterprise, and Codex first. API later.

Anthropic and AWS $100B deal - April 20. Over 100 billion dollars in AWS spend across 10 years. Up to 5 gigawatts of Trainium2, Trainium3, and Trainium4. Amazon adds 5 billion now, 20 billion later.

Google Cloud Next 2026 - April 22 to 23. Gemini 3.1 Pro, Gemini 3.1 Flash Image, Lyria 3. Gemini Enterprise Agent Platform with Agent Studio, Agent Registry, Agent Identity, Agent Gateway. 8th gen TPUs. Over half of Google’s 2026 ML compute is going to cloud.

Sundar Pichai blog post - April 22. 75 percent of new code at Google is AI generated. Up from 50 percent six months ago. Internal platform is Antigravity.

Vercel breach - April 20. Context.ai compromise leads to OAuth theft, Google Workspace takeover, and exfiltration of non sensitive environment variables. ShinyHunters posts data on BreachForums for 2 million dollars. Mandiant brought in. Next.js, Turbopack, OSS projects unaffected.

Microsoft .NET emergency patch - April 21. .NET 10.0.7 fixes CVE-2026-40372 in Microsoft.AspNetCore.DataProtection. CVSS 9.1. Rotate DataProtection key ring after patching.

Cursor 3.2 - April 24. /multitask async sub agents. Worktrees with one click foreground promotion. Multi root workspaces for cross repo agent sessions.

Kimi K2.6 GA - April 21. 12 hour autonomous runs. 300 sub agents per swarm. 262K context window with auto compression. SWE-Bench Pro 58.6 percent. Terminal-Bench 2.0 66.7 percent. Available on Kimi.com, API, Kimi Code CLI, and Hugging Face.

OpenAI Workspace Agents - April 22. Codex powered shared agents inside ChatGPT and Slack. Replaces Custom GPTs for teams. Business, Enterprise, Edu, Teachers research preview.

Codex CLI - April 23 to 24. CLI 0.124.0 added reasoning controls, multi environment session management, Bedrock support, and a remote plugin marketplace. CLI 0.125.0 added Unix socket transport and remote plugin installation.

Eclipse Open VSX Managed Registry - April 21. 99.95 percent uptime SLA. Multi region. Initial customers AWS, Google, Cursor. Free tier stays free.

Atlassian and Google Cloud - April 22. Gemini 3 Flash powers parts of Rovo. Rovo accessible inside Gemini Enterprise. Atlassian commits to Google Cloud for AI training workloads.

OpenAI Privacy Filter - April 22. 1.5B parameter open weight PII detection model. 50M active parameters. 128K context. Runs locally.

Ant Group Ling-2.6-Flash - April 22. 104B total / 7.4B active MoE. Up to 340 tokens/sec. 0.10 dollars per million input, 0.30 dollars per million output.

GitHub Copilot pause - April 20. Pro, Pro+, Student paused. Free plan open. Tightened limits. Opus removed from Pro. Usage displays in VS Code and CLI.

nginx UI CVE-2026-33032 - Active exploitation confirmed April 22. CVSS 9.8. Missing auth on /mcp_message. About 2,600 instances exposed. Patch is 2.3.6.

CanisterWorm npm worm - April 21 to 22. Hits Namastex Labs packages including @automagik/genie, pgserve, @fairwords/websocket. Steals tokens and propagates through CI.

GitHub Copilot training opt-out - Deadline April 24. Toggle off in Settings, Copilot, Privacy.

Aikido Endpoint - April 20. Inspects and blocks risky packages, IDE extensions, browser plugins, and AI tools at install time on developer devices.

Anthropic Economic Index Survey - April 22. Monthly survey through Anthropic Interviewer. Tracks tasks handed off to AI, productivity, hiring shifts.

Reliable Robotics $160M - April 21. Led by Nimble Partners. Autonomous aircraft.

AcuityMD $80M Series C - April 21. StepStone Group lead. 955M valuation. Agentic AI for medtech sales.

Orkes $60M Series B - April 23. AI workflow orchestration. Production agent deployment.

Iron Galaxy layoffs - April 21. 50 roles in Orlando. 34 programmers in the cut.

Redwood Materials layoffs - April 21. 135 employees, 10 percent of workforce. Energy storage pivot.

Three threads worth pulling on. The first is that the major model labs are now shipping in lockstep. Opus 4.7 took back the SWE-Bench Pro lead on April 16. Kimi K2.6 hit GA on April 21 with 12 hour runs. GPT-5.5 landed on April 23 with the agentic and terminal numbers. Cursor 3.2 ships async sub agents on April 24. The shape of “what good agentic coding looks like” is now being defined by four products at once and the differences between them are getting small enough that your choice may end up being about pricing and which CLI you prefer rather than which model is best this week. The second is that Pichai’s 75 percent number is going to do a lot of work. Last week’s Snap memo cited 65 percent. Pichai’s post cites 75. By next quarter every CEO writing a layoff memo will have a number in this range to point at. The number is honest in one sense and misleading in another. It says nothing about who is responsible for the code, how much was reviewed, or how much was rewritten. But it will be cited as if it does, and the cited percentage will keep climbing. The third is the Vercel breach. The path was AI tool with broad OAuth scope, employee Google Workspace takeover, then customer environment variables. That is not a Vercel problem. That is the shape of breaches in the agentic era. Every team that has wired Notion AI, Glean, Context.ai, or any other helper into their Workspace with full Drive scope has the same exposure. If you have not audited your OAuth grants in 2026, this is the week.

See you next week.

Dev Weekly Apr 20-26, 2026: Tim Cook Steps Down, GPT-5.5, Vercel Breach, Anthropic-AWS $100B

Tim Cook steps down as Apple CEO with John Ternus named successor, OpenAI ships GPT-5.5 for agentic coding, Vercel discloses a Context.ai supply chain breach, Anthropic commits over 100 billion dollars to AWS, and Google Cloud Next 2026 ships Gemini 3.1 and an Enterprise Agent Platform.

Top Stories This Week

Tim Cook Steps Down as Apple CEO, John Ternus Takes Over -

OpenAI Releases GPT-5.5 for Agentic Coding -

Anthropic Commits $100B to AWS for 5 Gigawatts -