Today in AI — 1 April 2026
Today's top AI news — curated links and commentary on the stories that matter for product builders.
Two accidental source code leaks in five days, a $10B startup breached through a poisoned Python package, and developer data quietly becoming training data. The biggest risk in AI right now is not capability but the operational discipline required to wield it.
Anthropic's operational crisis
A missing .npmignore in Claude Code v2.1.88 exposed 512,000 lines of TypeScript, including unreleased agent features and 44 internal feature flags. Within hours, a clean-room Python rewrite hit 50,000 GitHub stars. Coming five days after the Mythos CMS leak, this is now a pattern, and one that puts Anthropic's reported October IPO plans under real scrutiny.
- Claude Code source leaks via npm packaging error — 512,000 lines of TypeScript exposed — VentureBeat
- Claude Code Python clone becomes fastest-growing GitHub repo in history — Layer5
- Anthropic's second major leak in one week threatens IPO timeline — Fortune
OpenAI consolidates its lead
OpenAI closed the largest private funding round ever at $852B valuation, opened its cap table to retail investors for the first time, and shipped ChatGPT to car dashboards via CarPlay. Meanwhile, Sora's confirmed shutdown frees up the team for robotics world models. The strategy is clear: double down on what works, cut what doesn't, and build the shareholder base for an IPO.
- OpenAI closes record $122B round at $852B valuation as IPO looms — CNBC
- OpenAI opens funding to retail investors for the first time ahead of expected IPO — TechCrunch
- ChatGPT launches on Apple CarPlay for hands-free voice conversations — MacRumors
- Sora app shutdown confirmed for April 26 as team pivots to robotics — The Decoder
Trust is the new attack surface
Mercor's $10B valuation didn't protect it from a poisoned LiteLLM package that stole credentials from thousands of companies. GitHub announced it will use Copilot interaction data to train models starting 24 April, with users opted in by default. And California's new executive order now requires AI vendors to prove safeguards before winning state contracts. If you're building on open-source AI tooling, your supply chain hygiene matters more than your model choice.
- Mercor confirms cyberattack from LiteLLM supply chain compromise — TechCrunch
- GitHub will use Copilot interaction data to train AI models starting April 24 — GitHub Blog
- California governor signs first-of-its-kind AI executive order on misuse prevention — Governor of California
The infrastructure bill arrives
Oracle is cutting 30,000 jobs to fund $156B in AI data centres, while Google released Veo 3.1 Lite at half the cost of its predecessor. One company is betting everything on owning the physical layer; the other is racing to make it cheaper. Both are bets on the same future, and the question is who pays.
- Oracle cuts up to 30,000 jobs to fund $156B AI data center buildout — CNBC
- Google launches Veo 3.1 Lite — half-price AI video for developers — Google Blog
The companies with the biggest valuations are the ones leaking source code, getting breached through their dependencies, and quietly rewriting data policies. Build accordingly.