The Monthly Dispatch - April 2026

Another month, another stack of tabs I never closed. April delivered a flood of new model releases, a major reshuffle in the OpenAI-Microsoft-Amazon triangle, and one of the funniest model behavior post-mortems I’ve ever read.

Tech & Industry

• The next phase of the Microsoft-OpenAI partnership: The two companies restructured their deal on April 27. Microsoft’s IP license is now non-exclusive (still runs through 2032), Azure stays the primary cloud, and Microsoft will no longer pay OpenAI a revenue share. OpenAI can finally serve any cloud and openly head toward an IPO (see below 👇)

• OpenAI ends Microsoft legal peril over its $50B Amazon deal and OpenAI lands on Amazon Bedrock: Less than 24 hours after the Microsoft restructuring, OpenAI’s models and the Codex agent showed up on AWS Bedrock as a preview. The $50B Amazon investment from February now has somewhere to go, and the cloud math just changed for a lot of enterprise teams (including ours, I guess).

• Cursor partners with SpaceX on model training: SpaceX gets to train coding models with Cursor and an option to acquire it for $60B, with a $10B breakup fee if they walk. Compute comes from xAI’s Colossus supercomputer through SpaceX. Sounds strange but very obvious xAI / Elon underneath.

• Delve loses YC and gets caught lifting open source: Following last month’s fraud allegations, a whistleblower called “DeepDelver” alleged Delve’s Pathways tool is a fork of Sim.ai’s open-source SimStudio, with no license or attribution. A few days later, Delve was quietly removed from YC’s portfolio directory. No good.

AI Models & Releases

• Claude Opus 4.7: Anthropic shipped Opus 4.7, with better agentic coding, multi-domain reasoning, tool use, and vision than 4.6, at the same price ($5/$25 per M tokens). Worth flagging: this is not the productized version of Mythos Preview from last month’s rumours. Anthropic explicitly says Opus 4.7 is “less broadly capable” than Mythos and that they ran differential training to reduce its cyber capabilities. Mythos is still its own thing (more on that below).

• Qwen 3.6: Alibaba released an entire 3.6 product line: Max-Preview, plus Plus, Flash, and open-weights versions. The 27B dense open model reportedly beats their own 397B MoE on agentic coding benchmarks. The pace is hard to keep up with.

• GLM-5.1: Towards Long-Horizon Tasks: z.ai’s 754B MoE hit SOTA on SWE-Bench Pro (58.4), ahead of GPT-5.4, Opus 4.6, and Gemini 3.1 Pro. Headline pitch is 8-hour autonomous execution across hundreds of iteration rounds. The bar for “long-horizon” keeps moving.

• GPT-5.5: OpenAI shipped 5.5, just weeks after 5.4. More expensive per token but apparently more token-efficient overall, with stronger agentic and computer-use chops. Ethan Mollick had 5.5 Pro procedurally model a harbor town evolving from 3000 BCE to 3000 AD and only 5.5 Pro actually simulated evolution rather than swapping building sprites.

• Kimi K2.6: Moonshot’s coding model went GA with 12-hour autonomous sessions, 300-agent swarms, and 4,000 coordinated steps. Open-source, with hefty gains in tool invocation success and long-context stability over K2.5.

• DeepSeek V4 Preview: Open-sourced in two flavors: V4-Pro (1.6T total / 49B active) and V4-Flash (284B / 13B). 1M context, dual Thinking and Non-Thinking modes, near-frontier benchmarks at a fraction of the price.

• ChatGPT Images 2.0: April 21 release of gpt-image-2, with much better text rendering (including non-Latin scripts), 2K resolution, and “thinking” image generation that can search the web and double-check itself. DALL-E 2 and 3 retire on May 12.

AI Tools & Agents

• Caveman: A Claude Code (and Codex) skill that makes the model talk like caveman, cutting roughly 75% of output tokens with very little quality loss. Now part of a small ecosystem with cavemem for memory and cavekit for tooling. “Why use many token when few do trick”.

• Claude Design: Chat on the left, canvas on the right, Opus 4.7 under the hood. During onboarding it reads your codebase and design files to build a per-team design system, then hands off a build bundle to Claude Code when you’re done iterating. Direct shot at Figma, v0, and Lovable. Not gonna lie, it does eat up your tokens real fast!

• Project Glasswing: Anthropic teamed up with AWS, Apple, Google, Microsoft, NVIDIA, JPMorgan, the Linux Foundation, and a handful of others to secure critical software with the unreleased Mythos Preview. Mythos has reportedly already found a 27-year-old vulnerability in OpenBSD and a 16-year-old one in FFmpeg. Anthropic is putting up $100M in usage credits and $4M in donations to open-source security work. Apparently some people found these vulnerabilities with open weight models too, so it might not be as big a deal as it seems.

• DESIGN.md is now open-source: YAML front matter for design tokens plus markdown prose for rationale, in a format easy for agents to consume. Works with Claude Code, Cursor, Copilot, and Stitch itself. The closest thing we have so far to a AGENTS.md for design systems.

• Friends Don’t Let Friends Use Ollama: A sharp argument that Ollama drifted from its local-first roots without much disclosure.

Ideas & the Human Side

• How the “AI Loser” may end up winning: A bullish case for Apple, the supposed AI laggard. Unified memory architecture across M-series and A-series, deep cash reserves, and patience while everyone else burns through funding. Worth a read even if you don’t fully buy the thesis.

• JEPA (Joint Embedding Predictive Architecture): Spent some time reading up on Yann LeCun’s JEPA work. Instead of next-token prediction in pixel or text space, it predicts representations in an abstract embedding space and skips the parts of the input that aren’t predictable anyway. Very different mental model from how current frontier models are trained.

• Artemis II breaks the Apollo 13 distance record: On April 6, the Artemis II crew (Reid Wiseman, Victor Glover, Christina Koch, and CSA’s Jeremy Hansen) reached 252,756 miles from Earth, 4,111 miles farther than Apollo 13. They splashed down on April 10. Got buried under the AI news cycle, but it’s the farthest humans have ever been.

Security & Privacy

• Claude Code’s source leaked via npm: Anthropic shipped v2.1.88 of the Claude Code npm package with a 59.8 MB source map and ~512,000 lines of unobfuscated TypeScript across roughly 1,900 files. A clean-room rewrite hit 50K GitHub stars in two hours. The leak also exposed an unreleased “KAIROS” mode, an always-running Claude assistant that watches and proactively acts. Anthropic called it human error, not a security breach. Either way, no secret sauce left.

• Lovable’s BOLA mess: From February 3 to April 20, public Lovable projects exposed chat history and source code via a Broken Object Level Authorization vulnerability. HackerOne reports about it were repeatedly closed because Lovable’s internal docs said the behavior was intentional. Lovable then denied the leak on X, blamed the documentation, blamed HackerOne, and finally apologized. The vibe coding crowd had a rough month on security.

• Vercel breached via Context AI: A Vercel employee installed a Context AI app and granted it OAuth access to their corporate Google account. Attackers used that connection to pivot into Vercel’s internal systems and steal credentials, source code, and database access. ShinyHunters is asking $2M on BreachForums. Vercel says the impact may extend to “hundreds of users across many organizations.” Cautionary tale of the month for anyone connecting third-party AI apps to their workspace.