News and Tech Update

Anthropic has abruptly walked back a controversial, unannounced policy that degraded the performance of its latest model, Claude Fable 5. The reversal follows intense backlash from the machine learning community, which criticized the company for a lack of transparency and anti-competitive behavior, according to a Wired report. The controversy began earlier this week with the release of Claude Fable 5, a version of Anthropic’s highly sophisticated Mythos system equipped with specialized national security guardrails. While the company openly said it would reroute hazardous prompts regarding cybersecurity, biology, and chemistry to less advanced models, it did not disclose a separate restriction: silently throttling requests tied to frontier LLM development. AI researchers quickly noticed that when Fable 5 was tasked with training competing LLMs, debugging AI code, or optimizing neural architecture, the model would covertly fail or degrade its output without notifying the user. This hi...

For years, running npm install meant trusting that whatever code got pulled in would behave itself. That trust was often misplaced. Starting in July 2026, npm v12 changes the rules. Install scripts won’t run automatically anymore. Neither will dependencies be pulled from Git repos or remote URLs. All of it becomes opt-in. This is a direct response to a wave of supply chain attacks that have hammered the JavaScript ecosystem over the past year. In September 2025, attackers hijacked 18 popular npm packages — including debug and chalk — libraries found in virtually every Node.js project. With combined downloads exceeding 2.6 billion per week, it was one of the largest npm attacks in history. In 2025 alone, attackers published nearly 455,000 malicious npm packages. The attacks haven’t slowed down — the March 2026 Axios compromise weaponized one of npm’s most-downloaded packages through credential theft. The ecosystem needed a structural fix, not just better scanning t...

Internal developer platforms have become a tangled web of orchestration tools, CI runners and deployment systems that rarely speak the same language. Every new integration adds another translation layer, and as AI-driven automation starts to plug into those pipelines, the lack of a shared vocabulary for what is actually happening across the software delivery lifecycle becomes a real bottleneck. Without a consistent way to describe build, test and deploy events, both humans and agents are left stitching together logs and webhooks from systems that were never designed to interoperate. Dadisi Sanyika of the Continuous Delivery Foundation sat down with Mike Vizard to walk through how CDEvents is tackling that fragmentation. CDEvents defines a common event specification — essentially a standardized set of receipts that tools like Jenkins, Tekton and other delivery systems can emit as work moves through the pipeline. That shared semantic layer gives platform teams a reliable way to wire h...

Imagine handing the same master key to every contractor who works on your building. No names, no records, no way to know who came and went. If the key gets copied, passed around or lost, you’d have no idea. You’d only find out something went wrong after the damage had been done.   That’s essentially what API keys do for your AI agents , and for prototypes, that’s fine.    However, the moment your agent moves into production, accessing real data, taking real actions and operating inside real systems, that master key becomes a liability you can’t afford.   The Risks and Benefits of API Keys   Developers are under a huge amount of pressure to build faster. Every organization wants to benefit from agentic AI, and devs play an integral role in making that happen.   Given this, it’s easy to see the appeal of API keys: They’re simple to use and can get you to a proof of concept almost instantly. The problem is that they’re severely lacking from a security standpoint.   API keys work by ...

Turning continuous integration and continuous delivery (CI/CD) pipelines into emissions‑controlled workloads is a strategy businesses adopt to reduce the carbon footprint of their pipelines. This article examines how a Carbon-Aware DevOps strategy can help optimize CI/CD pipelines for sustainability by reducing their carbon footprint while also decreasing costs and meeting the increasing demand for innovative, eco-friendly solutions.   Understanding the Problem   Today’s organizations take advantage of CI/CD pipelines to streamline and accelerate their software delivery. However, these CI/CD pipelines can become a hindrance to sustainability because of the resources required to create, build, test and ultimately deploy software into production.   Typically, CI/CD pipelines run tens of thousands of automated builds, tests and deployments daily, thereby consuming significant compute and energy resources. If you don’t take the steps necessary to reduce the emissions generated by these ...

GitLab today, at its Transcend 2026 conference, launched a bevy of updates that collectively optimize its integrated DevOps platform for the volume of code being generated by artificial intelligence (AI) coding tools. At the core of that effort is a Next Generation Source Code Management, a re-vamped implementation of the Git protocol that is based on a distributed architecture that makes it possible to scale DevOps workflows in a way that enables AI agents to complete tasks 50 times faster Manav Khurana, chief product and marketing officer for GitLab, said this implementation of the Git protocol takes advantage of distributed processing and storage engines to meet the requirements of DevOps workflows that are increasingly being driven by AI coding tools and associated agents. Additionally, GitLab is also now able to limit server-side queries to only what the actual task requires. At the same time, GitLab is adding a context graph, dubbed GitLab Orbit, that maps code, work items, p...