💬 Editor’s Note

April was a four-week siege on the idea that anything in the AI stack stays closed.

This is the first ICYMI. New format we’re trying. A monthly recap that lands at the start of each month, rounds up the news worth catching, and wraps up the month that just ended for anyone who skipped the Weeklies. The Weekly still ships every Friday for the running picture. This is the rear-view mirror, sent monthly.

I know “monthly recap” usually means a flat list of every announcement. I’m not doing that. Half of what shipped this month was already forgotten by week two. I want to trace what actually connects them.

Claude Code’s source map leaked on day one. Mythos got announced as too dangerous to release on April 8 and was already accessible to unauthorized users by April 22. GitHub silently reverted merged PRs for four hours, shipped a 9.x remote code execution vulnerability the same week, and watched Mitchell Hashimoto pull Ghostty off the platform. Cal.com flipped to closed source mid-month and lost the room within 48 hours. Vercel got popped through a Roblox cheat. Bitwarden’s CLI got supply-chain compromised. Tim Cook stepped down at the most valuable company in history. A missile hit an AWS region in Bahrain. Sam Altman’s house got Molotov’d.

Pick any “closed”, “secured”, “exclusive”, or “physically untouchable” assumption and April broke at least one version of it.

What I keep coming back to: the AI industry’s compute, code, weights, ideology, and physical infrastructure are all in the same shape now. Under pressure, leaking, and about to find out which of them was actually holding the whole thing up.

📰 Top News

GitHub had its worst month ever

Pick any week of April and GitHub was breaking something.

April 1: GitHub kills its Copilot PR ads after user backlash.

April 22: Copilot pauses new individual plan signups, demand outstripping the compute.

April 25: a 4.5-hour merge-revert bug silently undoes previously merged commits, with no clean way to detect what got rolled back unless you were watching the diff in real time.

April 28: Copilot credit multipliers change without warning.

April 29: GitHub posts a public availability update, Wiz drops CVE-2026-3854 (a remote code execution vulnerability in GitHub itself), and Mitchell Hashimoto pulls Ghostty off the platform with a long, calm post.

Then someone publishes a fresh investigation showing GitHub’s star counts are partly fake.

None of these on their own kills GitHub. Stack them all into 30 days and “you have to be on GitHub” stops sounding obvious for the first time in years. Watch self-hosted Forgejo, Gitea, and Sourcehut adoption through Q3.

https://github.blog/news-insights/company-news/an-update-on-github-availability

Anthropic shipped Mythos as too dangerous, then it leaked

Anthropic announced Mythos (codenamed Glasswing) on April 8. The pitch: a model so good at finding zero-days they refused to release it publicly. The safety research would ship into a future Claude Opus instead. Two weeks later, Channel News Asia ran Bloomberg’s report that Mythos was already being accessed by unauthorized users. The model that was too dangerous to release was already partially loose. OpenAI teased an equivalent at chatgpt.com/cyber the same week, which is going to be the next year of vendor pitches.

https://www.channelnewsasia.com/business/anthropics-mythos-model-accessed-unauthorized-users-bloomberg-news-reports-6072031

Tim Cook is stepping down at Apple

Yahoo Finance ran the number. Investors are $4T richer because of Cook’s tenure. The succession question now sits next to a stepping-down market cap larger than every other company on earth except Microsoft and Nvidia. Worth reading for the bigger picture more than the news itself. The way Apple handles the next CEO is the most important corporate handover of the decade, and it’s landing in the same quarter as the Microsoft and OpenAI shakeup.

https://finance.yahoo.com/markets/stocks/article/tim-cook-is-stepping-down-as-apples-ceo-investors-are-4-trillion-richer-because-of-him-230325543.html

GPT-5.5 and DeepSeek V4 shipped the same day

April 24: OpenAI announced GPT-5.5 and DeepSeek dropped V4 as a preview on Hugging Face within hours of each other. CNBC framed V4 as the open-source counter to closed frontier. The actual story is that the gap between China’s open weights and US closed weights compressed by another step in a single afternoon. If you’re benchmarking Q3 model decisions, the post-April baseline is different from the pre-April baseline.

https://openai.com/index/introducing-gpt-5-5/

Microsoft and OpenAI redrew the deal

Microsoft ended its exclusive license to OpenAI’s tech and the two restructured the relationship to give OpenAI room on infra, hardware, and consumer products. Reuters confirmed the exclusivity sunset. Microsoft’s own post called it the “next phase.” Read it alongside Google’s $40B into Anthropic and the picture is each frontier lab quietly getting paired with a single cloud giant just to keep the compute coming.

https://blogs.microsoft.com/blog/2026/04/27/the-next-phase-of-the-microsoft-openai-partnership

Sam Altman’s house got Molotov’d

A man was charged after throwing a Molotov cocktail at the OpenAI CEO’s home. Reuters has the indictment. The “AI CEOs are public figures now” line stops being a metaphor when someone actually attacks one of their houses. Expect a hard pivot on security and PR across every frontier lab in the next quarter. The executive-protection vendors already saw it coming.

https://www.reuters.com/legal/government/man-charged-after-molotov-cocktail-attack-openai-ceo-sam-altmans-home-2026-04-13

🕵️ Undercovered

Microsoft is putting $5.5B into Singapore

Microsoft Asia announced $5.5B in spend plus a new Microsoft Elevate program covering every tertiary student, educator, and nonprofit in Singapore. Headlines went to other Microsoft moves the same week. This one is the bigger long-term bet. If you operate in SEA, this changes the AI tooling baseline for the next two graduating cohorts. If you don’t, it changes who the cheapest junior AI engineers in the region are by 2027.

https://news.microsoft.com/source/asia/2026/04/01/microsoft-announces-5-5-billion-spend-and-new-microsoft-elevate-programs-to-support-every-tertiary-student-educator-and-nonprofit-to-power-singapores-ai-future

Iran strikes damaged an AWS region in Bahrain

Reuters and the Independent both confirmed Iranian strikes hit Amazon’s cloud infrastructure in Bahrain on April 1. The Register added context on how AWS would prefer this story didn’t exist. The point isn’t the geopolitics. It’s that “your compute is a soft physical target” stopped being a thought experiment in April. Every multi-region failover assumption built since 2010 was based on the implicit promise nobody was going to drop ordnance on a datacenter. That promise is now over.

https://www.reuters.com/world/middle-east/amazons-cloud-business-bahrain-damaged-iran-strike-ft-reports-2026-04-01

Someone bought 30 WordPress plugins and backdoored all of them

Anchor Host’s writeup is the cleanest version. A buyer acquired 30 separate WordPress plugins and planted the same backdoor in all of them at once. WordPress plugin marketplaces have never really tracked who actually owns what, and this is the first time someone abused that at this scale in public. If you run anything WordPress-shaped, audit your installed plugins this week. Assume any plugin that changed ownership in March or April is suspect until proven otherwise.

https://anchor.host/someone-bought-30-wordpress-plugins-and-planted-a-backdoor-in-all-of-them

Cal.com went closed source and lost the room

Cal.com‘s own blog post explained the closed-source pivot. Pumfleet’s reply on X captured the community reaction within hours. The interesting part isn’t whether they’re right or wrong on the business case. It’s that the open-source-first identity Cal.com built for years collapsed inside a 48-hour window the moment they tried to monetise it. Worth reading next to the Roo Code-shutting-down-its-VSCode-extension story. Same shape, smaller scale.

https://cal.com/blog/cal-com-goes-closed-source-why

Lovable got breached and tried to blame its users

The Register laid out the chronology. Lovable’s own response post pinned the issue on user-side misconfiguration. The Register and the X reaction called it what it was. Pair this with the Vercel/ShinyHunters breach, which Forbes traced back through context.ai through a Roblox cheat installed on a company laptop, and April was the worst month for AI-tools supply-chain credibility on record. Add the Bitwarden CLI compromise and the Trivy supply chain compromise on top, and the conclusion is unavoidable: the tools the AI ecosystem leans on hardest are the least audited.

https://www.theregister.com/2026/04/20/lovable_denies_data_leak

🗄️ The Vault

Brave Origin

Brave shipped a paid standalone browser at brave.com/origin that strips every revenue-generating feature out of Brave: no rewards, no crypto, no built-in ads. It’s a quiet bet that a real subset of users will pay for the engine without the surrounding business model. The most interesting browser launch of April, and a useful counterpoint to Microsoft’s parallel decision to bribe people onto Edge with a $1M giveaway and a Mercedes-Benz.

https://brave.com/origin/download-nightly

Cursor 3

Cursor’s full v3 release dropped on April 3. New agent harness, new editor surface, faster local indexing. Read the post for the changelog. The bigger story is how much of Cursor’s competitive moat now lives in agent UX rather than the underlying model. Three weeks later SpaceX confirmed a $60B option to acquire them, which is its own follow-on read.

https://cursor.com/blog/cursor-3

Notion’s Claude partnership

Notion and Anthropic announced an integrated Claude experience across Notion. Worth looking at if you already live in either ecosystem. It’s also the cleanest reference for what “AI inside an existing product” looks like when neither side has to compromise on identity. The fact that this shipped while Anthropic was visibly running out of compute makes the partnership economics more interesting, not less.

https://www.notion.com/partners/claude

Flow Music (Google)

Google’s per-track music generation app at flowmusic.app. Real timeline editing, individual stem fine-tuning, controls Suno doesn’t expose. Closest thing yet to Logic Pro for prompts. Not the same Flow Google ships for video at labs.google/flow.

https://www.flowmusic.app

DaVinci Resolve 21

Blackmagic shipped Resolve 21 on April 14. The new AI features land just as Adobe’s response is taking longer than the market expected. If you cut video and haven’t moved off Premiere yet, this is the version where the migration starts to make sense.

https://www.blackmagicdesign.com/sg/media/release/20260414-01

🔥 This Month’s Pick

Anthropic spent April watching its moat leak

Pick one company and trace it across the whole month. Anthropic is the only honest answer.

April 1: Claude Code’s source map leaks. Mirrors in Python, Rust, and a dozen other languages go up within 24 hours.

April 4: Anthropic starts banning OpenClaw users from Claude subscriptions.

By mid-April there’s a literal OpenClaw family tree paper on bioRxiv at claw4science.org.

April 8: Mythos (Glasswing) gets announced as too dangerous to release.

April 22: Bloomberg reports Mythos is already being accessed by unauthorized users.

The model that was meant to be locked in a vault was already partially loose.

April 9: Notion-Claude partnership.

April 10: a new $100 5x Pro plan slots between Plus and the original $200 20x Pro, plus a teased Advisor strategy where cheaper models call Mythos-class models for help.

April 13: Opus 4.6 quality regression complaints flood X.

April 17: Claude Opus 4.7 ships, half-fixing it.

Then mid-to-late April everything starts piling on. A prompt-caching bug. Silent peak-hour burn-rate increases. A Claude Code regression bad enough to need a public postmortem on April 23. Default 1M context windows quietly making Opus 4.6 output worse. Claude Code getting silently removed from Pro for 2% of new signups.

Boris Cherny himself posts a public defense on Threads, which is its own tell.

Add the consumerrights.wiki HERMES.md billing-flaw documentation, and the picture is a company shipping rugpulls at every layer of the stack at the same time.

April 23: GIC + Anthropic deal in Singapore.

April 24: Google announces up to $40B into Anthropic in cash and compute.

April 27: TechCrunch confirms it.

Here’s what made April make sense to me: this is what running out of compute looks like, not what failing looks like.

Anthropic is the most starved-for-compute frontier lab in the market right now, and the leaks, the rugpulls, the OpenClaw bans, the silent Pro tier downgrades, and the $40B Google bailout are all symptoms of the same underlying shortage.

The $40B isn’t an investment. It’s life support, paid in TPU.

The thing to actually watch through May is whether Anthropic’s product surface stops bleeding once the Google compute starts arriving, or whether the trust they burned in April is gone for good.

Amol Avasare@TheAmolAvasare

For clarity, we're running a small test on ~2% of new prosumer signups. Existing Pro and Max subscribers aren't affected.

George Pu @TheGeorgePu

Anthropic just pulled Claude Code from the Pro plan. Pro users wanting it need Max now. $100/month minimum. 5x jump. I'm on Max 20x so I'm fine. Flagging for anyone on Pro who's about to find out. No announcement. Just a pricing page edit.

10:55 PM · Apr 21, 2026 · 6.84M Views

---

1.36K Replies · 683 Reposts · 5.26K Likes

🧪 This Month’s Experiments

• Audit any WordPress plugins you run, especially anything updated in March or April. Check the change history for ownership transfers, and remove anything that flipped hands.

• Pick one Anthropic product surface you actually pay for. Check whether its current behaviour matches what you signed up for two months ago, and decide if the gap is still acceptable.

• Spin up DeepSeek V4 from Hugging Face for a weekend benchmark against your current closed model, on the tasks you actually run. Track the deltas honestly, even when they’re inconvenient.