🎯 Top 3 Things to Know
1. OpenAI is shipping GPT-5.5 Cyber to a closed list of "critical cyber defenders" — and limiting it the same way Anthropic limited Mythos. A month after OpenAI publicly criticized Anthropic for not releasing Mythos, OpenAI is doing the same thing with its own offensive-capable model. The signal: frontier labs are now treating offensive cybersecurity capability as a category that simply does not get a public API, regardless of competitive pressure. Expect this to harden into industry default. TechCrunch
2. Anthropic is in talks to raise at a $900B valuation — past OpenAI's last round. First time Anthropic would lead the headline-valuation table. Comes nine days after Google committed up to $40B in cash and compute. The interesting part isn't the number; it's that Claude's enterprise revenue trajectory (rather than consumer) is now what's underwriting that valuation, which has implications for how the API gets priced and prioritized. CNBC
3. EU AI Act trilogue collapsed Tuesday night. High-risk obligations are still on track for August 2. The Digital Omnibus, which would have pushed high-risk AI compliance to December 2027, did not get through the second trilogue on April 28. Next session is around May 13. Until then, anyone building or deploying high-risk systems in the EU should plan for the original deadline, not the rumored extension. IAPP
🚀 Frontier Models & Features
OpenAI GPT-5.5 Cyber (above) — penetration testing, vuln identification, malware reverse engineering. Distributed via vetted access only, mirroring Anthropic's Glasswing approach to Mythos. TechCrunch
Mythos has now found "thousands" of zero-days across every major OS and browser, per Anthropic's updated red-team disclosure. The number itself is the news — last month it was hundreds. The vulnerability surface labs are sitting on is growing faster than the disclosure pipeline can absorb. The Hacker News
🔬 Research Worth Reading
🔖 SYNTHESIZE CANDIDATE — Single-Agent LLMs Outperform Multi-Agent Systems on Multi-Hop Reasoning Under Equal Thinking Token Budgets (independent authors, arXiv:2604.02460). Argues information-theoretically that under a fixed reasoning-token budget, a single agent with full context beats a multi-agent decomposition. Pushes back on the "multi-agent by default" assumption baked into a lot of 2026 architectures. Worth a deeper read — if the result holds, it simplifies a lot of agent design. arXiv
Reasoning Graphs: Deterministic Agent Accuracy through Evidence-Centric Chain-of-Thought Feedback (arXiv:2604.07595). Persists each agent run's evidence-CoT as graph edges and feeds that structure back into the next run. Useful framing for anyone trying to make agent loops less stochastic without going full RL. arXiv
🏢 Enterprise in the Wild
Microsoft Dragon Copilot crosses 100,000 clinicians. Now deployed at Mount Sinai, Tampa General, and across nine countries; 58 languages supported. Effective May 1, Microsoft is moving to a per-encounter consumption model and dropping per-user list price — the first real pricing-architecture shift in clinical ambient AI, and a signal that the category is being commoditized into utility billing. MSN/AP coverage · Microsoft Cloud blog
JPMorgan running 450+ active agentic AI use cases in production, including 30-second IB pitch generation and real-time trade-settlement automation. A useful public reference for the current operational scale of agentic AI inside a tier-1 bank. Stanford Digital Economy Lab playbook (PDF)
🛠️ Tooling & Ecosystem
⭐ ANTHROPIC — Claude Code 2.1.113 → 2.1.117 shipped between April 17–22. Highlights:
alwaysLoadflag on MCP server config (skips tool-search deferral for that server's tools), parallel reconnection of subagent and SDK MCP servers, and a 500K-token MCP context allowance. ThealwaysLoadflag is the practical one — finally lets you pin a small server's tools so the harness doesn't hide them behind a search step. Claude Code changelogCVE MCP Server (open source) — exposes 27 tools across 21 vulnerability data APIs (NVD, EPSS, KEV, Exploit-DB, etc.) to any MCP-compatible host. Worth noting if you're building security-side agent workflows; pairs naturally with Claude Code. Cybersecurity News writeup
⚖️ Policy & Regulation
EU AI Act trilogue failed April 28 (above). Next session ~May 13 under Cypriot Council Presidency, which has until June 30 to close it. Practical impact: keep planning for the August 2, 2026 high-risk enforcement date. IAPP · TechPolicy.Press
U.S. — Commerce Department's evaluation of "burdensome" state AI laws is due in mid-March, then quiet. The Trump December 2025 EO directed DOJ to challenge state laws Commerce flags. Worth watching whether that report drops in the next two weeks; it would be the cue for litigation against California's SB-style regimes. Wilson Sonsini
📌 Watch List
- Multi-agent systems — token-economy assumption getting questioned more openly; the single-agent-beats-multi-agent paper above is the cleanest articulation so far.
- Frugal AI — Microsoft's per-encounter Dragon pricing is a downstream signal that the category is shifting to utility billing.
- Claude Code skills —
alwaysLoadMCP flag changes how skills/tools compose in long-running sessions. - Agent evaluation — Reasoning Graphs paper offers a deterministic-eval angle worth tracking.