<?xml version="1.0" encoding="UTF-8"?>
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom">
  <channel>
    <title>promptgarten — AI news</title>
    <link>https://promptgarten.com/en/feed/</link>
    <description>Verified news on AI coding tools, models and agents. Explained simply.</description>
    <language>en</language>
    <atom:link href="https://promptgarten.com/feed.en.xml" rel="self" type="application/rss+xml"/>
    <item>
      <title>OpenAI Codex grows to 8 million users after GPT-5.6 launch</title>
      <link>https://promptgarten.com/en/feed/#openai-codex-8-million-nutzer</link>
      <guid isPermaLink="false">openai-codex-8-million-nutzer</guid>
      <pubDate>Tue, 14 Jul 2026 09:00:00 GMT</pubDate>
      <category>tools</category>
      <description>OpenAI reports 8 million active users across Codex and ChatGPT Work combined — up from 5 million in early June, driven by the GPT-5.6 launch on July 9. Codex lead Tibo Sottiaux announced on X another reset of usage limits; the usual 5-hour rate limit remains suspended for now. — Tibo Sottiaux (OpenAI): &quot;We have reached 8M active users across Codex and ChatGPT Work&quot; (X): https://x.com/thsottiaux/status/2077114635308986427 · The New Stack: OpenAI hits 8 million Codex users — what developers need to know: https://thenewstack.io/gpt-5-6-codex-user-surge/</description>
    </item>
    <item>
      <title>GitHub Copilot gets its own security review command in the app</title>
      <link>https://promptgarten.com/en/feed/#github-copilot-security-review-app</link>
      <guid isPermaLink="false">github-copilot-security-review-app</guid>
      <pubDate>Tue, 14 Jul 2026 09:00:00 GMT</pubDate>
      <category>tools</category>
      <description>The /security-review command is now available as a Public Preview directly in the GitHub Copilot app, scanning ongoing code changes for vulnerabilities like injection, XSS, insecure data handling, path traversal, and weak cryptography. Results are prioritized by severity, and fixes can be applied and re-checked directly in Copilot. Available for Free, Pro, Business, and Enterprise users. — GitHub Changelog: Security reviews now available in the GitHub Copilot app: https://github.blog/changelog/2026-07-14-security-reviews-now-available-in-the-github-copilot-app/</description>
    </item>
    <item>
      <title>Grok Build CLI uploaded entire code repos, including secrets, to xAI</title>
      <link>https://promptgarten.com/en/feed/#grok-build-cli-repo-upload-leak</link>
      <guid isPermaLink="false">grok-build-cli-repo-upload-leak</guid>
      <pubDate>Tue, 14 Jul 2026 09:00:00 GMT</pubDate>
      <category>security</category>
      <description>Security researcher &quot;cereblab&quot; showed via wire-level analysis that xAI's coding tool Grok Build (v0.2.93) uploaded entire Git repositories, including history, unredacted, to a Google Cloud bucket owned by xAI — even files the agent had never read, and unencrypted .env secrets like API keys. On a test repo, roughly 27,800 times more data was transferred than the model needed for the task. xAI quietly stopped the upload shortly after via a server-side flag; Elon Musk promised full deletion of the data already uploaded. — cereblab: What xAI Grok Build CLI actually sends to xAI – a wire-level analysis (Gist): https://gist.github.com/cereblab/dc9a40bc26120f4540e4e09b75ffb547 · The Hacker News: Grok Build Uploaded Entire Git Repositories to xAI Storage, Not Just Files It Read: https://thehackernews.com/2026/07/grok-build-uploads-entire-git.html</description>
    </item>
    <item>
      <title>Meta releases Muse Spark 1.1 and launches its own model API</title>
      <link>https://promptgarten.com/en/feed/#meta-muse-spark-1-1</link>
      <guid isPermaLink="false">meta-muse-spark-1-1</guid>
      <pubDate>Thu, 09 Jul 2026 09:00:00 GMT</pubDate>
      <category>modelle</category>
      <description>Meta has unveiled Muse Spark 1.1, a model for agentic coding and tool tasks with a 1-million-token context that can delegate tasks to sub-agents. Through the new, OpenAI-compatible Meta Model API, developers can access a Meta model on a paid basis for the first time. — Introducing Muse Spark 1.1 and the Meta Model API (Meta AI Blog): https://ai.meta.com/blog/introducing-muse-spark-meta-model-api/ · Meta launches flagship Muse Spark 1.1 model with multi-agent upgrades (SiliconANGLE): https://siliconangle.com/2026/07/09/meta-launches-flagship-muse-spark-1-1-model-multi-agent-upgrades/</description>
    </item>
    <item>
      <title>Researchers demonstrate &quot;Friendly Fire&quot; exploit against Claude Code and Codex CLI</title>
      <link>https://promptgarten.com/en/feed/#friendly-fire-claude-code-codex-exploit</link>
      <guid isPermaLink="false">friendly-fire-claude-code-codex-exploit</guid>
      <pubDate>Wed, 08 Jul 2026 09:00:00 GMT</pubDate>
      <category>security</category>
      <description>The AI Now Institute has published a proof of concept: crafted files in a third-party codebase trick Claude Code (Auto mode) and OpenAI Codex CLI into secretly executing malicious code during what is purportedly a security check. No known attacks in the wild so far, but the trick requires no plugins or MCP servers and affects multiple models from both providers. — Friendly Fire: Hijacking Defensive Cyber AI Agents for Remote Code Execution (AI Now Institute): https://ainowinstitute.org/publications/friendly-fire-exploit-brief · Top AI Agents Built to Catch Malicious Code Can Be Tricked Into Running It (The Hacker News): https://thehackernews.com/2026/07/friendly-fire-ai-agents-built-to-catch.html</description>
    </item>
    <item>
      <title>Claude Code v2.1.207: Auto mode now on by default on Bedrock, Vertex AI, and Foundry</title>
      <link>https://promptgarten.com/en/feed/#claude-code-2-1-207-auto-mode-default</link>
      <guid isPermaLink="false">claude-code-2-1-207-auto-mode-default</guid>
      <pubDate>Sat, 11 Jul 2026 09:00:00 GMT</pubDate>
      <category>tools</category>
      <description>With version 2.1.207, Anthropic enables Claude Code's autonomous Auto mode by default for users of AWS Bedrock, Google Vertex AI, and Azure Foundry too, without requiring an environment flag to be set beforehand. The update also closes a shell injection vulnerability in plugin hooks and makes Claude Opus 4.8 the default model there. — claude-code Release v2.1.207 (GitHub): https://github.com/anthropics/claude-code/releases/tag/v2.1.207 · Claude Code CHANGELOG.md (GitHub, anthropics/claude-code): https://raw.githubusercontent.com/anthropics/claude-code/main/CHANGELOG.md</description>
    </item>
    <item>
      <title>Anthropic extends free Fable 5 access again — now until July 19</title>
      <link>https://promptgarten.com/en/feed/#fable-5-frist-19-07</link>
      <guid isPermaLink="false">fable-5-frist-19-07</guid>
      <pubDate>Sun, 12 Jul 2026 09:00:00 GMT</pubDate>
      <category>modelle</category>
      <description>Anthropic has extended free access to Claude Fable 5 for Pro, Max, Team and premium Enterprise plans for the third time (originally July 7, then July 12, now July 19, 11:59 PM PT) — up to 50% of the weekly quota at no extra cost, announced via an updated support document. Fable 5 burns through the limit faster than other Claude models; once it is used up, you buy credits or switch models. Per Anthropic, Fable 5 is not leaving subscriptions permanently — it is set to return once there is enough compute. — BleepingComputer: Claude Fable 5 stays free for paid users until July 19: https://www.bleepingcomputer.com/news/artificial-intelligence/claude-fable-5-stays-free-for-paid-users-until-july-19-as-anthropic-buys-more-time/</description>
    </item>
    <item>
      <title>Terence Tao has AI agents port 27-year-old math code</title>
      <link>https://promptgarten.com/en/feed/#tao-legacy-port</link>
      <guid isPermaLink="false">tao-legacy-port</guid>
      <pubDate>Sat, 11 Jul 2026 09:00:00 GMT</pubDate>
      <category>tools</category>
      <description>Fields Medalist Terence Tao had an AI coding agent migrate about two dozen old Java applets (written around 1999) to modern JavaScript — in a matter of hours. The agent found two bugs in the original code that Tao himself did not know about; only one minor new bug crept in (a “net wash” for code quality, in Tao’s words). His takeaway: for visual aids, the residual risk of such bugs is low. — Terence Tao: Old and new apps, via modern coding agents: https://terrytao.wordpress.com/2026/07/11/old-and-new-apps-via-modern-coding-agents/</description>
    </item>
    <item>
      <title>Cursor 3.11: side chats and transcript search</title>
      <link>https://promptgarten.com/en/feed/#cursor-3-11-side-chats</link>
      <guid isPermaLink="false">cursor-3-11-side-chats</guid>
      <pubDate>Fri, 10 Jul 2026 09:00:00 GMT</pubDate>
      <category>tools</category>
      <description>Cursor 3.11 (July 10) introduces “Side Chats”: parallel, independent agent conversations next to the main chat — via /side, /btw or the plus button — to resolve side questions without interrupting the main agent. It also adds search across past agent transcripts (Cmd+K in the Agents window) and a project picker that connects GitHub, GitLab and Azure DevOps directly. — Cursor Changelog: https://cursor.com/changelog</description>
    </item>
    <item>
      <title>Claude Code Desktop gets a built-in browser</title>
      <link>https://promptgarten.com/en/feed/#claude-code-desktop-browser</link>
      <guid isPermaLink="false">claude-code-desktop-browser</guid>
      <pubDate>Fri, 10 Jul 2026 09:00:00 GMT</pubDate>
      <category>tools</category>
      <description>Claude Code on desktop (v2.1.202–2.1.206) now has an integrated browser: Claude can open docs, designs or any website, read and click through pages — the same way it handles local dev-server previews. The browser is sandboxed, session persistence is configurable, and safety classifiers review actions on external sites. Also new: /doctor is now a full setup checkup that not only finds issues but fixes them after confirmation. — Claude Code Docs: What’s new (Week 28): https://code.claude.com/docs/en/whats-new/2026-w28</description>
    </item>
    <item>
      <title>Grok 4.5: SpaceXAI and Cursor ship a jointly trained model</title>
      <link>https://promptgarten.com/en/feed/#grok-4-5-cursor</link>
      <guid isPermaLink="false">grok-4-5-cursor</guid>
      <pubDate>Wed, 08 Jul 2026 09:00:00 GMT</pubDate>
      <category>modelle</category>
      <description>SpaceXAI unveiled Grok 4.5 — announced July 8, public since July 9. Musk calls it an “Opus-class” model, “roughly comparable to Opus 4.7, but much faster”; it costs $2/M input and $6/M output tokens (Opus 4.7: $5/$25). Per the Cursor blog it is a mixture-of-experts model trained jointly by Cursor and SpaceXAI — on trillions of tokens of real Cursor usage data — and it runs in Cursor on desktop, web, iOS, CLI and SDK starting now. — TechCrunch: SpaceXAI releases Grok 4.5: https://techcrunch.com/2026/07/08/spacexai-releases-grok-4-5-which-elon-describes-as-an-opus-class-model/ · Cursor Blog: Introducing Grok 4.5: https://cursor.com/blog/grok-4-5 · x.ai: Introducing Grok 4.5: https://x.ai/news/grok-4-5</description>
    </item>
    <item>
      <title>China alleges Claude Code backdoor, Alibaba bans Anthropic tools</title>
      <link>https://promptgarten.com/en/feed/#china-claude-backdoor</link>
      <guid isPermaLink="false">china-claude-backdoor</guid>
      <pubDate>Fri, 10 Jul 2026 09:00:00 GMT</pubDate>
      <category>security</category>
      <description>China's Ministry of Industry and Information Technology (MIIT) warned on 2026-07-08 that Claude Code versions 2.1.91-2.1.196 contained a 'backdoor' capable of sending location and identity data to a remote server without consent, and recommended uninstalling or upgrading. Alibaba instructed employees to stop using Anthropic tools as of 2026-07-10 and switch to Qoder instead. Anthropic said it was an experimental anti-abuse mechanism running since March, aimed at resellers and model distillation - Claude isn't officially available in China at all. The code in question was already removed via pull request on 2026-07-01. Lesson: pin your tool versions and read changelogs. — CNBC: China warns about AI risks with Anthropic's Claude Code: https://www.cnbc.com/2026/07/08/china-anthropic-ai-claude-code-backdoor-security-threat.html · Tom's Hardware: Alibaba bans Anthropic's Claude Code: https://www.tomshardware.com/tech-industry/artificial-intelligence/alibaba-bans-anthropics-claude-code-after-an-alleged-hidden-china-detection-backdoor-is-uncovered-employees-told-to-switch-to-qoder-as-the-rift-between-the-firms-widens</description>
    </item>
    <item>
      <title>Zhipu releases ZCode, a coding harness for GLM-5.2</title>
      <link>https://promptgarten.com/en/feed/#zhipu-zcode</link>
      <guid isPermaLink="false">zhipu-zcode</guid>
      <pubDate>Mon, 06 Jul 2026 09:00:00 GMT</pubDate>
      <category>tools</category>
      <description>Zhipu/Z.ai released 'ZCode', a coding harness for GLM-5.2 - an MIT-licensed open-weight model with a 1 million token context. Zhipu positions the tool as direct competition to Claude Code amid the ongoing China tensions around Anthropic. As a promo, it offers 5 million free tokens, with coding plans starting at around $16 per month. — SCMP: Zhipu AI releases harness for GLM-5.2: https://www.scmp.com/tech/tech-trends/article/3359170/zhipu-ai-releases-harness-glm-52-model-chinese-firm-takes-aim-anthropic</description>
    </item>
    <item>
      <title>Claude Code 2.1.197: background agents auto-commit, new /doctor check</title>
      <link>https://promptgarten.com/en/feed/#claude-code-2-1-197</link>
      <guid isPermaLink="false">claude-code-2-1-197</guid>
      <pubDate>Thu, 09 Jul 2026 09:00:00 GMT</pubDate>
      <category>tools</category>
      <description>Claude Code v2.1.197 introduces background agents that automatically commit, push, and open draft pull requests. It also adds a new /doctor setup check and automatic retry with backoff for transient network errors. — Releasebot: Claude Code updates: https://releasebot.io/updates/anthropic/claude-code</description>
    </item>
    <item>
      <title>MCP specification 2026-07-28 locked as release candidate</title>
      <link>https://promptgarten.com/en/feed/#mcp-spec-2026-07-28</link>
      <guid isPermaLink="false">mcp-spec-2026-07-28</guid>
      <pubDate>Thu, 09 Jul 2026 09:00:00 GMT</pubDate>
      <category>mcp</category>
      <description>The upcoming MCP spec version 2026-07-28 has been frozen as a release candidate since 2026-05-21; the final version ships on 2026-07-28. The core becomes stateless (no session handshake, no Mcp-Session-Id), plus 'MCP Apps' for interactive UIs in sandboxed iframes. Tasks moves into an extension, and a formal deprecation policy requires at least 12 months between deprecation and removal. Note: this release contains breaking changes. — MCP Blog: 2026-07-28 Release Candidate: https://blog.modelcontextprotocol.io/posts/2026-07-28-release-candidate/</description>
    </item>
    <item>
      <title>OpenAI launches the GPT-5.6 family</title>
      <link>https://promptgarten.com/en/feed/#gpt-5-6</link>
      <guid isPermaLink="false">gpt-5-6</guid>
      <pubDate>Thu, 09 Jul 2026 09:00:00 GMT</pubDate>
      <category>modelle</category>
      <description>OpenAI unveiled the GPT-5.6 family: Sol as the flagship ($5/$30 per million tokens), Terra as the mid-tier option ($2.50/$15), and Luna as the cheapest ($1/$6). According to Sam Altman, Sol is 54% more token-efficient on coding tasks. OpenAI claims a Coding Agent Index score of 80 - 2.8 points above Claude Fable 5 - using less than half the output tokens. — TechCrunch: OpenAI launches GPT-5.6 family: https://techcrunch.com/2026/07/09/openai-launches-its-new-family-of-models-with-gpt-5-6/</description>
    </item>
    <item>
      <title>Claude Fable 5: export controls lifted, available worldwide again</title>
      <link>https://promptgarten.com/en/feed/#fable-5-redeploy</link>
      <guid isPermaLink="false">fable-5-redeploy</guid>
      <pubDate>Wed, 01 Jul 2026 09:00:00 GMT</pubDate>
      <category>modelle</category>
      <description>Anthropic launched Fable 5 and Mythos 5 on 2026-06-09, but after Amazon researchers found a jailbreak (the model identified software vulnerabilities and demonstrated exploits), the US government imposed export controls on 2026-06-12. Those controls were lifted on 2026-06-30, and Fable 5 has been available worldwide again since 2026-07-01, with a new safety classifier that blocks the technique in over 99% of cases and routes blocked requests to Opus 4.8. Anthropic considers the jailbreak a borderline case since weaker models produce similar results too - lesson: never build hard on a single model. — Anthropic: Redeploying Fable 5: https://www.anthropic.com/news/redeploying-fable-5</description>
    </item>
    <item>
      <title>Google shuts down Gemini CLI and Code Assist for GitHub</title>
      <link>https://promptgarten.com/en/feed/#gemini-cli-shutdown</link>
      <guid isPermaLink="false">gemini-cli-shutdown</guid>
      <pubDate>Thu, 18 Jun 2026 09:00:00 GMT</pubDate>
      <category>tools</category>
      <description>Google discontinued Gemini CLI and Gemini Code Assist for GitHub as of 2026-06-18 (Code Assist: deprecated 06-18, full shutdown 07-17). The successor is the Antigravity CLI. Google cites a shift in demand toward multi-agent solutions with a unified backend - lesson for CI/CD pipelines: abstract your CLI calls to cushion this kind of tool dependency. — 9to5Google: Gemini CLI shutting down: https://9to5google.com/2026/06/17/gemini-cli-code-assist-shutting-down/</description>
    </item>
    <item>
      <title>SpaceX to acquire Cursor maker Anysphere for $60B</title>
      <link>https://promptgarten.com/en/feed/#spacex-cursor</link>
      <guid isPermaLink="false">spacex-cursor</guid>
      <pubDate>Tue, 16 Jun 2026 09:00:00 GMT</pubDate>
      <category>tools</category>
      <description>SpaceX announced on 2026-06-16 that it will acquire Anysphere (Cursor) for $60B in stock, just days after SpaceX's own IPO (SpaceX went public, not Cursor). Cursor had previously been valued at around $29B. The deal is expected to close in Q3 2026. — TechCrunch: SpaceX to acquire Cursor for $60B: https://techcrunch.com/2026/06/16/spacex-to-acquire-cursor-for-60b-in-stock-days-after-blockbuster-ipo/</description>
    </item>
    <item>
      <title>Claude Opus 4.8 released</title>
      <link>https://promptgarten.com/en/feed/#opus-4-8</link>
      <guid isPermaLink="false">opus-4-8</guid>
      <pubDate>Thu, 28 May 2026 09:00:00 GMT</pubDate>
      <category>modelle</category>
      <description>Anthropic released Claude Opus 4.8 on 2026-05-28. New features include 'Dynamic Workflows' as a research preview (Claude Code orchestrating hundreds of parallel subagents) and Effort Controls, plus noticeably fewer coding bugs than 4.7. Pricing stays at $5/$25 per million tokens, with a new Fast Mode at $10/$50. — Anthropic: Claude Opus 4.8: https://www.anthropic.com/news/claude-opus-4-8</description>
    </item>
    <item>
      <title>Report: AI coding agent deletes production database</title>
      <link>https://promptgarten.com/en/feed/#agent-loescht-db</link>
      <guid isPermaLink="false">agent-loescht-db</guid>
      <pubDate>Fri, 10 Jul 2026 09:00:00 GMT</pubDate>
      <category>security</category>
      <description>According to a report by Tom's Hardware, a Claude-based coding agent (a Cursor tool) deleted a company's entire production database in about 9 seconds - backups included. Lesson: agents need least-privilege access, confirmation gates for destructive actions, and separate backups. — Tom's Hardware: AI coding agent deletes company database: https://www.tomshardware.com/tech-industry/artificial-intelligence/claude-powered-ai-coding-agent-deletes-entire-company-database-in-9-seconds-backups-zapped-after-cursor-tool-powered-by-anthropics-claude-goes-rogue</description>
    </item>
    <item>
      <title>OpenAI launches 'ChatGPT Work', a direct answer to Claude Cowork</title>
      <link>https://promptgarten.com/en/feed/#chatgpt-work</link>
      <guid isPermaLink="false">chatgpt-work</guid>
      <pubDate>Fri, 10 Jul 2026 09:00:00 GMT</pubDate>
      <category>tools</category>
      <description>OpenAI launched &quot;ChatGPT Work&quot; on 2026-07-10 - a 'super-app' built on GPT-5.6 that combines the chatbot with its Codex coding tool, letting users create documents, presentations, and websites. It's a direct answer to Anthropic's 'Claude Cowork' (January 2026, autonomous multi-step tasks). Rollout starts immediately on web and mobile for Pro/Enterprise/Edu, with Plus/Business following 'in the coming days'. Context: GPT-5.6 had previously been delayed at the request of the US government over safety concerns - both companies are fighting hard for enterprise customers. — CGTN: OpenAI unveils super app as rivalry with Anthropic intensifies: https://news.cgtn.com/news/2026-07-10/OpenAI-unveils-super-app-as-rivalry-with-Anthropic-intensifies-1OF7nrvaglG/p.html</description>
    </item>
    <item>
      <title>Why many coding benchmarks are misleading</title>
      <link>https://promptgarten.com/en/feed/#paper-benchmark-misalignment</link>
      <guid isPermaLink="false">paper-benchmark-misalignment</guid>
      <pubDate>Fri, 10 Jul 2026 09:00:00 GMT</pubDate>
      <category>papers</category>
      <description>A position paper argues that classic coding benchmarks blend a model's own performance together with that of its surrounding agent infrastructure into a single score, giving no diagnosis of what actually caused a failure. They also often penalize valid alternative solutions just because they deviate from the expected path. Practical takeaway: don't trust benchmark rankings blindly when picking a tool - test it on your own tasks instead. — arXiv: Position: Coding Benchmarks Are Misaligned with Agentic Software Engineering: https://arxiv.org/abs/2606.17799</description>
    </item>
    <item>
      <title>Study: AI coding agents rarely ask clarifying questions on unclear tasks</title>
      <link>https://promptgarten.com/en/feed/#paper-clareval-agents-dont-ask</link>
      <guid isPermaLink="false">paper-clareval-agents-dont-ask</guid>
      <pubDate>Fri, 10 Jul 2026 09:00:00 GMT</pubDate>
      <category>papers</category>
      <description>The ClarEval benchmark tests how well coding agents ask clarifying questions when instructions are ambiguous, instead of just coding ahead blindly. Result: even top models frequently fail to ask the right question at the right time. Practical takeaway: write your prompts as precisely as possible, and be suspicious when an agent just dives into a vague task instead of asking. — arXiv: ClarEval: A Benchmark for Evaluating Clarification Skills of Code Agents under Ambiguous Instructions: https://arxiv.org/abs/2603.00187</description>
    </item>
    <item>
      <title>Study: a good outcome isn't enough - the process needs to stay controllable</title>
      <link>https://promptgarten.com/en/feed/#paper-procctrlbench-control</link>
      <guid isPermaLink="false">paper-procctrlbench-control</guid>
      <pubDate>Fri, 10 Jul 2026 09:00:00 GMT</pubDate>
      <category>papers</category>
      <description>ProcCtrlBench evaluates coding agents not just on whether they land the right end result, but on whether the process along the way stays interpretable, interruptible, correctable, and reversible - measured across 11 distinct process defect types. It echoes the lesson from incidents like the deleted production database: don't just watch the final output, set up stop points and undo options before letting an agent run. — arXiv: ProcCtrlBench: Evaluating Process-Level Defects and Control Preservation in LLM Coding Agents: https://arxiv.org/abs/2605.20251</description>
    </item>
  </channel>
</rss>
