All Articles

How Compresr's Context Gateway solves context exhaustion for AI agents

Compresr's YC-backed Context Gateway is a proxy between AI agents and LLM APIs. Its three pillars - preemptive summarization, tool output compression, and tool discovery - reduce wasted context-window usage.

Sakura AI Engine lets you use a free LLM API 3,000 times a month

Sakura Internet's Sakura AI Engine is an OpenAI-compatible LLM inference platform hosted entirely in Japan. It includes a free tier with 3,000 text requests per month and supports models such as Kimi-K2.5 and gpt-oss-120b.

CISA adds five Craft CMS, Laravel, and Apple WebKit flaws to KEV, with an April 3 patch deadline

Five vulnerabilities confirmed exploited by MuddyWater and DarkSword were added to the KEV catalog. Craft CMS is a CVSS 10.0 zero-day that has seen active exploitation since February, and Laravel Livewire is being used by MuddyWater against Middle East infrastructure.

PolyShell flaw in Magento's REST API enables unauthenticated RCE

A Magento product-option API bug allows unauthenticated uploads of polyglot files that execute PHP code. In nginx 2.0.0-2.2.x environments it becomes full RCE; in other setups it can lead to XSS and account takeover.

TrustedSec reveals four techniques to authenticate Azure Entra ID sign-in logs without recording them

All four methods to avoid Azure Entra ID sign-in logs by exploiting SQL column overflow in RoPC flow have been disclosed. GraphGoblin issues access tokens valid with CVSS v4.0=8.7.

Cursor Composer 2 turned out to be Kimi K2.5 with coding-focused RL

Cursor released Composer 2 without disclosing its base model; calling its OpenAI-compatible API revealed it is Kimi K2.5. This escalated into a licensing dispute, but a formal commercial agreement with Moonshot AI was subsequently confirmed.

MoonshotAI (Kimi) proposed AttnRes to replace Transformer's residual connection with Attention, 1.25 times more computationally efficient.

AttnRes to replace Transformer's fixed residual combination with softmax attention in the depth direction. Demonstration with Kimi Linear 48B improved GPQA-Diamond +7.5pt and HumanEval +3.1pt. Training overhead was kept below 4% and inference below 2%.

FSF Receives Notice of Settlement in Bartz v. Anthropic Copyright Lawsuit, Statement on Unauthorized Learning of GNU FDL Licensed Works

Bartz v. Anthropic, a class action lawsuit over learning through unauthorized downloading from LibGen, etc., reaches settlement. FSF, as the copyright holder of the GNU FDL works, received the settlement notice and announced its position demanding disclosure of the training data model for LLM learning.

LangFlow's CVE-2026-33017 was already being exploited within 20 hours of disclosure

A CVSS 9.3 unauthenticated RCE in LangFlow was confirmed in real-world attacks within 20 hours of public disclosure.

Anthropic legally removed Claude integration from OpenCode, Astral acquired by OpenAI

On March 19, 2026, Anthropic took legal action against OpenCode to remove the OAuth integration. On the same day, Python toolchain Astral announced that it was joining OpenAI's Codex team. The formation of AI coding tools was activated in one day.

Claude Code Channels lets external services push events into a session

Claude Code v2.1.80 introduced the research preview feature Channels, which lets Telegram and Discord send live instructions into a Claude Code session through MCP. This article summarizes the bidirectional design and security model.

Google engineers release “Sashiko”, an AI code review system for Linux kernel

An AI system that automatically reviews Linux kernel patches. Detected 53.6% of known bugs that passed human review. Rust implementation supports both Gemini and Claude.