OpenAI has launched Codex Security (formerly Aardvark), an application security agent that automatically discovers, validates, and fixes vulnerabilities for enterprises and open-source repositories. It first builds a project threat model, then runs PoC validation in a sandbox, and generates contextual patches to reduce false positives. Private testing data shows an 84% reduction in alert noise, 90% decrease in severity misclassification, and over 50% lower false positive rate. In the past 30 days, it scanned over 1.2 million commits, identified 792 critical vulnerabilities and 10,561 high-risk issues, audited OpenSSH, GnuTLS, PHP, Chromium, and assigned 14 CVEs. OpenAI also launched Codex for OSS, offering qualified maintainers access to ChatGPT Pro and audit tools.

Google has released and open-sourced the command-line tool gws, which unifies fragmented APIs across Gmail, Google Drive, and other Workspace services into a single interface, outputting structured JSON to reduce parsing and orchestration costs for AI agents. It supports one-time OAuth authentication and can dynamically read from the Discovery Service to automatically adapt to new APIs. The project includes over 100 pre-built 'agent skills' covering common office automation tasks and explicitly supports Model Context Protocol (MCP), enabling direct invocation by various MCP clients. Labeled as an unofficial example with no guarantees on stability or security, the tool quickly gained over 14,000 GitHub stars, reflecting growing demand for unified enterprise data access points in the agent ecosystem.

Anthropic has launched the Anthropic Marketplace, allowing enterprise customers to allocate part of their annual commitment spending on Anthropic API/services toward purchasing third-party applications built on Claude. Anthropic states it will not take any commission on platform transactions. Founding partners include Snowflake, legal AI firm Harvey, and development platform Replit. The initiative aims to streamline fragmented procurement processes through budget integration while strengthening customer lock-in. This strategy resembles cloud marketplaces but focuses more on ecosystem traffic; however, potential competition between Anthropic’s own products (e.g., Claude Code) and third-party tools may arise. Defining product boundaries and governance rules going forward will impact its enterprise expansion efficiency and partnership stability.

According to Asahi Shimbun, Japan's proposed amendment to the Personal Information Protection Act (PIPA) introduces an exception allowing use of personal data without individual consent for purposes such as 'statistical production or AI model development.' The Personal Information Protection Commission argues that once data is abstracted and statistically processed, re-identification risk is low and rights infringement unlikely. However, experts warn that weakening the consent principle could enable granular profiling and group inference, potentially leading to adverse impacts on specific individuals or groups, and increasing institutional risks from corporate self-determination. If passed, this revision would directly affect the compliance boundary for AI training data and cross-sector data circulation models in Japan.

As reported by Chunichi Web citing a Japanese Ministry of Finance survey, a January–February 2025–2026 survey of 1,103 companies found that 75% are already using AI in operations—up sharply from 11% five years ago. By size, large enterprises show 89% adoption versus 65% among SMEs; by sector, manufacturing at 80%, non-manufacturing at 72%. Primary use cases include document generation and information retrieval, with more complex applications like financial and customer analysis expanding. On outcomes, 91% report reduced working hours due to AI; only 28% say workforce needs have decreased, indicating widespread efficiency gains but limited direct job displacement so far.

Dropbox shared its method for producing relevance data in RAG systems: using a small set of high-quality human 'gold standard' samples to calibrate an LLM judge, which then generates large-scale annotations for training retrieval ranking models—achieving approximately 100x efficiency gain while maintaining accuracy. The process emphasizes mining 'hard errors' (cases where LLM judgment conflicts with real user behavior) to provide stronger learning signals, and allows the LLM to retrieve internal terminology and documents during annotation to reduce misjudgment in enterprise-specific contexts. This practice extends LLM-as-a-Judge from evaluation to data production pipelines, signaling a shift in cost structure for enterprise RAG iteration.

A report based on CISPA audits reveals widespread model substitution and downgrading in the 'Shadow API' gray market: among 24 tested API endpoints, 45.83% failed model fingerprint verification, meaning users may be served cheaper small models despite paying for premium closed-source frontier models. This supply chain profits from information asymmetry, discounted replacements, and resale markups, directly undermining reproducibility in research and applications. The audit also found at least 116 top-tier conference papers used such unreliable interfaces, potentially invalidating comparative results. In high-stakes domains like healthcare and law, accuracy on specialized tasks reportedly dropped from over 80% to around 37% post-replacement, posing unacceptable safety and liability risks.

Lightricks has open-sourced its video generation model LTX-2.3, featuring 'engine-level' upgrades: improved image clarity and high-frequency details via VAE reconstruction; a 4x larger text connector for better complex instruction following; and retrained I2V modules for more natural motion, reducing 'Ken Burns'-style pans, zooms, and jump cuts. This version introduces native vertical video generation, supporting up to 1080×1920 resolution, tailored for short-form content pipelines. Note that VAE reconstruction alters the latent space, making LoRA adapters trained on earlier LTX-2 incompatible with 2.3—developers must retrain adapters. Materials also disclose that LTX-2 has been downloaded nearly 5 million times since its January open release.

Peking University's Li Yuan team has open-sourced the video generation model Helios and the UniWorld-OSP2.0 base model, aiming to achieve real-time generation at larger model scales. Helios uses DMD distillation to compress inference steps down to 4, combined with multi-scale inference and feature caching for acceleration, achieving up to 19.5 FPS on Ascend NPUs. It introduces FlashI2V to address the trade-off between consistency and motion freedom in I2V tasks—mitigating 'condition image leakage' or over-copying—while using frequency-domain guidance to refine details. UniWorld-OSP2.0 emphasizes deep optimization for Ascend hardware and open-sources a 21B base model, providing training and engineering references for controllable, deployable video generation infrastructure.

The team led by Xie Saining has open-sourced Solaris, a video world model designed for multiplayer collaboration, emphasizing cross-view consistency and environmental memory across multiple first-person perspectives in shared environments. They developed SolarisEngine with a communication layer and server plugin to enable synchronized multi-player control and camera coordination, collecting action-labeled multiplayer data for training. On the model side, an enhanced DiT architecture incorporates 'multi-player self-attention,' exchanging information across players along the sequence dimension, enabling tokens from different viewpoints to reference each other and maintain global consistency during denoising. Evaluation includes a multidimensional metric powered by VLMs, assessing movement, positioning, consistency, memory, and construction capabilities, with claims of scalability to arbitrary numbers of players.