Microsoft launched Microsoft 365 Copilot Wave 3, introducing Copilot Cowork—a long-form task executor developed in collaboration with Anthropic Claude—that performs multi-step workflows such as meeting preparation, email handling, and scheduling within enterprise tenants. It leverages Work IQ to inject organizational context, enhancing reliability. Microsoft also announced that Agent 365, its management platform, will become commercially available on May 1 at $15/user/month, alongside the new E7 Frontier Suite priced at $99/user/month, bundling E5, Copilot, and Agent 365. The company revealed that Copilot paid seats have grown over 160% year-on-year, with daily active usage increasing tenfold.

Anthropic has filed a lawsuit against the U.S. Department of Defense (DoD), seeking to overturn its designation as a 'supply chain risk.' The company claims the ban is linked to its public stances against mass domestic surveillance and fully autonomous weapons—its stated 'red lines'—and alleges unlawful retaliation violating the First and Fifth Amendments. Previously, the DoD directed federal agencies to cease using Claude-related technologies within six months, triggering termination of collaborations across multiple departments and supply chain compliance pressures. This case brings frontier model governance disputes into the judicial arena, potentially shaping future boundaries of government procurement and defense-sector AI partnerships.

UK-based AI data center startup Nscale has completed a $2 billion Series C round, raising its valuation to $14.6 billion. The round was co-led by Aker ASA and 8090 Industries, with participation from NVIDIA, Citadel, Dell, Lenovo, and Nokia. Founded in 2024, Nscale specializes in vertically integrated AI infrastructure—including GPU computing, networking, data services, and orchestration software—and operates data centers across North America, Europe, and Asia. The company also announced the addition of Sheryl Sandberg, Nick Clegg, and Susan Decker to its board. Reports indicate a $14 billion expansion partnership with Microsoft and a joint project with OpenAI in Norway called Stargate; an IPO is planned for the future.

CoreWeave stated during a conference that driven by 'insatiable' AI demand, its compute capacity for 2026 is nearly fully booked. Its customer base has expanded from AI labs to cloud hyperscalers and large enterprises, with contract durations extending to 5–6 years, covering multiple generations of GPUs including A100, H100, H200, and Blackwell. The company provided capital expenditure guidance of $30–35 billion (midpoint $32.5B) and expects deployment completion to yield contribution margins around 25%, with Q1 marking the lowest profit point. It currently operates 43 sites, plans power procurement 12–18 months ahead, and is exploring external sales of its software stack to improve margins.

Open-source AI application and agent workflow platform Dify announced a $30 million Pre-A funding round, achieving an $180 million valuation. The round was led by HSG, with participation from GL Ventures and 5Y Capital. Since its launch in 2023, the open-source version has run on over 1.4 million devices, while the commercial version is used by 280 enterprises and over 2,000 teams to build production-grade applications, including clients like Maersk, ETS, Anker, and Novartis. Dify offers visual workflow orchestration, prompt and tool management, knowledge retrieval, debugging, and API deployment. The funds will be used to enhance core agent capabilities, expand enterprise performance and compliance teams, and lower adoption barriers.

CACI International announced the completion of its $2.6 billion all-cash acquisition of ARKA Group. CACI states the deal advances its geospatial intelligence and national security space capabilities by acquiring electro-optical/infrared (EO/IR) and hyperspectral imaging sensor technologies, and integrating ARKA’s Agentic AI-powered software for enhanced multi-source intelligence processing and mission support. Over 1,100 ARKA employees will join CACI, expanding its talent pool and delivery capacity for projects within the intelligence community, U.S. Space Force, and DoD. The transaction signals a shift among traditional IT service providers toward deeper vertical integration of 'sensors + agent AI software'.

Databricks launched Kasal, a 'Databricks-native, UI-first' multi-agent workflow framework offering drag-and-drop canvas and conversational assistant features, enabling both non-technical users and engineering teams to uniformly model, deploy, and monitor multi-agent systems. Kasal deeply integrates with the Databricks ecosystem: leveraging MLflow for tracking and observability, Vector Search for memory/retrieval, and Databricks Apps for deployment in governed environments with existing authentication and governance policies. A key feature is one-click export from visual prototypes to standard Python code or Notebooks, facilitating engineering extension and integration with external MCP servers, reducing the prototype-to-production gap.

IBM has released and open-sourced the Granite 4.0 1B Speech multimodal speech-language model, optimized for edge device deployment with multilingual ASR and bidirectional speech translation (AST). Licensed under Apache 2.0, it natively supports Transformers and vLLM. IBM claims this 1B-parameter model outperforms its previous 2.2B version in transcription accuracy and inference efficiency, enhanced by speculative decoding for faster real-time performance. It also introduces keyword biasing, allowing bias toward enterprise-specific abbreviations and proper nouns to reduce missed recognitions. The model ranks highly on OpenASR benchmarks, highlighting the viability of 'small models + engineering optimization' for on-device speech applications.

Cloudflare has introduced a 'stateful' API vulnerability scanner targeting logic flaws traditionally hard to detect via DAST tools, such as BOLA. The system converts OpenAPI specifications into executable API call graphs and automatically progresses through multi-step sequences like 'resource creation → permission validation → privilege escalation attempts.' When documentation is incomplete or ambiguous, LLMs infer endpoint dependencies, field naming, and data relationships, minimizing manual configuration. To mitigate credential exposure risks from active scanning, the solution uses HashiCorp Vault Transit to encrypt credentials, decrypting them only within a restricted Rust execution environment before issuing final requests—advancing 'active defense' through automation and engineering rigor.

Researchers have published a proof-of-concept (PoC) demonstrating that when llama.cpp's llama-server defaults to mmap-ing model files with MAP_SHARED, an attacker with local file write access can modify quantized GGUF weights on disk. After kernel page cache synchronization, the server reads the altered weights, enabling 'persistent' manipulation of model outputs. For example, by amplifying scaling factors in output.weight corresponding to specific tokens, their logits are systematically boosted, dominating generation results—without requiring ptrace, process injection, or restarts. Mitigation recommendations include mounting models as read-only, restricting file permissions, or using the --no-mmap flag, though the attack depends on specific conditions related to quantization format and tensor layout.