Anthropic Launches Project Glasswing, Commits $104M to Open Source Security — Anthropic unveiled Project Glasswing, an initiative that gives a coalition of tech giants — including AWS, Apple, Google, Microsoft, and NVIDIA — early access to Claude Mythos Preview, an unreleased frontier model that has already discovered thousands of high-severity vulnerabilities across every major OS and browser. Anthropic is committing $100M in usage credits and $4M in direct donations to open-source security organizations. The model won’t be generally available; instead, access is being extended to 40+ organizations that maintain critical open-source infrastructure.
GLM-5.1 Becomes First Open Source Model to Top SWE-Bench Pro — Z.ai (formerly Zhipu AI) released GLM-5.1 under the MIT license, a 744B-parameter mixture-of-experts model with 40B active parameters. It scored 58.4 on SWE-Bench Pro, beating GPT-5.4 and Claude Opus 4.6 — the first time an open-source model has surpassed all closed-source competitors on a real-world code repair benchmark. With a 200K token context window and up to 8 hours of autonomous execution, this is a milestone for open-weight models in agentic coding.
Microsoft Open-Sources Harrier Embedding Models Under MIT License — The Bing team released Harrier, a family of decoder-only multilingual embedding models in three sizes (270M, 0.6B, 27B). The flagship 27B variant scored 74.3 on multilingual MTEB-v2, claiming the #1 spot and outperforming proprietary models from OpenAI and Amazon. With 32K context support and training on 2B+ examples, Harrier is immediately useful for anyone building search, retrieval, or RAG pipelines.
Google Releases Gemma 4 Under Apache 2.0 — Google shipped Gemma 4, the first models in the Gemma family to use the OSI-approved Apache 2.0 license. The family includes four variants up to 31B parameters with native multimodal support for text, images, and audio. Switching to Apache 2.0 removes friction for commercial adoption and is a notable signal from Google about embracing true open-source licensing.
Meta Preparing to Open-Source New AI Models — According to Axios, Meta plans to release open-source versions of its next-generation AI models, developed under Alexandr Wang following a reported $14B deal. The models reportedly use improved training techniques and rebuilt infrastructure to achieve competitive performance at smaller sizes.
Critical Apache Traffic Server Vulnerabilities Patched — Two serious flaws in Apache Traffic Server were disclosed and patched. CVE-2025-58136 (CVSS 7.5) allows a single HTTP POST to crash the entire server. CVE-2025-65114 enables HTTP request smuggling through malformed chunked transfer encoding. Both affect ATS 9.x and 10.x branches with no workaround for the smuggling flaw — upgrading is the only fix.
Marimo Notebook RCE Exploited Within Hours of Disclosure — CVE-2026-39987, a pre-auth remote code execution vulnerability (CVSS 9.3) in Marimo, the open-source Python notebook for data science, was exploited in the wild within 10 hours of public disclosure. A cautionary tale about the speed at which open-source vulnerabilities get weaponized.
WordCamp Asia 2026 Puts Open Source Collaboration Center Stage — WordPress’s biggest Asian community event is running April 9–11 in Mumbai, with sessions focused on AI integration, enterprise WordPress, and open-source collaboration models.