2026 · 05 · 17 · Sun

Updates for 5/17

Two AI firms were hit by supply-chain attacks the same day — update macOS ChatGPT now; Mistral had ~450 repos stolen. Claude Pro splits agent quota in June.

A · Theme of the day

Two AI firms hit by supply-chain attacks same day

Mistral and OpenAI hit the same day; macOS ChatGPT users must update now.

macOS ChatGPT / Codex users must update by June 12

ChatGPTChatGPT
Compared to before

Last week malicious code was found in TanStack npm packages; OpenAI now confirms two employee endpoints were compromised. Only the macOS desktop apps are affected.

What changed

TanStack npm supply-chain attack compromised 2 OpenAI employee endpoints; macOS ChatGPT/Codex users must update by June 12, 2026

Why it matters

If you use ChatGPT or Codex on macOS, update today rather than waiting for June 12. Web and Windows users are unaffected; IT teams with macOS fleets should patch first.

Mistral confirms 5GB breach across ~450 internal repos

MistralMistral
Compared to before

Researchers had tracked attacks on European AI firms' repos for ~3 months; this is the first confirmed Mistral breach. Stolen code includes training and inference pipelines.

What changed

Supply-chain attack (TeamPCP via Shai-Hulud) exfiltrated ~5GB across ~450 internal repos with a $25,000 demand; user data and hosted services unaffected

Why it matters

Mistral says user data and production services are unaffected, so most users need do nothing. If you build commercial services on Mistral, watch for official follow-ups.

B · Theme of the day

Claude Pro splits agent quota into its own lane next month

From June 15, Agent SDK calls draw on a separate $20/mo credit pool.

Claude Pro splits agent usage into its own $20 credit from June 15

ClaudeClaude
Compared to before

Until now Agent SDK calls and chat shared one Pro quota, so overnight batch jobs could eat daytime chat headroom — a recurring complaint since Cowork went GA last month.

What changed

From 2026/6/15, programmatic use (Agent SDK / claude -p, incl. third-party tools) gets a separate $20/mo credit for Pro; chat/Claude Code/Cowork unchanged

Why it matters

Agent SDK users can stop worrying about draining chat quota. The $20 credit is a hard cap though — estimate your monthly usage before June 15, since calls stop once it runs out.

C · Theme of the day

OpenAI quietly folds celebrity voice-clone tech in-house

Weights.gg's voice-cloning team joins OpenAI; no standalone product planned.

OpenAI acquires Weights.gg, known for celebrity voice clones

GPT (OpenAI)GPT (OpenAI)
Compared to before

OpenAI had avoided specific-person voice replication, focusing on real-time voice and the TTS API. Weights.gg offered celebrity voice clones and drew criticism from ethicists.

What changed

Acquired Weights.gg, a startup known for celebrity AI voice clones (~6-person team joins OpenAI; no plans for a standalone cloning product)

Why it matters

No standalone product means nothing changes for users today; the tech will likely feed into future ChatGPT voice or TTS features. Worth tracking if your voice is your livelihood.

Archive

Past updates

A daily archive of changes actually applied to the site.