April 10, 2026 is marked by three announcements of varying scale: OpenAI publishes a full analysis of a security incident involving the Axios library, GitHub Copilot CLI takes a major step forward with support for third-party models and offline mode, and ElevenLabs completes its enterprise offering with a fully local deployment. At the same time, Anthropic announces Claude for Word in beta and the advisor tool, GitHub enhances its Copilot cloud agent, and Googleโs Lyria 3 opens long tracks to everyone.
OpenAI: supply chain compromise via Axios
April 10, 2026 โ OpenAI publishes its response to a security incident involving Axios, a third-party JavaScript library victim of a broader software supply chain attack.
What happened
On March 31, 2026 (UTC), a malicious version of Axios (v1.14.1) was downloaded and executed by a GitHub Actions workflow used in OpenAIโs macOS app signing process. This workflow had access to a signing certificate and notarization material used to sign four applications: ChatGPT Desktop, Codex App, Codex CLI, and Atlas.
โWe found no evidence that OpenAI user data was accessed, that our systems or intellectual property was compromised, or that our software was altered.โ โ OpenAI on X
Actions taken
OpenAI commissioned a third-party digital forensics and incident response firm, revoked and renewed the macOS signing certificate, released new versions of all affected applications, and fixed the GitHub Actions misconfiguration โ the workflow used a floating tag instead of a specific commit hash, the flaw that allowed the malicious version to be injected.
Minimum required versions (new certificate)
| Application | Minimum version |
|---|---|
| ChatGPT Desktop | 1.2026.051 |
| Codex App | 26.406.40811 |
| Codex CLI | 0.119.0 |
| Atlas | 1.2026.84.2 |
Starting May 8, 2026, older versions of OpenAIโs macOS applications will no longer receive updates and may become nonfunctional. OpenAI recommends updating only through built-in mechanisms โ not from emails, ads, or third-party sites.
๐ OpenAI response to Axios compromise
GitHub Copilot CLI: BYOK, local models, and offline mode
April 7, 2026 โ GitHub Copilot CLI opens up to all models: developers can now connect their own provider (Bring Your Own Key, BYOK) or run fully local models, replacing GitHub-hosted routing.
Three new modes
| Mode | Description |
|---|---|
| External provider | Environment variables for Azure OpenAI, Anthropic, or any OpenAI-compatible endpoint |
| Local models | Compatible with Ollama, vLLM, Foundry Local โ inference on the machine |
| Offline mode | COPILOT_OFFLINE=true disables all GitHub contact and telemetry |
Offline mode combined with a local model enables workflows fully isolated from the network โ a use case for air-gapped environments. With their own provider, GitHub authentication becomes optional; GitHub login remains available to access /delegate, GitHub Code Search, and the GitHub MCP server.
Requirements: the model must support tool calling and streaming. Minimum recommended context: 128k tokens.
๐ Copilot CLI โ support for BYOK and local models
ElevenLabs: voice AI in local deployment (on-premise and on-device)
April 9, 2026 โ ElevenLabs announces the availability of its voice synthesis technology in fully local deployment, complementing its existing cloud API and VPC modes.
Four deployment modes
| Mode | Infrastructure | Ideal use case |
|---|---|---|
| Cloud API | Standard ElevenLabs platform | General use |
| VPC | AWS SageMaker | Organizations keeping data in their cloud |
| On-Premise | Own servers / data center / Confidential Computing | Government agencies, regions without validated cloud |
| On-Device | Inference directly on hardware, no network | Automotive, wearables, edge computing |
The on-device mode is particularly notable: inference runs offline, directly on the hardware. Automakers integrating onboard AI voice in their vehicles are the main target, alongside wearable manufacturers and any use case requiring voice response without connectivity.
With these four modes, ElevenLabs now covers the full spectrum of enterprise environments โ including defense, healthcare, and transportation sectors, historically reluctant to adopt pure cloud solutions.
๐ Enterprise Voice AI deployed locally โ ElevenLabs
Anthropic: Claude for Word beta and advisor tool
Claude for Word โ beta on Team and Enterprise plans
April 10, 2026 โ Claude for Word is available in beta on Team and Enterprise plans. The plugin installs in the Microsoft Word sidebar and lets users draft, edit, and review documents directly from the interface. Claude preserves existing formatting, and changes appear as tracked changes to make human review easier before approval.
One feature sets this plugin apart from other Office integrations: Claude for Word shares context with Claude for Excel and Claude for PowerPoint, allowing Claude to work on several open Office documents simultaneously in a single conversation. Claude for Word thus completes Claudeโs Office suite alongside Claude for Excel (already available) and Claude for PowerPoint.
๐ Claude for Word ยท Tweet @claudeai
Advisor tool โ advisor-executor strategy in API beta
April 9, 2026 โ Anthropic launches the advisor tool in beta on the Claude Platform, a native implementation of the advisor-executor strategy (advisor strategy) in the Messages API.
The principle reverses the usual orchestration pattern: Sonnet or Haiku acts as executor (it handles the task end to end, calls tools, maintains memory), while Opus is declared advisor. The executor can consult Opus occasionally for complex decisions, without delegating the entire task to it.
| Benchmark | Improvement |
|---|---|
| SWE-bench Multilingual | +2.7 pts |
| BrowseComp | Measured improvement |
| Terminal-Bench 2.0 | Measured improvement |
| Cost per task | -11.9 % |
Implementation: declare advisor_20260301 in the tool list, with the beta header anthropic-beta: advisor-tool-2026-03-01. Opus tokens are billed separately at the Opus rate.
On BrowseComp, Haiku + Opus advisor even outperforms Sonnet alone, opening the door to less costly architectures without quality loss on complex tasks.
๐ The Advisor Strategy โ Anthropic Blog ยท Advisor tool documentation
Claude Cowork โ general availability and Enterprise controls
April 9, 2026 โ Claude Cowork reaches general availability on all paid plans (Pro, Max, Team, Enterprise), on macOS and Windows.
For Enterprise deployments, Anthropic introduces a set of organization controls:
| Feature | Description |
|---|---|
| Role-based access control | User groups managed manually or via SCIM |
| Group spending limits | Team budgets configurable from the admin console |
| Usage analytics | Cowork activity in the admin dashboard and Analytics API |
| Extended OpenTelemetry support | Events for tool calls, files read/modified, skills used |
| MCP connector controls | Action restrictions by connector at organization level |
| Zoom MCP connector | Zoom launches a dedicated connector for Cowork |
A deployment webinar with PayPal is scheduled for April 16, 2026.
๐ Claude Cowork for Enterprise
GitHub Copilot: cloud agent and security
Copilot Pro+ โ retirement of Opus 4.6 Fast and new rate limits
April 10, 2026 โ GitHub Copilot Pro+ introduces new rate limits in response to rapid usage growth. Two types of limits will be rolled out gradually: global service reliability limits (reset at the end of the current session) and model- or model-family-specific limits (with a switch to an alternative model or Auto mode possible).
At the same time, Opus 4.6 Fast is being retired from Copilot Pro+ as of April 10, 2026. Standard Opus 4.6 remains available. GitHub emphasizes that these limits are intended to ensure a fast and reliable experience for all users.
๐ New limits and retirement of Opus 4.6 Fast โ GitHub
Copilot cloud agent โ validation tools 20% faster
April 10, 2026 โ Validation tools for the Copilot cloud agent (CodeQL, GitHub Advisory Database, secret scanning, Copilot code review) now run in parallel rather than sequentially, reducing validation time by 20%. The tools are configurable from repository settings (Copilot โ Cloud agent section).
๐ Validation tools 20% faster
Copilot cloud agent โ usage metrics and official renaming
April 10, 2026 โ The Copilot usage metrics API adds three new fields to track Copilot cloud agent adoption at the enterprise and organization level:
daily_active_copilot_cloud_agent_usersweekly_active_copilot_cloud_agent_usersmonthly_active_copilot_cloud_agent_users
These fields are available in 1-day and 28-day reports. GitHub is also formalizing the renaming: โCopilot coding agentโ becomes โCopilot cloud agentโ throughout the documentation and API โ existing data fields will be updated in the coming weeks.
๐ Copilot cloud agent metrics
Ask Copilot in security assessments
April 9, 2026 โ Organization administrators and security managers can now query Copilot directly from secret risk assessment or Code Security risk assessment results, without leaving the GitHub security dashboard. The integration provides contextual explanations and guided steps to act on the findings.
๐ Ask Copilot in security assessments
Google Gemini: Lyria 3 and Google Finance
Lyria 3 โ free long tracks and 100 million songs
April 9, 2026 โ Gemini App rolls out long music track creation with Lyria 3 for all users, including free ones. Previously reserved for subscribers, long tracks are now available at a rate of 5 free tracks per week. The announcement coincides with the milestone of 100 million songs generated in 50 days via Gemini App.
To get started: open Gemini on desktop or mobile, select โCreate musicโ in the toolbar, describe the song, and generate.
๐ Tweet @GeminiApp โ Lyria 3
Google Finance in 100+ countries via Gemini App
April 10, 2026 โ The Google Finance tool integrated into Gemini App is now available in more than 100 countries, with improved charts and expanded real-time data for financial analysis in chat. Previously available in a limited geographic area.
๐ TGIF recap @GoogleAI
OpenAI Codex: โBuild macOS Appsโ macOS plugin
April 10, 2026 โ OpenAI officially announces the โBuild macOS Appsโ plugin for Codex, designed by Thomas Ricouard, an iOS/macOS developer who joined the OpenAI team in March 2026. The plugin gives Codex default settings to build native macOS apps with SwiftUI and AppKit, teaching it desktop-native conventions rather than treating macOS as a generic Swift target.
| Need | Default configured tools |
|---|---|
| Build and packaging | xcodebuild, swift build, App Store Connect CLI |
| Debug | Logger, log stream, swift test, xcodebuild test |
| Distribution | Xcode archive + scripted notarization |
Thomas Ricouard showed Codex building TetrisBar โ a playable Tetris in the macOS menu bar โ with the new plugin.
๐ Build for macOS โ Codex use cases ยท Tweet @OpenAIDevs
Runway: Seedance 2.0 and Big Ad Contest
Seedance 2.0 available on all paid plans
April 9, 2026 โ Runway opens access to Seedance 2.0 to all of its paid plans, including the United States. The video generation model accepts different types of inputs: image, existing video, text description, or audio fragment. Promo code SEEDANCE : 50% off for 3 months for new subscribers.
๐ Tweet @runwayml โ Seedance 2.0
Big Ad Contest โ 25 winners announced
April 10, 2026 โ Runway announces the 25 winners of its โBig Ad Contest for Products That Donโt Exist,โ the first edition of this creative competition open to the community. Thousands of ads were submitted across different genres, briefs, and formats. The top 5 ads are published in video.
๐ Tweet @runwayml โ Big Ad Contest
What this means
April 10 highlights two trends that are becoming more established. The first is the enterprise maturity of AI: ElevenLabs on-device, Claude Cowork GA with SCIM and OpenTelemetry controls, Copilot cloud agent with tracking metrics โ the tooling is becoming more structured for large-scale deployments in constrained environments (defense, healthcare, automotive). The second is the opening up of CLIs: Copilot CLI BYOK and offline mode mean developers are no longer captive to a single vendor and can build fully air-gapped workflows.
The Axios incident at OpenAI also recalls a well-documented systemic risk: CI/CD pipelines that pin dependencies by a floating tag rather than by commit hash are exposed to this kind of injection. The technical fix (switching to a specific commit hash in GitHub Actions workflows) is simple โ but the incident shows that even large organizations make this mistake.
Sources
- OpenAI โ response to the Axios compromise
- X thread @OpenAI โ Axios
- GitHub Copilot CLI โ BYOK and local models
- ElevenLabs โ Enterprise Voice AI deployed locally
- Claude for Word
- Tweet @claudeai โ Claude for Word
- The Advisor Strategy โ Anthropic
- Documentation advisor tool
- Tweet @claudeai โ Advisor Strategy
- Claude Cowork for Enterprise
- Tweet @claudeai โ Cowork GA
- Copilot Pro+ โ new limits and retirement of Opus 4.6 Fast
- Copilot cloud agent โ validation tools 20% faster
- Copilot cloud agent โ API usage metrics
- Ask Copilot in security assessments
- Tweet @GeminiApp โ Lyria 3
- TGIF recap @GoogleAI โ Google Finance 100+ countries
- Build for macOS โ Codex
- Tweet @OpenAIDevs โ macOS Plugin
- Tweet @runwayml โ Seedance 2.0
- Tweet @runwayml โ Big Ad Contest
This document was translated from the fr version into en using the gpt-5.4-mini model. For more information about the translation process, see https://gitlab.com/jls42/ai-powered-markdown-translator