AI Daily — Apr 17, 2026

The coding agent war went full contact yesterday. OpenAI turned Codex into a desktop-controlling work agent and openly called it a superapp. Anthropic shipped Claude Opus 4.7 with benchmark-leading scores and quietly higher real-world costs. And the White House started building procurement rails to hand Mythos — the model Anthropic decided was too dangerous to release publicly — to federal agencies, even as the Pentagon still treats the company that built it as a supply chain threat. The story isn't any single model. It's that the most capable AI systems are now being simultaneously sold as productivity tools, weaponized for cybersecurity, and negotiated into government hands — all in the same news cycle.

• Claude Opus 4.7 (Anthropic): New flagship model with SWE-bench Pro at 64.3% as of its April 16, 2026 release, 3x higher image resolution (2,576px on the long edge), a new xhigh reasoning tier, and public-beta task budgets to cap runaway compute.
• Codex "Super App" Update (OpenAI): Background macOS desktop control, in-app browser, image generation via gpt-image-1.5, and 111 new plugins — positioned as a general work agent, not just a coding tool.
• NVIDIA Nemotron 3 Super (NVIDIA): 120B-parameter open hybrid MoE activating only 12B parameters, with 1M context and reported ~2.2x throughput vs GPT-OSS-120B in NVIDIA's announcement — an efficiency play for affordable multi-agent compute.
• Gemma 4 31B Instruct (Google): Instruct-tuned open model with long-context support and native function-calling primitives, gaining rapid adoption for local and edge deployments.
• Qwen3.6-35B-A3B (Alibaba): 35B-parameter MoE activating ~3B parameters, explicitly targeting agentic coding workflows — open-source pressure on the premium coding stack from below.

The model Anthropic decided was too dangerous to release publicly is being negotiated into the hands of the U.S. government — by agencies whose own defense establishment has officially classified the company that built it as a supply chain threat.

Gregory Barbaccia, federal chief information officer at the White House Office of Management and Budget, emailed Cabinet department officials Tuesday that OMB is setting up protections to allow agencies to begin using Mythos, according to Bloomberg. The email doesn't provide a timeline — it tells top technology and cybersecurity chiefs to expect more information "in the coming weeks," per Yahoo Finance's reporting.

The reason agencies want it: equipping an individual hacker with the model would likely be "a transformation equivalent to turning a conventional soldier into a special forces operator," according to the government's own framing reported by Yahoo Finance. Civilian agencies like the Departments of Energy and Treasury want Mythos to find where companies and local governments are vulnerable to cyberattacks — particularly from China targeting the energy grid.

The political situation is genuinely strange. One administration official told Axios: "All the intel agencies use Anthropic. Every agency except War wants to. That's because Anthropic doesn't want to kill people and War's position is 'don't tell us what to do.'" The government is effectively splitting Anthropic in two: a civilian AI partner and a Pentagon adversary — and that split is now formalized in policy.

If this access expands as signaled, it creates a two-tier AI market: one for civilian infrastructure defense, one for military use. If it stalls, it means the Pentagon's blacklist has more gravitational pull than the intelligence community's appetite. Watch whether the "supply chain risk" designation gets quietly walked back in the next 60 days.

Codex now has three million weekly users and is adding a million per month. OpenAI's Head of Codex, Thibault Sottiaux, described the strategy to The New Stack: "We're actually doing the sneaky thing where we're building the superapp out in the open — and evolving it out of Codex."

Today's update makes that literal. Codex now controls macOS desktop applications in the background — clicking, typing, and operating apps autonomously. It can design front-end layouts, create gaming assets, draft product concepts, browse the web, and generate images, per Republic World's reporting. With over 90 integrated plugins spanning Atlassian to Microsoft Suite, it's positioned as a full work agent.

Inside OpenAI, more than 80% of the company already uses Codex for non-engineering tasks — writing weekly briefs, synthesizing feedback, drafting product requirements, and reviewing contracts — as of April 2026, per The New Stack.

If Codex's breadth strategy works, it becomes the default surface where knowledge work starts — the Maps-built-into-every-phone moment for AI agents. If it doesn't, the tool sprawl across CLI, web, IDE, and desktop fragments the user experience. The signal to watch: whether enterprise procurement treats Codex and Claude Code as substitutes or complements.

Anthropic's new flagship landed yesterday. SWE-bench Pro jumped roughly 11 points to 64.3% on its April 16, 2026 release. SWE-bench Verified hit 87.6% on release. Cursor reported its internal benchmark jumped from 58% to 70% as of the release. Notion reportedly saw a 14% lift on internal evals with one-third of tool errors (as reported on release), according to community tracking by Latent Space.

The vision upgrade is the sleeper story. Maximum image resolution tripled to 2,576 pixels on the long edge — roughly 3.75 megapixels, per Anthropic's technical documentation. That matters enormously for agents reading dense screenshots, analyzing charts, or doing computer-use tasks.

Here's the catch people are missing: the new tokenizer can inflate raw token counts by 1.0–1.35x on the same input, per Anthropic's own documentation. Pricing stays at $5/$25 per million tokens, but your bill goes up if your workload hits the upper range. Some early users report end-to-end token use falling because the model reasons more tightly — but that's workload-dependent, not guaranteed.

There's also a behavioral shift that will break things quietly. Opus 4.7 is noticeably more literal in following instructions, per Decode the Future's technical breakdown. Think of it like upgrading a contractor who used to fill gaps in your instructions with judgment — the new one does exactly what you wrote, nothing more. Teams running Claude in automated pipelines without human review will hit this before they realize it.

If the efficiency gains hold broadly, Anthropic has delivered a genuine step-function improvement at flat pricing. If the tokenizer inflation dominates in practice, enterprise teams will face surprise cost increases that erode the benchmark story. Watch API cost reports from heavy users over the next two weeks.

Google shipped Chrome "Skills" — the first time a browser vendor has offered persistent, reusable AI workflows as a native feature. Save a Gemini prompt as a one-click action, trigger it across multiple tabs simultaneously, and the browser becomes a retrieval-and-execution system. Confirmation gates block high-impact actions like sending emails or creating calendar events without explicit approval.

This effectively moves prompt templating from backend developer code into the browser UI. A curated library of pre-made Skills ships alongside the feature — analyzing product ingredients, picking gifts within budget constraints, scanning long documents. TechCrunch framed it similarly, emphasizing that living inside Chrome lowers distribution friction enough to make agents mainstream.

If Skills reaches significant adoption, it forces every browser vendor and many SaaS companies to ship agent frameworks or risk losing the surface where work starts. If it doesn't, it means users aren't ready to trust automated workflows in their browser — and the agent-in-every-tab thesis has a timing problem. Watch whether Google expands beyond English-US before the end of Q2 2026; that's the signal it's moving from experiment to infrastructure.

The story behind Notion's Custom Agents launch matters more than the feature itself. In a detailed interview on the Latent Space podcast, Simon Last and Sarah Sachs described rebuilding the agent architecture four or five times since late 2022 — first as a JavaScript coding agent, then custom XML tool-calling, then markdown-based formats, then SQL-light database queries, then progressive tool disclosure with over 100 tools.

The core lesson, per Last: "Give models what they want, not what's convenient for your system." Notion abandoned its own block-based XML format because models didn't know it. They switched to markdown and SQL-light because models already understood those formats. They created a "Model Behavior Engineer" role — people with linguistics and data science backgrounds who write evals that intentionally pass only ~30% of the time, so the company can see where capability is heading rather than just confirming what already works.

The practical result: agents that can self-test, self-fix, and operate with granular permissions inside Notion, with "manager agents" coordinating dozens of specialists. Memory is just pages and databases — no special infrastructure.

If this architecture scales, Notion becomes the system of record that agents write to and read from — the place where collaboration data lives regardless of which model powers the agent. If it doesn't, the complexity of managing 100+ tools and multi-agent coordination in a horizontal product overwhelms the user experience. The signal: whether enterprise customers adopt Custom Agents for mission-critical workflows or treat them as a novelty.

Nathan Lambert at Interconnects published a clear-eyed assessment of the open-model ecosystem that deserves more attention than it's getting. The core argument: open-weight labs — particularly Chinese ones — are likely to hit funding constraints later this year, and capability slowdowns will follow 3–9 months after that.

The mechanism is straightforward. Closed labs benefit from continuous revenue and tighter online feedback loops from real users. Open labs can match benchmarks now through distillation and concentrated effort, but the long-term investment picture favors organizations with steady revenue streams. Lambert argues that closed models already have "hard-to-measure qualities" — robustness, general usefulness — that current benchmarks don't capture well.

This doesn't mean open models disappear. Lambert expects them to dominate repetitive automation tasks and sees local agents as "dark matter" with massive potential influence. But the interactive, agentic tasks where users constantly present new challenges — the knowledge-worker assistant market — will likely tilt toward closed labs.

If Lambert is right, expect open-model progress to become more uneven by late 2026, with closed labs pulling ahead specifically on agent-quality tasks. If he's wrong, it means the distillation-plus-community flywheel is more durable than the economics suggest. Watch Chinese lab fundraising announcements and benchmark trajectories through Q3 2026.

Chinese state media broadcast the PLA testing an autonomous "wolfpack" — robot dogs, unmanned boats, and aerial drones operating as a coordinated network rather than individually piloted machines. The key claim: an intent-sharing system called ATLS lets 96 drones and robot dogs coordinate attacks even under full signal jamming or GPS denial, without constant radio communication.

A heavily armed robotic dog serves as the strike element, carrying an automatic rifle, grenade launcher, and mini rockets. Other specialized units handle reconnaissance and logistics. One soldier reportedly controls the entire pack via voice commands, a rifle-mounted joystick, or gesture-based tactical gloves.

The demonstration matters because it shifts the problem from individual robot autonomy to distributed decision-making under contested communications — exactly the scenario where agentic systems face their hardest test. The open question: do these intent-sharing algorithms hold up under real electronic-warfare friction? CCTV documentaries are not peer-reviewed papers. External intelligence verification will be the litmus test. If the coordination claims are even partially real, it forces NATO planners to rethink counter-swarm doctrine. If they're aspirational, it's still a clear signal of where PLA investment is heading.

A model too dangerous to release is getting a government procurement form. A coding tool is autonomously clicking through your desktop. And somewhere in Poland, a humanoid robot is chasing wild boars through a parking lot while onlookers film.

The biometric scan to use your chatbot is the new CAPTCHA — except this time it's proving you're human so the AI will talk to you.

See you Monday.

If someone you know is trying to keep up with all this without losing their mind, forward them this.