New tools, products, platforms, funding rounds, and company developments in AI security.
This is a brief announcement about datasette-llm version 0.1a4, posted by Simon Willison on March 31, 2026. The content primarily promotes a monthly sponsorship option for curated LLM (large language model) news digests rather than discussing technical details, vulnerabilities, or features of the software itself.
OpenAI closed a record $122 billion funding round, valuing the company at $852 billion, with major investors including SoftBank, Amazon, and Nvidia. The company, which launched ChatGPT in 2022, now has over 900 million weekly active users and generates $2 billion in monthly revenue, though it is not yet profitable. OpenAI is preparing for a potential IPO while reducing spending on certain projects like its video app Sora.
ChatGPT is now available on Apple's CarPlay (Apple's in-car interface) if you have iOS 26.4 or newer and the latest ChatGPT app version. Users can only interact with ChatGPT through voice commands on CarPlay, not text, because Apple's guidelines restrict apps from displaying text or images as responses on the platform.
The llm-all-models-async 0.1 plugin allows synchronous (blocking) AI models from LLM plugins to work as asynchronous (non-blocking) models by running them in a thread pool (a group of worker threads that handle tasks in parallel). This solves a compatibility problem where Datasette, which only supports async models, couldn't use sync-only plugins like llm-mrchatterbox.
Attackers compromised the npm account of Axios' lead maintainer and published malicious versions (axios@1.14.1 and axios@0.30.4) containing a remote access trojan (malware that gives attackers control over infected computers). The attack was detected within minutes and packages were removed within 2-3 hours, but the damage was significant because Axios receives roughly 100 million downloads per week and is used in 80% of cloud and code environments.
Version 0.30 of llm (a command-line tool for accessing large language models) added a new feature to its plugin system where the register_models() function can now receive an optional model_aliases parameter that shows all previously registered models and aliases from other plugins. The update also improved documentation by adding detailed explanations (docstrings) to public classes and methods.
Researchers at Palo Alto discovered a security weakness in Google's Vertex AI (Google's cloud platform for building and running AI applications) where AI agents could be given too many permissions, allowing attackers to steal data and access restricted cloud systems. The vulnerability stems from over-privileged configurations that give AI agents more access than they actually need to do their job.
Samsung's Galaxy S26 Photo Assist tool uses AI to let users edit photos with natural language requests, similar to Google's earlier photo editing features. However, the tool can be manipulated to generate misleading or harmful images, like fake disaster scenes, because its safety guardrails can be bypassed through prompt injection (tricking the AI by hiding instructions in user input).
This is a brief announcement about llm-echo 0.4, a beat (a regular news column) by Simon Willison posted on March 31, 2026. The content shown is mostly a sponsorship pitch for a monthly email digest covering important LLM developments rather than technical information about the software itself.
Nvidia announced a $2 billion investment in Marvell Technology, a semiconductor company that makes chips used in AI infrastructure, causing Marvell's stock to rise 7%. The investment ties the two companies together to build AI-focused technology and specialized chips called ASICs (application-specific integrated circuits, chips designed for particular tasks), as businesses scramble to meet growing demand for AI computing power.
This is a brief announcement for 'llm-echo 0.3', a release by Simon Willison from March 31, 2026. The post appears to be part of a monthly briefing service about LLM (large language model) developments, with an option to sponsor the author for curated email updates.
Art schools are changing their curriculum to include generative AI (AI systems that create new images, animations, or designs based on descriptions), but students and creative professionals are concerned about how this affects job competition and the future of traditional artistic skills. The article highlights growing worry among art students that AI tools will make it harder to find postgraduate jobs in creative fields.
As improvements from new AI models have slowed to small gains, organizations are shifting toward customizing models with their own proprietary data and internal processes to gain competitive advantages. Domain-specialized models, which are trained on an organization's unique language, workflows, and expertise, can outperform general-purpose models and encode valuable business knowledge directly into the AI system.
CrewAI, an AI framework, has vulnerabilities that attackers can exploit using prompt injection (tricking an AI by hiding malicious instructions in its input) to chain together bugs and escape the sandbox (a restricted environment meant to contain the AI's actions) to run arbitrary code on a device.
Researchers discovered a security vulnerability in Google Cloud's Vertex AI platform where AI agents could be compromised to steal sensitive data and access private cloud resources. The problem stems from the default service agent (P4SA, a special account that runs the AI agent) having excessive permissions, allowing attackers to extract credentials and gain unauthorized access to cloud storage, private code repositories, and internal Google infrastructure.
OpenAI announced a $122 billion funding round at an $852 billion valuation, positioning itself as core AI infrastructure globally. The company is experiencing rapid commercial growth, generating $2 billion in monthly revenue and expanding its products across ChatGPT, APIs, enterprise solutions, and specialized applications like coding and scientific discovery.
Google's Vulnerability Reward Program (VRP), which pays researchers to find security bugs in Google products, celebrated its 15th anniversary in 2025 by awarding over $17 million to more than 700 security researchers worldwide. Major 2025 developments included launching a dedicated AI VRP (a separate program focused specifically on AI security flaws), adding AI reward categories to Chrome VRP, and creating a patch rewards program for OSV-SCALIBR (an open source tool that scans software for vulnerabilities). Google also hosted multiple bugSWAT events (live hacking competitions) throughout the year, which generated hundreds of bug reports and distributed over $2.9 million in rewards.
Penguin Random House sued OpenAI, claiming that ChatGPT (an AI chatbot, or conversational AI system) violated copyright by reproducing content similar to their German children's book series, Coconut the Little Dragon. The lawsuit was filed in Munich court against OpenAI's European subsidiary after the publisher's legal team tested whether ChatGPT could generate stories matching the style of the original books.
Meta and YouTube both lost landmark legal cases this week involving claims that their platforms cause social media addiction (compulsive use similar to drug dependency). While the cases don't settle whether social media is clinically addictive, courts have determined that the companies can be held legally responsible for the harm caused.
AI agents (AI systems that can reason, plan, and act autonomously across enterprise systems) are becoming more common in organizations, creating new security challenges. Risk from AI agents depends on two factors: access (which systems and data the agent can reach) and autonomy (how independently it can act without human approval). The text describes three categories of enterprise AI agents—agentic chatbots, local agents, and production agents—each with different risk levels based on their access and autonomy.
Fix: Google updated its documentation to explain how Vertex AI uses resources and accounts. The company recommended that customers use Bring Your Own Service Account (BYOSA) to replace the default service agent and enforce the principle of least privilege (PoLP, giving the agent only the permissions it needs to do its job).
The Hacker News