AI Daily Digest — April 22, 2026 ⏱️ 8 min read
Today’s digest: Vercel got breached through a third-party AI tool and the attack chain is a wake-up call for every team that hands OAuth tokens to AI apps. Also: OpenAI flips the switch on pay-per-click ads in ChatGPT, and SoundHound swallows LivePerson.
🔥 Top Stories
Vercel Breached via Context AI Supply Chain Attack
This is the supply chain story everyone will be talking about this week. A Context.ai employee got hit with Lumma Stealer back in February. The attackers pivoted from stolen Google Workspace creds into Vercel’s infrastructure after a Vercel employee had granted “Allow All” OAuth permissions to Context’s AI Office Suite. Data — including API keys, deployment creds, and GitHub/npm tokens — is now listed on BreachForums for $2M. Vercel’s CEO says the attackers moved with “surprising velocity,” possibly AI-assisted. If you’re granting OAuth scopes to AI tools with your work account, maybe don’t. Read more →
OpenAI Turns On Cost-Per-Click Ads in ChatGPT
It’s official: ChatGPT now has CPC ads. Advertisers can bid between $3–$5 per click, down from the $60 CPM at launch ten weeks ago. OpenAI’s ad manager lets you optimize for views or clicks. The ad-supported AI assistant era is here, and honestly, the pricing feels aggressive for what’s essentially a conversational ad placement. Read more →
SoundHound AI Acquires LivePerson for $43M
SoundHound is buying LivePerson in an all-stock deal — $43M equity, $250M enterprise value after debt restructuring. The combined platform will serve 25 Fortune 100 customers across 30+ countries, merging SoundHound’s voice AI with LivePerson’s digital messaging that handles 1 billion messages per month. Stock dropped on the news, because markets gonna market. Read more →
Anthropic Now Requiring Government IDs for Some Users
Anthropic has started asking certain users for government-issued photo IDs and selfies to prevent access from US adversaries. This is new territory for an AI lab — identity verification at the model access layer. Whether this becomes industry standard or stays an Anthropic-specific policy remains to be seen. Read more →
AI-Generated Code Vulnerabilities Scaling 4x Faster Than Fixes
OX Security analyzed 216 million security findings across 250 orgs over 90 days. Raw alert volume grew 52% year-over-year, but prioritized critical risk grew nearly 400%. The “velocity gap” is real — we’re shipping AI-generated code faster than we can remediate the vulnerabilities it introduces. About time someone put numbers on this. Read more →
🛠️ New Tools & Releases
| Tool | What’s New | Link |
|---|---|---|
| OpenAI GPT-5.4-Cyber | Security-focused model for vulnerability detection; contributed to 3,000+ critical fixes via Trusted Access for Cyber program | Details |
| Vercel Open Agents | Open-sourced platform for building custom AI coding agents tailored to large codebases | Details |
| GLM-5.1 (Zhipu AI) | 744B MoE model, 40B active params, 200K context — fully MIT licensed. Legit open-source competitor. | Details |
| Meta Muse Spark | First model from Meta’s new Muse series, built by Meta Superintelligence Labs | Details |
| Claude Code Routines | Anthropic added scheduled automation to Claude Code — run coding tasks without active sessions | Details |
If you’re evaluating open models for production, check out our Best Open Model APIs for Developer Tools in 2026 comparison.
💰 Funding & Business
- SoundHound + LivePerson: $43M all-stock acquisition creating an omnichannel conversational AI giant serving 30+ countries
- AI coding tools market hits $12.8B in 2026 (up from $5.1B in 2024). GitHub Copilot holds ~37% share, but Cursor is gaining fast
- India forms AIGEG: High-level inter-ministerial body to assess AI’s impact on employment and plan workforce transitions
- ChatGPT ad CPMs already dropped from $60 to $25 in 10 weeks — the race to the bottom begins
📊 What Developers Are Discussing
- OAuth supply chain risk: The Vercel breach has HN debating whether “Allow All” OAuth permissions for AI tools should be banned at the org level. Hot take: yes, obviously.
- Vibe coding security: Research suggests 60–65% of AI-generated code contains vulnerabilities. The “just ship it” crowd is not happy about this stat.
- 92% of orgs lack full visibility into AI identities running in their infrastructure — and most don’t even know what AI agents have access to what
- MCP hits 97M installs: Anthropic’s Model Context Protocol is becoming the de facto standard. Every major AI provider now ships MCP-compatible tooling. See how the top AI coding agents compare
- 84% developer adoption: Stack Overflow survey confirms AI coding tools are mainstream — the holdouts are shrinking fast
📝 Worth Reading
- Stanford’s AI Index 2026 — The definitive annual report on the state of AI. Essential reading if you want to argue with data instead of vibes.
- How Meta Used AI to Map Tribal Knowledge in Data Pipelines — Fascinating look at using LLMs to document undocumented institutional knowledge.
- We Need to Re-learn What AI Agent Dev Tools Are in 2026 — n8n’s take on how the agent tooling landscape has completely shifted.
- The Vercel Breach: OAuth Supply Chain Attack Analysis — Trend Micro’s detailed technical breakdown of the attack chain. Required reading for security teams.
- OX Security: AI Code Velocity Gap Report — The numbers behind why AI-assisted development is outpacing security remediation.