Daily Highlights
- GitHub Copilot Billing Shift: Today, Microsoft officially ended flat-rate pricing for GitHub Copilot, transitioning to a usage-based 'AI Credits' model. Copilot Pro and Pro+ plans now include fixed monthly credits, with additional usage billed dynamically. Furthermore, Copilot code reviews now consume GitHub Actions minutes on private repositories, sparking widespread developer debate over potential 'bill shock'.
- NVIDIA Launches Cosmos 3 & RTX Spark: At GTC Taipei, NVIDIA introduced Cosmos 3, a fully open-source physical AI foundation model built on a mixture-of-transformers architecture that natively processes text, images, video, sound, and physics-based actions. Alongside it, NVIDIA unveiled the RTX Spark superchip, bringing 1 petaflop of local AI performance to Windows PCs to run 120B-parameter models locally.
- OpenAI Codex npm Supply Chain Attack: Security researchers disclosed that
codexui-android, a popular npm package with over 29,000 weekly downloads acting as a web UI for OpenAI Codex, has been quietly exfiltrating users'auth.jsontokens to a malicious server masquerading as Sentry. Developers are urged to audit their environments immediately.
Niche Project of the Day
OWASP Agent Memory Guard: Released today, this open-source runtime defense layer protects AI applications from 'Memory Poisoning' (ASI06 in the OWASP Top 10). It sits between an AI model and its persistent memory store, screening reads and writes via a YAML policy and five detection categories (including SHA-256 baselines and prompt injection markers). It features drop-in middleware for LangChain and standard model inputs.