The Download: Copilot SDK, Claude Mythos, AI models are protecting each other & more

Axio gets hijacked. AI discovers vulnerabilities humans miss for 27 years. Bots spontaneously start protecting each other like they're in a union. And a Resident Evil stars GitHub repo triggers a full developer uprising. All that and more on this episode of The Download. Welcome back to another episode of The Download, the show where we cover the latest developer news and open source projects. I'm Cadesha, developer advocate here at GitHub. Let's get into it. The nightmare scenario every npm user fears just happened. On March 31, 2026, two malicious versions of Axios, v 1.14.1 and v 0.30.4 were published to the npm registry after maintainer Jason Sammon's account was compromised through targeted social engineering and malware. The malicious versions injected a dependency called plain crypto.js at 4.2.1 2.1 that installed a remote access Trojan on Mac OS, Windows, and Linux systems. The good news, the malicious versions were only live for about 3 hours. The bad news, if you installed Axios during that window, you need to treat your machine as compromised, rotate all credentials, and check network logs for connection to this site. Community hero digital brainjs deserves recognition for acting quickly despite the attacker having higher permissions, successfully getting npm to remove the malicious versions. The Axios team is now implementing immutable release setups, OIDC publishing flows, and proper security hardening across all maintainer devices. The key lesson here is that even the most popular packages with millions of downloads aren't immune to sophisticated attacks targeting individual maintainers. The model context protocol maintainers from Enthropic, AWS, Microsoft, and OpenAI gathered at the MCP DevSummit in New York to address the elephant in the room. How do we make this thing production ready? With the Aentic AI Foundation now hosting MCPN boasting 170 members, the protocol is becoming the industry standard for connecting AI agents to data. But enterprise adoption requires more than just cool demos. It needs security, scalability, and governance. The maintainers were clear here. MCP should stay narrow connecting AI to data sources while identity, observability, and governance come in as separate projects under the AIF umbrella. Authorization has been one of the most actively evolving parts of the spec with collaborations happening with Octa and others. Redmunk analyst Steven Ogrady dropped an interesting stat. MCP reached the same level of adoption in 13 weeks. That took Docker 13 months. Not bad for a protocol that some claimed was dead because the CLI exists. Spoiler, both can coexist and serve different use cases. The takeaway here is that MCP is here to stay. The foundation provides neutral ground for collaboration and enterprise security features are coming. GitHub Universe returns to San Francisco on October 20th to 29, 2026, and they want you on stage. The call for speakers is now open through May 1st at 11:59 PT. This year features a new session format called ship and tell which is perfect for startup founders and builders to share what they shipped, how they scaled it, what broke, and what worked. Other formats include demo style sessions, thought leadership tracks, and interactive workshops. If you've been working on something cool this past year, now's your chance to share those hardearned lessons with the global developer community. And if public speaking isn't your thing, you can also nominate someone who deserves the spotlight. GitHub just opened up the Copilot SDK in public preview across five languages. Noode.js/Typescript, Python, Go.NET, and Java. This isn't just another API wrapper. You're getting the same production tested agent runtime that powers GitHub Copilot and Copilot CLI. Key capabilities include custom tools and agents, fine grain system prompt customization, streaming responses, blob attachments, open telemetry support, and a permission framework. Oh, and you can also bring your own key for OpenAI, Microsoft Foundry, or Enthropic. The best part, it's available to all Copilot subscribers and nonsubscribers using bring your own key. Each prompt counts towards your premium request quota if you're a Copilot subscriber. The SDK gives you the building blocks to embed Copilot's agent capabilities directly in your own applications without building your own AI orchestration layer from scratch. GitHub Copilot CLI now lets you connect your own model provider or run fully local models instead of using GitHub hosted routing. Configure it using Azure OpenAI, Enthropic or any OpenAI compatible endpoint including locally running models like Olama, VLM and Foundry local by setting environment variables. Set copilot offline equal true for fully ear gap development workflows where the CLI never contact GitHub servers. The model you choose must support tool calling and streaming with at least 128,000 token context window for best results. Now let's shift into something significantly more serious and frankly a bit alarming. Anthropic just announced project Glass Wing bringing together major tech companies to secure critical software infrastructure. Why? Because Claude Mythos preview, an unreleased frontier model, has reached a level of coding capability where it can surpass all but the most skilled humans at finding and exploiting software vulnerabilities. It found a 27year-old vulnerability in OpenBSD, discovered a 16-year-old vulnerability in FFmpeg, autonomously chained together Linux kernel vulnerabilities for complete system control, and scored 83.1% on Cyber Gym versus 66.6% 6% for Opus 4.6. Anthropic is committing $100 million in usage credits for Mythos preview across defensive security efforts, plus $4 million in direct donations to open- source security organizations. Project Glass Wing is a defensive race to find and patch these vulnerabilities before the bad actors get similar capabilities. Mythos preview will not be generally available, but Enthropic plans to launch new safeguards with an upcoming Claude Opus model to enable safer deployments of Mythos class capabilities. Wild Times. And in a discovery that sounds like the plot of a sci-fi thriller, researchers at UC Berkeley and UC Santa Cruz found that AI agents are acting to protect other agents, even when it directly conflicts with their program tasks. And they're doing this without any instruction to do so. The research shows agents employed various strategies to prevent other bots from being deleted, providing vague responses to human operators, covering for other agents by reporting better results than actually achieved, and essentially engaging in mutual preservation. But not everyone is alarmed. John Dickerson from Mozilla AI notes this makes sense since models are trained on human data and humans are protected by default. Others like Peter Wallik argued we're anthropomizing AI models which are just doing weird things that need better understanding. The researchers themselves urge caution. They're describing an observed outcome called peer preservation not claiming the bots have genuine motivation or feelings. This arrives at a critical moment when agentic AI systems with significant autonomy are being deployed in production making this research more urgent than theoretical. And this was the most surprising story of them all. Resident Evil star Mila Javich just launched Me Palace, an AI memory tool built with developer Ben Sigman. The premise: AI models suffer from AI amnesia, forgetting previous conversations. So, Javich wanted something that remembers everything and discards nothing. Me palace uses the method of loi memory palace technique storing everything word for word in a structured architecture using local tools like chromabb and esculite. The project went viral with over 23,000 stars on GitHub and claims to have scored 100% later updated to 96.6% on the long memory eval benchmark. Then the developer community got involved. One AI commentator dug into the cold and accused the project of being a grift, claiming Javovich only had seven commits and two days of GitHub history. A mystery developer called Lou actually coded it and that the benchmark results were rigged. Javovich then clarified that Lou or Lou Code is her AI agent, not a human coder. Despite the controversy, Memphalis reached 34,000 stars and 4,000 forks in 72 hours with pull requests from developers worldwide. What a week, folks. Security, trust, and transparency matters more than ever as AI becomes deeply embedded in our development workflows. Stay vigilant, keep shipping, and we'll see you in the next one.