The Intake
The Intake — Thursday, April 30, 2026
Editor’s note
Anthropic retires the 1M-token context-window beta for Claude Sonnet 4 and Sonnet 4.5 today. Requests carrying the context-1m-2025-08-07 header on those two model IDs continue to parse but silently fall back to 200K; any prompt exceeding that limit returns a 400 error at the prompt-length check. The model names still resolve. The capability the header used to unlock does not.
Read alongside Tuesday's PocketOS deletion and yesterday's Entra ID disclosure, today names a third way an integration fails quietly. PocketOS was a credential whose nominal scope did not match its operational scope. Entra was a directory role whose name did not enforce itself. The 1M-context retirement is neither — it is a vendor-side capability removal on a stable model name, surfacing only at the prompt-length check rather than where header monitors live. A pipeline healthy on Wednesday can fail on Thursday with no rename, no API change, and no advisory.
The day's other substrate news is a critical pre-auth SQL injection in LiteLLM, exploited within 36 hours of GitHub-advisory indexing. The EU's Omnibus trilogue collapsed Tuesday without agreement; the August 2 high-risk deadline is legally unmoved.
If you read one item today, read Anthropic's release-notes entry on the 1M-context-beta retirement.
On the substrate
Anthropic retires the 1M-token context-beta header for Claude Sonnet 4 and Sonnet 4.5 today; requests over 200K tokens fall back silently and error at the prompt-length check
Anthropic API release notes · Anthropic model deprecations · releases.sh — Claude Platform · Claude Lab — migration guide · Pasquale Pillitteri — migration analysis
As of today, the context-1m-2025-08-07 beta header has no effect on claude-sonnet-4-5-20250929 or claude-sonnet-4-20250514. Per the platform release notes, requests including the header continue to be accepted at the API layer — the header still parses without error — but the underlying context window for those two model IDs reverts to the standard 200K. Any prompt exceeding 200K tokens returns a 400 invalid_request_error referencing prompt length. The 1M context window remains generally available on claude-sonnet-4-6 and claude-opus-4-6 at standard pricing without a beta header. The failure mode worth flagging: a long-context pipeline provisioned on Sonnet 4 or 4.5 with the beta header surfaces no hard error at the header acceptance layer, only at the prompt-length check. If your monitoring tracks header acceptance rather than effective context window, the regression can land in production without an alert. Audit any agent or batch pipeline that pins claude-sonnet-4-5 or claude-sonnet-4 and sets the 1M beta header today; if 1M context is load-bearing for the workload, switch the model ID to claude-sonnet-4-6 and remove the beta header. The two legacy Sonnet model IDs themselves remain available on the standard 200K window until June 15, 2026, when they retire fully.
A pre-authentication SQL injection in LiteLLM exposed every upstream provider key the proxy held; first wild exploitation logged 36 hours after the advisory indexed
BerriAI security advisory (GHSA-r75f-5x8p-qvmc) · LiteLLM security blog · Sysdig Threat Research Team · The Hacker News · BleepingComputer · SC Media
CVE-2026-42208 is a critical pre-authentication SQL injection in LiteLLM's proxy authentication path, patched in version 1.83.7-stable on April 19. The vulnerable code path mixed the caller-supplied API key into a database query as string interpolation rather than a parameterized value; an unauthenticated attacker could send a crafted Authorization header against any LLM API route — POST /chat/completions is the most-cited example — and reach a SELECT against the proxy's PostgreSQL backend through the error-handling path. The credential table that injection reaches is the table LiteLLM is built to hold: every upstream provider API key the proxy is configured for, including OpenAI, Anthropic, and Gemini credentials, often with five-figure monthly spend caps attached. Sysdig recorded the first exploitation attempt at April 26, 16:17 UTC — roughly 26 hours after the GitHub advisory indexed and 36 hours after BerriAI's blog post. The shape worth naming is not that LiteLLM had a SQLi; it is that the asset the vulnerability surfaced — a centralized credential store for every model an organization touches — is the asset LiteLLM is built to be. The same architectural property that makes a gateway useful (one place to manage keys) makes a single vulnerability against it consequential (one place to lose them all). If you operate LiteLLM in production, upgrade to ≥1.83.7 today and rotate every upstream provider key the proxy held during the exposure window. Treat key rotation as the primary remediation; the patch closes the bug, not the past.
For operators
The EU's AI-Act Omnibus trilogue ended without an agreement on April 28; the August 2, 2026 high-risk deadline remains legally in force
IAPP — reform talks stall · Modulos AI · Implicator AI — talks fail after 12-hour session · DLA Piper GENIE · Ropes & Gray
The Strasbourg trilogue on the EU's AI-Act Omnibus broke around 2 a.m. local on April 29 after roughly twelve hours of negotiation, without political agreement. The unresolved file was the conformity-assessment relationship between the AI Act and existing sectoral product-safety law — the Annex I architecture for AI inside regulated products such as medical devices and machinery, where the European Parliament pushed to move sectoral legislation from Section A to Section B and the Council pushed back. A follow-up trilogue is provisionally scheduled around May 13 under the Cypriot Presidency. The decision this forces for any operator with high-risk systems in scope — recruitment, screening, performance, termination, agentic resume parsers, biometric identification — is whether to read the collapse as evidence a delay is coming and slow August-2 preparations, or to treat the AI Act's existing applicability dates as the binding fact and stay on the August 2 path. The second read is the safe one: until an Omnibus regulation is adopted, the dates in Article 113 of Regulation 2024/1689 are operative law, and the Annex III high-risk obligations fire on August 2 as written. The Cypriot Presidency window is short; even if a deal lands May 13, formal Council adoption and Parliament approval cannot reasonably complete before August. Treat the trilogue collapse as confirmation the deadline is not moving and continue compliance work as scoped. Re-evaluate only after a formal adoption text exists, not after a political signal.
Considered and passed
- CVE-2026-33626 (LMDeploy SSRF, exploited within 12.5 hours of advisory publication) — the rapid-exploitation pattern reinforces today's LiteLLM lead, but the LMDeploy advisory itself published April 21 and is past the fresh-news window for a brief of its own. Held alongside LiteLLM as part of the same accelerating-exploitation pattern; the broader engagement belongs in a longer essay on AI-infrastructure time-to-exploit.
- Mem0 memory architecture, Recursive Language Models, and mmGRPO papers (Hugging Face daily papers) — substantive context-engineering research. None is next-turn-actionable as a daily brief; held for the longer context-engineering essay already on the deep-dive list.
- **Hugging Face *State of Open Source on Hugging Face: Spring 2026*** — useful general industry signal; off the substrate-and-operators beats and not decision-closing.
- OpenAI Workspace Agents general availability — productivity-software announcement carried over from yesterday's pass list; behavioral claims unverifiable without independent eval.
- White House drafts guidance to bypass Anthropic's risk-flag designation — political-process news affecting Anthropic's federal-contracting position; passed yesterday, no new evidence today.
On today’s sources
Anthropic's own platform release notes carried the day's substrate lead with full operational detail. Sysdig's research arm and BerriAI's published advisory together did the work on LiteLLM, with strong corroboration through The Hacker News, BleepingComputer, and SC Media. The European policy press — IAPP, Modulos, Implicator AI, DLA Piper, Ropes & Gray — handled the Omnibus collapse cleanly within twenty-four hours of the trilogue's end. Practitioner blogs were quiet on agent-substrate items in the last day; interconnects.ai most recent post is a Qwen 3 review that is off this beat, and red.anthropic.com is between published items.