AI Daily | DeepSeek API Price Cut, Agentic RAG Evaluation, Bumblebee and Confucius4-TTS Open Sourced

AI Spotlight: Anthropic Finds Thousands of Vulnerabilities and DeepSeek’s Price Shock

Every day brings new technological breakthroughs that are hard to keep up with. Did you know? Recent technological developments seem to have reached a new turning point. From the automation of cybersecurity defense to the crazy price slashing of language models, every piece of news affects countless developers.

Here is the situation: today I have summarized six must-read focus news stories for you. These include various latest evaluation data and open-source tools. Let’s see how these new technologies are reshaping the future of development work.

New Security Frontier: Anthropic Project Glasswing Finds Over 10,000 Vulnerabilities in the First Month

Software vulnerabilities have always been a headache for engineers. Honestly, finding hidden dangers in code often takes a lot of time and energy. The latest progress of Project Glasswing released by Anthropic brings exciting news. This project aims to use artificial intelligence models to protect the security of global critical software.

By using the Claude Mythos Preview model, about fifty partners discovered more than 10,000 high-risk or critical vulnerabilities in the first month. This sounds amazing, right? Taking the well-known company Cloudflare as an example, their team found 2,000 errors in critical path systems, 400 of which were high-risk. Moreover, the Cloudflare team believes the model’s false positive rate is even lower than that of human testers.

An interesting phenomenon has emerged here. In the past, the bottleneck of software security was the speed of finding vulnerabilities; now it has become the speed of verifying and fixing them. As AI-generated error reports fly in like snowflakes, many open-source project maintainers say their processing capacity has reached its limit. This means the entire tech industry must shorten patch cycles and use automation tools to assist in repairing code.

Developer’s Boon! DeepSeek-V4-Pro Announces Permanent Promotional Pricing

Who doesn’t love a price cut? Especially in environments with high computing costs, every price adjustment can change a company’s product strategy. DeepSeek announced that the 75% off DeepSeek-V4-Pro API discount has become permanent pricing, which undoubtedly dropped a bombshell in the developer community.

Let me explain the specific details. Originally, this massive 75% discount was expected to be extended until May 31, 2026, but after that, the official price will be directly reduced to one-quarter. This means the current ultra-low promotional price will become the normal price in the future. It is truly very cheap—so cheap it’s almost hard to believe.

Specifically, if there is a cache hit, the input cost is only $0.003625 per million tokens. Even without a cache hit, the input is only $0.435, and the output is $0.87. The significantly lowered cost threshold will allow more startup teams and individual developers to use powerful large language models without hesitation, thereby catalyzing more innovative application services.

The Ultimate Choice? Agentic RAG vs. Long-Context LLM Direct Confrontation

You might wonder, when facing long documents, should you stuff the entire document into the model or use Retrieval-Augmented Generation (RAG)? SurfSense conducted a detailed evaluation of Agentic RAG and long-context LLMs. This test used the Claude Sonnet 4.5 model and asked 171 real questions against 30 complex PDF files containing many images.

The test results are very intriguing. If you only look at the raw accuracy, the approach of parsing the complete document and inputting it into the model takes the lead (59.6%). However, the performance of Agentic RAG is also very close (53.2%). The key differences are cost and stability. The cost per query for Agentic RAG is less than half that of full input ($0.0827 compared to about $0.20), and it achieved an amazing record of zero failures in 171 queries.

Another myth-busting discovery is that letting models with vision capabilities directly read raw PDFs performed the worst (52.0%). This proves that traditional OCR and layout analysis technologies currently cannot be easily replaced. For companies with limited budgets that need to process massive documents, Agentic RAG remains the most practical and robust choice.

Free Your Hands: Claude Auto Mode Receives Two Major Upgrades

For developers who frequently use Claude to write code, Auto mode is definitely a powerful tool for improving efficiency. Claude Devs announced two important updates for Auto mode.

This feature is now officially open to Pro plan users. Even more excitingly, in addition to the originally supported Opus 4.7, support for Sonnet 4.6 has now been added. Sonnet 4.6 is known for its excellent response speed and logical reasoning capabilities, which will make the process of automatically completing complex tasks even smoother.

Users only need to press the Shift+Tab combination to let Claude automatically take over and execute subsequent work. This seamless interactive experience is like having an untiring programming assistant by your side.

Strengthening Supply Chain Security: Perplexity Open Sources Internal Detection Tool Bumblebee

In recent years, software supply chain attacks have occurred frequently, and any inconspicuous package update could hide malicious code. Perplexity announced the open-sourcing of its internal security scanning tool Bumblebee. This move is of great significance for defending against increasingly complex cyber threats.

Bumblebee is a read-only scanner. Its original intention was to quickly check for risky packages, extensions, or AI tool settings on a developer’s computer when a supply chain security event occurs. Currently, this tool supports three scanning modes: baseline mode for daily checks, project mode for specific workspaces, and deep scan mode for emergency response.

The biggest advantage of Bumblebee is that it never executes installation scripts or lifecycle hooks. Many emerging malwares are triggered the moment a developer executes a package installation, and Bumblebee avoids this problem by directly reading metadata, ensuring the scanning process itself doesn’t become the fuse for a security crisis. This open-source project, written in Go, is currently available for macOS and Linux developers.

New Star in Zero-Shot Voice Generation: NetEase Youdao Launches Confucius4-TTS

The development speed of speech synthesis technology is also amazing. The latest project released by NetEase Youdao has attracted the attention of many open-source enthusiasts. Confucius4-TTS is a multilingual and cross-lingual zero-shot speech synthesis engine.

This system uses an architecture combining a speech encoder with a large language model. It does not require any reference text to perform unlimited voice cloning. Currently, Confucius4-TTS supports 14 languages, including Chinese, English, Japanese, and German, and can perform accent-free voice conversion between different languages.

Even more special is its emotional transfer capability. It can not only clone the characteristics of a voice but also accurately capture and reproduce the speaker’s emotional fluctuations. Interested friends can go to the Gradio online experience area to try it out, or visit the Confucius4-TTS GitHub page for more code details and model weight information.

FAQ

1. What is Agentic RAG, and how is it different from traditional RAG?

Agentic RAG is a Retrieval-Augmented Generation technology led by a language model agent. Traditional RAG has only a single fixed retrieval step, while Agentic RAG allows the agent to propose sub-questions, perform multiple different searches, judge when enough evidence has been collected, and filter out irrelevant information. It’s like sending a research assistant to the library and letting them repeatedly walk through the shelves to cross-reference data until they write a complete report.

2. Why did DeepSeek’s pricing strategy attract so much attention?

Because cost is a key factor in determining whether a technology can become widespread. DeepSeek turned its original promotional discount into permanent pricing, reducing the cost of input cache hits to an extremely low level. This significantly reduces the financial burden on companies and developers when processing long texts or frequently calling APIs, helping to promote the implementation of more AI applications.

3. Project Glasswing discovered so many vulnerabilities; does this mean existing software is very insecure?

You could say that. This highlights that many undiscovered dangers are hidden in modern software architectures. However, being able to find these vulnerabilities with AI is actually a good thing. The current challenge has shifted from “how to find problems” to “how to fix problems in time,” which requires developers to shorten patch cycles and use AI tools to assist in generating fix code.

4. Should I rely entirely on vision-language models to process PDF files?

Based on current evaluation data, the answer is no. Letting the model directly read long PDF files with complex layouts is not only expensive but also has a relatively high failure rate. In an actual production environment, using a high-quality OCR system for preprocessing combined with retrieval technology remains the best solution that balances accuracy and budget.