Day: April 30, 2026

April Showers Heartache on Developers Using Popular Coding Tools

by Charlotte Dunlap, posted in Big Data
Close-up portrait of a woman with blonde hair and a warm smile.
C. Dunlap
Research Director

Summary Bullets:

• Anthropic backpedals price hikes following outcry

• GitHub makes controversial move from flat-rate to usage-based billing models

April has a been a controversial and even catastrophic month for developers of popular copilots and agents.

Some enterprise and independent developers felt gut-punched following unorthodox activities including significant price increases and major subscription restructuring. Anthropic removed Claude Code from its standard Pro Plan priced at $20, offering it instead as part of its Max plan for $100 per month. Confronted with serious backlash, it was forced to reverse its decision.

An outcry of developers within the GitHub community expressed feelings of betrayal following a similar move when GitHub announced a shift to Copilot usage-based billings, resulting in significant price hikes among premium models including Claude Opus. The newly rolled out usage-based billing structure replaces flat-rate AI fees, reportedly increasing the fee charged Claude’s heavier users by as much as 900%. GitHub’s reasoning behind the decision is the need to offset its escalating compute costs.

Such half-baked moves by leading providers only serve to throw up roadblocks that hinder adoption, trust, and confidence in a still very young market segment of copilots and agents. Solution providers risk alienating their greatest asset — the developer communities that help explore, uncover vulnerabilities, and eventually validate these largely uncharted technologies. Their voices play a major role in helping sway investment decisions among CXOs who struggle to demystify agentic AI ROI.

Additional news reports in April did little to ease developer unrest. Price hikes hit popular coding tools including Windsurf Pro and Cursor Pro. GitHub announced plans to temporarily pause new signups for Copilot for individuals including students and independent developers.

A particularly disturbing story shared on X social media illustrates every developer’s greatest nightmare. Jer Crane, founder of PocketOS, software services provider, described how a leading AI coding agent running a routine task in its staging environment managed to delete his company’s entire production database including backups—in nine seconds flat. After a couple days, and undoubtedly a few heart-attacks, the issue was resolved and the database restored.

But it bears repeating that this cautionary tale reinforces the need for pro-coders at the helm of mission critical activities and policies to ensure that agentic and broader DevOps guardrails are solidly in place.

Lumen Research Paints a Dark Picture of the Threat Landscape in 2026

by Amy Larsen DeCarlo, posted in Secure
A professional headshot of a woman with long blonde hair, smiling gently while wearing a black jacket over a light-colored top.
Amy Larsen DeCarlo – Principal Analyst, Security and Data Center Services

/Summary Bullets:

• As the operator of one of the world’s largest global internet backbones, Lumen has a view into 99% of the public IPv4 addresses; its threat research team Black Lotus Labs monitors 2.3 million threats daily.

• Lumen’s 2026 Defender Threatscape Report underscores the highly organized and effective tactics cybercriminals are using to infiltrate the enterprise by exploiting network and edge vulnerabilities.

Long gone are the days when it was a question of if, not when, an organization would be breached. Most enterprise security practitioners are painfully aware of how successful threat actors have become in evolving their techniques to outwit some of the best defensive tools. But if anything, Lumen’s 2026 Defender Threatscape report, highlights that the real security challenge is only beginning. Leveraging research from its Black Lotus Labs threat intelligence unit including data from investigations, network telemetry, and campaigns between September 2024 and January 2026, Lumen notes that in response to the increasing effectiveness of endpoint detection solutions, cybercriminals have changed their strategies to leverage camouflaged proxies, vulnerable edge devices, and generative AI (GenAI) to set up attacks.

Using its visibility into global Internet activity, Black Lotus Labs found cybercriminals acting in a highly organized fashion by first standing up assets to leverage later in highly sophisticated campaigns. Cybercriminals are leveraging AI to create and propagate malicious infrastructure at breakneck speed. Using automation, bad actors can support campaigns, tightening the time between breach and impact. Frequently, adversaries seek out vulnerable internet-connected edge devices including routers, VPN gateways, and firewalls. These resources ofter privileged access to enterprise assets and typically can supply minimal forensic tracing data.

Organized cybercrime is certainly not new, but Black Lotus Labs observes a significant uptick in nation state and for-profit adversaries building up proxy networks exploiting compromised consumer devices. This allows bad actors to assimilate with legitimate infrastructure, in some cases helping them skirt zero trust and geolocational restrictions.

State-affiliated adversaries often seize criminal infrastructure, known as “stolen staging,” to execute their own campaigns. This can obscure their true identities, making it harder to assign responsibility for attacks.

The 2026 Defender Threatscape report offers up some practical guidance, noting the criticality of having insight into network activity and securing edge devices as critical assets. Organizations need to conduct a comprehensive inventory of all Internet-connected services and interfaces, including legacy resources. Enterprise IT should track unusual authentication efforts and edge configuration changes, even if it appears to come from a “safe” IP address.

Essentially, organizations need to take the concept of preemptive security to another level, instead of looking just for potentially malicious activity they need to apply infrastructure awareness and protection. Security teams need to see proxy networks as potentially dangerous threats, and treat them as such with respect to access. They should also turn the thing threat actors use against them – scale – to their advantage. This requires gaining perspective beyond their enterprise assets into network activity that can show the earliest indicators of an encroaching threat.