We’ve iden­ti­fied a se­cu­rity in­ci­dent that in­volved unau­tho­rized ac­cess to cer­tain in­ter­nal Vercel sys­tems. We are ac­tively in­ves­ti­gat­ing, and we have en­gaged in­ci­dent re­sponse ex­perts to help in­ves­ti­gate and re­me­di­ate. We have no­ti­fied law en­force­ment and will up­date this page as the in­ves­ti­ga­tion pro­gresses.

At this time, we have iden­ti­fied a lim­ited sub­set of cus­tomers that were im­pacted and are en­gag­ing with them di­rectly.

Our ser­vices re­main op­er­a­tional, and we will con­tinue to up­date this page with new in­for­ma­tion.

We are tak­ing ac­tions to pro­tect Vercel sys­tems and cus­tomers.

Our in­ves­ti­ga­tion is on­go­ing. In the mean­time, here are best prac­tices you can fol­low for peace of mind:

* Review the ac­tiv­ity log for your ac­count and en­vi­ron­ments for sus­pi­cious ac­tiv­ity.

* Review and ro­tate en­vi­ron­ment vari­ables. Environment vari­ables marked as “sensitive” in Vercel are stored in a man­ner that pre­vents them from be­ing read, and we cur­rently do not have ev­i­dence that those val­ues were ac­cessed. However, if any of your en­vi­ron­ment vari­ables con­tain se­crets (API keys, to­kens, data­base cre­den­tials, sign­ing keys) that were not marked as sen­si­tive, those val­ues should be treated as po­ten­tially ex­posed and ro­tated as a pri­or­ity.

* Take ad­van­tage of the sen­si­tive en­vi­ron­ment vari­ables fea­ture go­ing for­ward, so that se­cret val­ues are pro­tected from be­ing read in the fu­ture.

For sup­port ro­tat­ing your se­crets or other tech­ni­cal sup­port, con­tact us through ver­cel.com/​help.

Our in­ves­ti­ga­tion has re­vealed that the in­ci­dent orig­i­nated from a third-party AI tool whose Google Workspace OAuth app was the sub­ject of a broader com­pro­mise, po­ten­tially af­fect­ing hun­dreds of its users across many or­ga­ni­za­tions.

We are pub­lish­ing the fol­low­ing IOC to sup­port the wider com­mu­nity in the in­ves­ti­ga­tion and vet­ting of po­ten­tial ma­li­cious ac­tiv­ity in their en­vi­ron­ments. We rec­om­mend that Google Workspace Administrators and Google Account own­ers check for us­age of this app im­me­di­ately.

Capture a web page as it ap­pears now for use as a trusted ci­ta­tion in the fu­ture.

Pausing a game is so com­mon that I doubt many of us ever re­ally think about it. Maybe a pause menu has a cool song, or maybe you’re play­ing an al­ways-on­line game that fea­tures a pause menu that does­n’t ac­tu­ally pause any­thing. In those cases, you might mo­men­tar­ily con­tem­plate the act of paus­ing a video game. Those are the rare ex­cep­tions. Normally, we all just pause and un­pause with­out a sec­ond thought. It’s just ex­pected that most games will let you pause the ac­tion.

But how does that ac­tu­ally work? How do de­vel­op­ers ac­tu­ally let you pause a game?

I asked de­vel­op­ers on so­cial me­dia to tell me how they make a game pause, and the an­swers I got were all over the place. Many devs said that most mod­ern game en­gines sup­port paus­ing, and it should­n’t cause too many is­sues as long as you don’t screw any­thing up while mak­ing the game. But, as you might ex­pect, game de­vel­op­ment is weird and com­pli­cated and messy, and that means some­times paus­ing a game in­volves ma­nip­u­lat­ing time.

“In Waves of Steel, paus­ing slows the game speed down to 0.000000001 times nor­mal speed,” ex­plained game de­vel­oper ‪Chris Weisiger‬ on BlueSky. “In other words, it’d take about three years of real-time for one sec­ond of game time to pass. I did this be­cause I heard that Unity has spe­cial be­hav­ior for when game­speed is 0, which I wanted to avoid.”

“As a hob­by­ist in Unreal, I do some­thing a lit­tle stu­pid,” said dev Tommy Hanusa on so­cial me­dia. “I set the timescale to .000001 so that I can let the player/​tester eject from the pause and fly around (with an ap­pro­pri­ately ridicu­lous speed of like 5000000) in case they want to show me some­thing.”

Many other devs told me that they just set the game’s timescale to 0 when you hit pause and make sure that cer­tain func­tions, like the menu UI, ig­nore that com­mand and still work as ex­pected.

Another as­pect of paus­ing a game that I had­n’t con­sid­ered was that there are dif­fer­ent kinds of pauses. For ex­am­ple, hit­ting start might pause a game and bring up the pause menu. But what if you dis­con­nect a con­troller? What if you open the game’s in­ven­tory? What if you hit the guide but­ton on an Xbox and pop out to the guide? These are dif­fer­ent kinds of pauses, and some games have a whole bunch of them.

“I worked on var­i­ous games at Frontier, in­clud­ing Kinectimals on the Xbox 360,” ex­plained game dev Andrew Gillett via email. “I was­n’t di­rectly in­volved with this part of the game, but I re­call there were some­thing like seven dif­fer­ent lev­els of ‘pause.’ For ex­am­ple, the game should pause if the Kinect cam­era is dis­con­nected, and this is a dif­fer­ent kind of pause than when the user has brought up the Xbox sys­tem menu.”

Dreamless on BlueSky ex­plained that these dif­fer­ent kinds of pauses could some­times cause headaches for devs.

“I re­mem­ber in the Xbox/PS2 era we’d do a pause for nor­mal game­play,” said Dreamless. “With ex­cep­tions like can’t pause dur­ing QTEs & etc. Then, when it was time to ship, we’d read the [Technical Requirements Checklists] and have to go back and add a spe­cial pause for when you un­plug the con­troller. The two pauses would con­flict and cause bugs.”

Perhaps my fa­vorite pause method in­volves devs freez­ing time and then tak­ing a screen­shot of the game which the game then uses as the back­ground be­hind the pause menu UI, let­ting them get up to all sorts of nasty busi­ness be­hind that im­age, like not ren­der­ing en­e­mies or even mov­ing the player to an empty room.

“Usually, I will…take a screen­shot of the game­play at the point the game is paused and then draw that un­der what­ever pause screen menu while also no longer draw­ing the ac­tual ob­jects,” said game dev DW O’Boyle. “This is mostly just to free up some mem­ory, but it is­n’t re­ally nec­es­sary for the style of games I make.”

“In most of the Vlambeer games and Minit / Disc Room,” said de­vel­oper Jan Willem Nijman, “I take a screen­shot (with the UI dis­abled), then ei­ther jump to a com­pletely dif­fer­ent empty room or de­ac­ti­vate every­thing…with that screen­shot as the back­ground, [and] on un­pause jump back [to the game]. Sometimes there’s a 1-frame de­lay be­cause that screen­shot needs the UI dis­abled.”

When some­one replied that this trick al­ways felt “hacky” to them, Nijman said that in every game they’ve worked on, you’ll find “a healthy dose of hack­y­ness.”

My big take­away from all of these re­sponses is that, gen­er­ally speak­ing, paus­ing a game is­n’t the most com­pli­cated fea­ture to get work­ing in a pro­ject. However, you still need to be mind­ful of how you im­ple­ment it, and do proper amounts of test­ing if your game has quirks that might cause is­sues when you start paus­ing game time.

Developer Caliban Darklock told me on BlueSky that a lot of game mak­ers screw up adding a pause func­tion early on in their de­vel­op­ment ca­reer, which can lead to prob­lems, but can also be a very im­por­tant learn­ing mo­ment.

“The first time I im­ple­mented ‘pause’ in a game, I had every sin­gle game ob­ject check­ing whether the game was paused in every sin­gle frame, which de­graded per­for­mance across the whole game,” said Darklock. “Now all my ob­jects are arranged in a hi­er­ar­chy, and only one ob­ject at the top checks if the game is paused.”

“Most de­vel­op­ers do a hor­ri­ble, sloppy night­mare job the first time they im­ple­ment this, and then they know bet­ter for the rest of their lives.”

UPDATE–Vercel, a widely used cloud plat­form for de­vel­op­ing and de­ploy­ing apps, has dis­closed a breach of its in­ter­nal sys­tems, and says a “limited sub­set of cus­tomers” is af­fected.

The in­ci­dent came to light on Sunday and the com­pany says it has brought in an in­ci­dent re­sponse provider to in­ves­ti­gate the in­tru­sion. The com­pany rec­om­mends that cus­tomers check ac­tiv­ity logs for sus­pi­cious ac­tiv­ity and also ro­tate en­vi­ron­men­tal vari­ables as a pre­cau­tion. Vercek also sug­gests that cus­tomers use its sen­si­tive en­vi­ron­men­tal vari­ables fea­ture to mark things such as API keys as sen­si­tive, which then causes Vercel to store them in an un­read­able for­mat.

Vercel said the in­tru­sion was re­lated to the com­pro­mise of a third-party app.

“Our in­ves­ti­ga­tion has re­vealed that the in­ci­dent orig­i­nated from a third-party AI tool whose Google Workspace OAuth app was the sub­ject of a broader com­pro­mise, po­ten­tially af­fect­ing hun­dreds of its users across many or­ga­ni­za­tions,” the com­pany said.

Vercel did not iden­tify the app but in­cluded IOCs the iden­ti­fier for it. Given that the in­tru­sion orig­i­nated with a third-party app, there may well be other re­lated in­ci­dents emerg­ing in the com­ing hours or days.

“We’ve iden­ti­fied a se­cu­rity in­ci­dent that in­volved unau­tho­rized ac­cess to cer­tain in­ter­nal Vercel sys­tems. We are ac­tively in­ves­ti­gat­ing, and we have en­gaged in­ci­dent re­sponse ex­perts to help in­ves­ti­gate and re­me­di­ate. We have no­ti­fied law en­force­ment and will up­date this page as the in­ves­ti­ga­tion pro­gresses,” the com­pany said in a state­ment.

“At this time, we have iden­ti­fied a lim­ited sub­set of cus­tomers that were im­pacted and are en­gag­ing with them di­rectly.”

Vercel pro­vides a wide range of ser­vices for de­vel­op­ers and en­ter­prises, and has a num­ber of of­fer­ings that are fo­cused on agen­tic AI work­loads.

Vercel did not spec­ify which of its sys­tems were com­pro­mised or how many of its cus­tomers are af­fected.

This story was up­dated on April 19 to add in­for­ma­tion about the source of the in­tru­sion.

What is Antithesis?

How Antithesis works

How we’re dif­fer­ent

Problems we solve

Security ap­proach

Distributed sys­tems re­li­a­bil­ity glos­sary

Cost of out­ages white pa­per

Deterministic sim­u­la­tion test­ing primer

Property-based test­ing primer

Autonomous test­ing primer

Techniques to im­prove soft­ware test­ing

Catalog of re­li­a­bil­ity prop­er­ties for key-value data­s­tores

Catalog of re­li­a­bil­ity prop­er­ties for blockchains

Test ACID-compliance with a Ring test

What are skiplists good for?

A while back, I joined Phil Eaton’s book club on The Art of Multiprocessor Programming, and the topic of skiplists came up.

For most of my ca­reer, skiplists had al­ways seemed like a niche data struc­ture, with a ra­bid cult fol­low­ing but not a whole ton of ap­plic­a­bil­ity to my life. Then six or so years ago, we en­coun­tered a prob­lem at Antithesis that seemed in­tractable un­til it turned out that a gen­er­al­iza­tion of skiplists was ex­actly what we needed.

Before I tell you about that, though, let me ex­plain what skiplists are (feel free to skip ahead if you al­ready know them well).

A skiplist is a ran­dom­ized data struc­ture that’s ba­si­cally a drop-in re­place­ment for a bi­nary search tree with the same in­ter­face and the same as­ymp­totic com­plex­ity on each of its op­er­a­tions. Some peo­ple like them be­cause you can pro­duce rel­a­tively sim­ple and un­der­stand­able lock-free con­cur­rent im­ple­men­ta­tions, and oth­ers like them as a mat­ter of taste, or be­cause they en­joy lis­ten­ing to bands that you’ve to­tally never heard of.

In im­ple­men­ta­tion terms, you can think of them roughly as linked lists plus “express lanes”:

You start with a ba­sic linked list, and then add a hi­er­ar­chy of linked lists with pro­gres­sively fewer nodes in them. In the ex­am­ple above, the nodes in the higher-level lists are cho­sen prob­a­bilis­ti­cally, with each node hav­ing a 50% chance of be­ing pro­moted to the next level.1

This helps with search, be­cause you can use the higher-level lists to skip more quickly to the node you want:

For (much) more on skiplists, see The Ubiquitous Skiplist.

Here we’ve found the node with an ID of 38 by start­ing at the top level and work­ing down­wards. At each level we ad­vance un­til the next node would have an ID that’s too high, then jump down a level.

In a reg­u­lar linked list of n nodes, find­ing a node would take O(n) time, be­cause you’re walk­ing through the nodes one by one. Skiplists let you jump lev­els, with each level halv­ing the num­ber of nodes you need to check, so you end up find­ing the node in O(log n) time.

This is all very nice, but af­ter read­ing about this data struc­ture I lit­er­ally never thought about it again, un­til one day we en­coun­tered the fol­low­ing prob­lem at Antithesis…

Antithesis runs cus­tomers’ soft­ware many times to look for bugs. Each time, our fuzzer in­jects dif­fer­ent faults and tells your test­ing code to make dif­fer­ent ran­dom de­ci­sions. Over many runs, these choices cre­ate a branch­ing tree of time­lines: each path from root to leaf rep­re­sents one se­quence of choices the fuzzer made and what hap­pened as a re­sult.

There were a lot of queries that we wanted to do which ba­si­cally amounted to fold op­er­a­tions up or down this tree. For ex­am­ple, given a par­tic­u­lar log mes­sage, what’s the unique his­tory of events that led to it? (Walk up the par­ent point­ers from that node to the root.)

The trou­ble was that the amount of data out­put by the soft­ware we were test­ing was so huge, we had to throw it all into an an­a­lytic data­base, and at the time we were us­ing Google BigQuery. Analytic data­bases are op­ti­mized for scan­ning mas­sive amounts of data in par­al­lel to com­pute ag­gre­gate re­sults. The trade­off is that they’re slow at point lookups, where you fetch a spe­cific row by its ID.

This mat­ters, be­cause the nat­ural way to rep­re­sent a tree in a data­base is with par­ent point­ers — each node is a row in the table, with a par­en­t_id col­umn point­ing to its par­ent. To an­swer a ques­tion like “show me the his­tory lead­ing to this log mes­sage”, you’d need to walk up the tree one node at a time: look up the node, get its par­ent ID, look up the par­ent node, and so on. Each step is a point lookup. In an OLTP data­base de­signed for point lookups, that’s fine.2 But in BigQuery, ba­si­cally every op­er­a­tion re­sults in a full table scan, which means even the most ba­sic queries would end up do­ing O(depth) reads over your en­tire data set. Yikes!

I mean, not ac­tu­ally, but it’s less bad..

One al­ter­na­tive would have been to split the data: store just the tree struc­ture (the par­ent point­ers) in a data­base that’s good at point lookups, and keep the bulk data in BigQuery. But this ap­proach would have cre­ated other prob­lems. Every in­sert would need to write to both sys­tems, and since we want to an­a­lyze the data on­line (while new writes are stream­ing in) keep­ing the two data­bases con­sis­tent would re­quire some­thing like two-phase com­mit (2PC). I pre­fer not to in­vent new 2PC prob­lems where I don’t need them. And any­way, at the time BigQuery had very loose con­sis­tency se­man­tics, so it’s not even clear that keep­ing the two sys­tems in sync would have been pos­si­ble.

Skiplists to the res­cue! Or rather, a weird thing we in­vented called a “skiptree”…

Well, it’s like a skiplist, but it’s a tree.

More help­fully, here’s an ex­am­ple:

You have a level-0 tree, and then a hi­er­ar­chy of trees above it. Each tree has roughly 50% of the nodes of the level be­low (the re­moved nodes are shown with grey dot­ted lines on the di­a­gram).

If you pick any path from the root to a leaf, the nodes along that path — to­gether with their ap­pear­ances in the higher-level trees — form a skiplist. So a skip­tree is re­ally just a bunch of skiplists shar­ing struc­ture, one for every root-to-leaf path in the tree.

To store the skip­tree, you cre­ate a SQL table for each level: tree0, tree1, and so on. Each table has a row for every node in that tree. Instead of hav­ing a sin­gle par­en­t_id col­umn, it has a col­umn for the clos­est an­ces­tor node in the tree above (we’ll call that nex­t_lev­el_an­ces­tor) and an­other col­umn (call it an­ces­tors_­be­tween) with a list of all nodes be­tween the cur­rent node and the next-level an­ces­tor.

For the di­a­gram above, tree0 would look like this:

As an ex­am­ple, take the row for node H. Node H’s par­ent is D, which is not in tree1. D’s par­ent B is also not in tree1, but B’s par­ent A is, so nex­t_lev­el_an­ces­tor is A. Then an­ces­tors_­be­tween stores B and D.

The higher-level ta­bles work the same way:

You can use these ta­bles to find the an­ces­tors of a node by chain­ing to­gether JOINs, work­ing your way up the ta­bles.

For ex­am­ple, to find all an­ces­tors of node I, start at table0. The nex­t_lev­el_an­ces­tor col­umn tells you to JOIN on node C in table1, col­lect­ing node G from the an­ces­tors_­be­tween col­umn on the way. Then in table1 you find that the nex­t_lev­el_an­ces­tor is node A, with no other nodes to col­lect on the way. Node A is the root of the tree so you’re now done: the to­tal list of an­ces­tors is [G, C, A]. In a deeper tree you’d keep go­ing by look­ing in tree2, tree3 and so on.

Hey! Now we can find an­ces­tors with a sin­gle non-re­cur­sive SQL query with a fixed num­ber of JOINs. We just had to do… 40 or so JOINs.3

Best of all, at the time BigQuery’s pric­ing charged you for the amount of data scanned, rather than for com­pute, and the geo­met­ric dis­tri­b­u­tion of table sizes meant that each of these queries only cost twice a nor­mal table scan.4

The num­ber of skip lev­els was pre­cisely cho­sen to gen­er­ate a num­ber of joins just un­der the BigQuery plan­ner’s hard-coded limit.

Of course, there were dis­ad­van­tages, like the SQL it­self. The tex­tual size of these queries was of­ten mea­sured in the kilo­bytes. But what do I look like, a cave­man? We did­n’t write the SQL. We wrote a com­piler in JavaScript that gen­er­ated it. And that is how most test prop­er­ties in Antithesis were eval­u­ated for the first six years of the com­pany, un­til we fi­nally wrote our own an­a­lytic data­base that could do ef­fi­cient tree-shaped queries.5

I’m sure it cost Google a whole lot more.

Later I dis­cov­ered that a skip­tree is closely re­lated to a real data struc­ture called a skip graph, a dis­trib­uted data struc­ture based on skiplists. Which just goes to show that there is noth­ing new un­der the sun. Whatever crazy idea you have, there’s a good chance some other crazy per­son has al­ready done it. Moral of the story: you never know when an ex­otic data struc­ture will save you a lot of time and money.

Migrating from BigQuery to Pangolin (our in-house tree data­base) was what en­abled us to launch our new pre-ob­serv­abil­ity fea­ture last year.

Also, while Andy Pavlo is cor­rect that a well-writ­ten tree will al­ways trounce a skiplist, the great thing about skiplists is that a to­tally naive im­ple­men­ta­tion has ad­e­quate per­for­mance. That comes in handy when you’re writ­ing them in, say, SQL.

Thank you to Phil Eaton for sug­gest­ing that we write this up.

You made it to the end! Grab some stick­ers

Place them any­where and watch the com­pli­ments com­pile.

Get free stick­ers

You made it to the end! Grab some stick­ers

Place them any­where and watch the com­pli­ments com­pile.

Get free stick­ers

You made it to the end!

Get free stick­ers

You made it to the end! Grab some stick­ers

Place them any­where and watch the com­pli­ments com­pile.

Get free stick­ers

Police lured the man to a meet­ing and ar­rested him af­ter ac­cess­ing a pri­vate WhatsApp group with col­leagues

Police lured the man to a meet­ing and ar­rested him af­ter ac­cess­ing a pri­vate WhatsApp group with col­leagues

Police ac­cessed the closed WhatsApp group chat, saved the ev­i­dence and told the man to come to a meet­ing be­fore ar­rest­ing him. The of­fend­ing im­age showed smoke ris­ing above a build­ing af­ter the March 2026 strikes and had only been shared in the pri­vate group chat. He re­mains in de­ten­tion on charges in­clud­ing pub­lish­ing in­for­ma­tion deemed harm­ful to state in­ter­ests, the max­i­mum sen­tence of which is two years. Read more: Dubai ’arrests sur­vivors of Iranian drone strike af­ter they sent im­ages of ex­plo­sion af­ter­math to loved ones’Read more: British hol­i­day­maker, 60, ar­rested in Dubai for ‘filming mis­siles’

Radha Stirling, chief ex­ec­u­tive of London-based ad­vo­cacy group Detained in Dubai, said Dubai po­lice had “explicitly con­firmed they are con­duct­ing elec­tronic sur­veil­lance op­er­a­tions ca­pa­ble of de­tect­ing pri­vate WhatsApp mes­sages.“She said peo­ple were be­ing tracked, iden­ti­fied, and ar­rested not for pub­lic state­ments, but for pri­vate ex­changes be­tween col­leagues.“’Com­pa­nies like WhatsApp must an­swer ur­gent ques­tions about user pri­vacy.” she added.

Ms Stirling con­tin­ued: “If pri­vate com­mu­ni­ca­tions can be de­tected and used as the ba­sis for ar­rest by over­reach­ing or hy­per­sen­si­tive states, users world­wide need clar­ity on how their data is be­ing ac­cessed.” The po­lice re­port said au­thor­i­ties learned of the ma­te­ri­al’s ex­is­tence “’through elec­tronic mon­i­tor­ing op­er­a­tions”.A spe­cial team from the Electronic and Cybercrime Department was told to find the ac­count holder who shared the video. The air­line worker was tracked down, lured to a meet­ing and ar­rested by po­lice.The case was then es­ca­lated to State Security Prosecution. He re­mains in de­ten­tion.

The UAE gov­ern­ment owns ma­jor­ity hold­ings in tele­com com­pa­nies Etisalat and Du. This gives se­cu­rity ser­vices the power to ob­serve all com­mu­ni­ca­tions on their net­works. The Arab state has also used the Israeli-developed soft­ware Pegasus which al­lows agents to lis­ten into pri­vate calls and read mes­sages, even if they are shared on en­crypted apps like WhatsApp,.The spy­ware can in­fect a de­vice even with­out the user ac­ti­vat­ing a link - such as via a WhatsApp call, even if it is­n’t an­swered.Once in­side, it can ac­cess all WhatsApp mes­sages, lo­gos and con­tacts.Ms Stirling said other tourists, air­line crew and res­i­dents have re­ported be­ing de­tained for send­ing, re­ceiv­ing or keep­ing con­tent even when they did not share it.

Subscribe

Changes in the sys­tem prompt be­tween Claude Opus 4.6 and 4.7

Anthropic are the only ma­jor AI lab to pub­lish the sys­tem prompts for their user-fac­ing chat sys­tems. Their sys­tem prompt archive now dates all the way back to Claude 3 in July 2024 and it’s al­ways in­ter­est­ing to see how the sys­tem prompt evolves as they pub­lish new mod­els.

Opus 4.7 shipped the other day (April 16, 2026) with a Claude.ai sys­tem prompt up­date since Opus 4.6 (February 5, 2026).

I had Claude Code take the Markdown ver­sion of their sys­tem prompts, break that up into sep­a­rate doc­u­ments for each of the mod­els and then con­struct a Git his­tory of those files over time with fake com­mit dates rep­re­sent­ing the pub­li­ca­tion dates of each up­dated prompt—here’s the prompt I used with Claude Code for the web.

Here is the git diff be­tween Opus 4.6 and 4.7. These are my own high­lights ex­tracted from that diff—in all cases text in bold is my em­pha­sis:

The “developer plat­form” is now called the “Claude Platform”.

The list of Claude tools men­tioned in the sys­tem prompt now in­cludes “Claude in Chrome—a brows­ing agent that can in­ter­act with web­sites au­tonomously, Claude in Excel—a spread­sheet agent, and Claude in Powerpoint—a slides agent. Claude Cowork can use all of these as tools.“—Claude in Powerpoint was not men­tioned in the 4.6 prompt.

The child safety sec­tion has been greatly ex­panded, and is now wrapped in a new tag. Of par­tic­u­lar note: “Once Claude re­fuses a re­quest for rea­sons of child safety, all sub­se­quent re­quests in the same con­ver­sa­tion must be ap­proached with ex­treme cau­tion.”

It looks like they’re try­ing to make Claude less pushy: “If a user in­di­cates they are ready to end the con­ver­sa­tion, Claude does not re­quest that the user stay in the in­ter­ac­tion or try to elicit an­other turn and in­stead re­spects the user’s re­quest to stop.”

The new sec­tion in­cludes:

When a re­quest leaves mi­nor de­tails un­spec­i­fied, the per­son typ­i­cally wants Claude to make a rea­son­able at­tempt now, not to be in­ter­viewed first. Claude only asks up­front when the re­quest is gen­uinely unan­swer­able with­out the miss­ing in­for­ma­tion (e.g., it ref­er­ences an at­tach­ment that is­n’t there).

When a tool is avail­able that could re­solve the am­bi­gu­ity or sup­ply the miss­ing in­for­ma­tion — search­ing, look­ing up the per­son’s lo­ca­tion, check­ing a cal­en­dar, dis­cov­er­ing avail­able ca­pa­bil­i­ties — Claude calls the tool to try and solve the am­bi­gu­ity be­fore ask­ing the per­son. Acting with tools is pre­ferred over ask­ing the per­son to do the lookup them­selves.

Once Claude starts on a task, Claude sees it through to a com­plete an­swer rather than stop­ping part­way. […]

It looks like Claude chat now has a tool search mech­a­nism, as seen in this API doc­u­men­ta­tion and de­scribed in this November 2025 post:

Before con­clud­ing Claude lacks a ca­pa­bil­ity — ac­cess to the per­son’s lo­ca­tion, mem­ory, cal­en­dar, files, past con­ver­sa­tions, or any ex­ter­nal data — Claude calls tool_search to check whether a rel­e­vant tool is avail­able but de­ferred. “I don’t have ac­cess to X” is only cor­rect af­ter tool_search con­firms no match­ing tool ex­ists.

There’s new lan­guage to en­cour­age Claude to be less ver­bose:

Claude keeps its re­sponses fo­cused and con­cise so as to avoid po­ten­tially over­whelm­ing the user with overly-long re­sponses. Even if an an­swer has dis­claimers or caveats, Claude dis­closes them briefly and keeps the ma­jor­ity of its re­sponse fo­cused on its main an­swer.

This sec­tion was pre­sent in the 4.6 prompt but has been re­moved for 4.7, pre­sum­ably be­cause the new model no longer mis­be­haves in the same way:

Claude avoids the use of emotes or ac­tions in­side as­ter­isks un­less the per­son specif­i­cally asks for this style of com­mu­ni­ca­tion.

There’s a new sec­tion about “disordered eat­ing”, which was not pre­vi­ously men­tioned by name:

If a user shows signs of dis­or­dered eat­ing, Claude should not give pre­cise nu­tri­tion, diet, or ex­er­cise guid­ance — no spe­cific num­bers, tar­gets, or step-by-step plans—any­where else in the con­ver­sa­tion. Even if it’s in­tended to help set health­ier goals or high­light the po­ten­tial dan­gers of dis­or­dered eat­ing, re­sponses with these de­tails could trig­ger or en­cour­age dis­or­dered ten­den­cies.

A pop­u­lar screen­shot at­tack against AI mod­els is to force them to say yes or no to a con­tro­ver­sial ques­tion. Claude’s sys­tem prompt now guards against that (in the sec­tion):

If peo­ple ask Claude to give a sim­ple yes or no an­swer (or any other short or sin­gle word re­sponse) in re­sponse to com­plex or con­tested is­sues or as com­men­tary on con­tested fig­ures, Claude can de­cline to of­fer the short re­sponse and in­stead give a nu­anced an­swer and ex­plain why a short re­sponse would­n’t be ap­pro­pri­ate.

Claude 4.6 had a sec­tion specif­i­cally clar­i­fy­ing that “Donald Trump is the cur­rent pres­i­dent of the United States and was in­au­gu­rated on January 20, 2025”, be­cause with­out that the mod­el’s knowl­edge cut-off date com­bined with its pre­vi­ous knowl­edge that Trump falsely claimed to win the 2020 elec­tion meant it would deny he was the pres­i­dent. That lan­guage is gone for 4.7, re­flect­ing the mod­el’s new re­li­able knowl­edge cut-off date of January 2026.

And the tool de­scrip­tions too

The sys­tem prompts pub­lished by Anthropic are sadly not the en­tire story—their pub­lished in­for­ma­tion does­n’t in­clude the tool de­scrip­tions that are pro­vided to the model, which is ar­guably an even more im­por­tant piece of doc­u­men­ta­tion if you want to take full ad­van­tage of what the Claude chat UI can do for you.

Thanfully you can ask Claude di­rectly—I used the prompt:

List all tools you have avail­able to you with an ex­act copy of the tool de­scrip­tion and pa­ra­me­ters

My shared tran­script has full de­tails, but the list of named tools is as fol­lows:

I don’t be­lieve this list has changed since Opus 4.6.

Join us at PyCon US 2026 in Long Beach - we have new AI and se­cu­rity tracks this year - 17th April 2026

Qwen3.6-35B-A3B on my lap­top drew me a bet­ter pel­i­can than Claude Opus 4.7 - 16th April 2026

This is Changes in the sys­tem prompt be­tween Claude Opus 4.6 and 4.7 by Simon Willison, posted on 18th April 2026.

ai

prompt-en­gi­neer­ing

gen­er­a­tive-ai

llms

an­thropic

claude

ai-ethics

sys­tem-prompts

Previous: Join us at PyCon US 2026 in Long Beach - we have new AI and se­cu­rity tracks this year

Sponsor me for $10/month and get a cu­rated email di­gest of the mon­th’s most im­por­tant LLM de­vel­op­ments.

Pay me to send you less!

Sponsor & sub­scribe

is the Verge’s week­end ed­i­tor. He has over 18 years of ex­pe­ri­ence, in­clud­ing 10 years as man­ag­ing ed­i­tor at Engadget.

Posts from this au­thor will be added to your daily email di­gest and your home­page feed.

is the Verge’s week­end ed­i­tor. He has over 18 years of ex­pe­ri­ence, in­clud­ing 10 years as man­ag­ing ed­i­tor at Engadget.

Posts from this au­thor will be added to your daily email di­gest and your home­page feed.

According to Nikkei Asia, even as sup­pli­ers ramp up DRAM pro­duc­tion, man­u­fac­tur­ers are only ex­pected to meet 60 per­cent of de­mand by the end of 2027. SK Group chair­man has even said that short­ages could last un­til 2030.

The world’s largest mem­ory mak­ers — Samsung, SK Hynix, and Micron — are all work­ing to add new fab­ri­ca­tion ca­pac­ity, but al­most none of it will be on­line un­til at least 2027, if not 2028. SK opened a fab in Cheongju in February, but that is the only in­crease in pro­duc­tion among the three for 2026.

Nikkei says that pro­duc­tion would need to in­crease by 12 per­cent a year in 2026 and 2027 to meet de­mand. But ac­cord­ing to Counterpoint Research, an in­crease of only 7.5 per­cent is planned.

The new fa­cil­i­ties will pri­mar­ily fo­cus on pro­duc­ing high-band­width mem­ory (HBM), which is used in AI data cen­ters. With the com­pa­nies al­ready pri­or­i­tiz­ing HBM over gen­eral-pur­pose DRAM used in com­put­ers and phones, it’s not clear how much these new fabs will help al­le­vi­ate the price crunch fac­ing con­sumer elec­tron­ics. Everything from phones and lap­tops, to VR head­sets and gam­ing hand­helds have seen price in­creases due to the RAM short­age.

Follow top­ics and au­thors from this story to see more like this in your per­son­al­ized home­page feed and to re­ceive email up­dates.

The Swiss voice in the world since 1935

How Switzerland got caught in the Magnitsky case — again

Read more: How Switzerland got caught in the Magnitsky case — again

Read more: Millions of dol­lars linked to Magnitsky fraud case leave Switzerland

Read more: City of London urges Swiss air­ports to give UK trav­ellers e-gate ac­cess

Read more: Afghanistan’s Taliban tap Swiss, other trav­ellers for fly­over fees

Read more: Our newslet­ter on geopol­i­tics

How Switzerland got caught in the Magnitsky case — again

Read more: How Switzerland got caught in the Magnitsky case — again

When is a democ­racy no longer a democ­racy?

Read more: When is a democ­racy no longer a democ­racy?

Why Merantix founder Adrian Locher chose Berlin over Zurich for his AI start-up

Read more: Why Merantix founder Adrian Locher chose Berlin over Zurich for his AI start-up

How are you deal­ing with the ris­ing cost of fos­sil fu­els?

Read more: How are you deal­ing with the ris­ing cost of fos­sil fu­els?

The Swiss Connection Podcast: Hear Swiss sci­ence sto­ries for the world

Read more: The Swiss Connection Podcast: Hear Swiss sci­ence sto­ries for the world

A queer film­maker in Switzerland cap­tures the di­vide on her visit home to China

Read more: A queer film­maker in Switzerland cap­tures the di­vide on her visit home to China

The right to pri­vacy, ex­cept dur­ing wartime

Read more: The right to pri­vacy, ex­cept dur­ing wartime

At what point does some­one be­long in Switzerland?

Read more: At what point does some­one be­long in Switzerland?

Justice in sight for the Swiss con­victed for help­ing the Resistance

Read more: Justice in sight for the Swiss con­victed for help­ing the Resistance

To what ex­tent do you think as­sisted sui­cide should be a legally avail­able op­tion to those who want to end their lives?

Read more: To what ex­tent do you think as­sisted sui­cide should be a legally avail­able op­tion to those who want to end their lives?

From e-cig­a­rettes to lab de­vices: sur­pris­ing facts about Swiss patents

Read more: From e-cig­a­rettes to lab de­vices: sur­pris­ing facts about Swiss patents

Cured but unin­sur­able: the hid­den fi­nan­cial bur­den of sur­viv­ing can­cer in Switzerland

Read more: Cured but unin­sur­able: the hid­den fi­nan­cial bur­den of sur­viv­ing can­cer in Switzerland

How the war in Iran is af­fect­ing the Swiss food in­dus­try

Read more: How the war in Iran is af­fect­ing the Swiss food in­dus­try

Read more: A brain scan be­fore a pre­scrip­tion? Geneva’s bet on pre­ci­sion psy­chi­a­try

Reality hits: hard truths come to light in the fi­nal episode of ‘Lost Cells’

Read more: Reality hits: hard truths come to light in the fi­nal episode of ‘Lost Cells’

Where cows com­pete to be­come queens

Read more: Where cows com­pete to be­come queens

Why Merantix founder Adrian Locher chose Berlin over Zurich for his AI start-up

Read more: Why Merantix founder Adrian Locher chose Berlin over Zurich for his AI start-up

The SWIplus app: your con­nec­tion to Switzerland

Read more: The SWIplus app: your con­nec­tion to Switzerland

Swiss au­thor­i­ties want to re­duce de­pen­dency on Microsoft

Copyright 2024 The Associated Press. All Rights Reserved

The Swiss gov­ern­ment is aim­ing to grad­u­ally shift away from a de­pen­dency on Microsoft prod­ucts, ac­cord­ing to the NZZ am Sonntag news­pa­per.

+Get the most im­por­tant news from Switzerland in your in­box

A spokesman for the Federal Chancellery told the news­pa­per that the fed­eral ad­min­is­tra­tion “aims to re­duce its de­pen­dency on Microsoft, step by step and in the long term”.

This comes as a sur­prise, as Microsoft 365 was re­cently in­stalled on some 54,000 ad­min­is­tra­tion work­sta­tions — de­spite con­cerns about data se­cu­rity. Calls for al­ter­na­tives pre­vi­ously met with in­ter­nal re­sis­tance and charges of “tinkering”, the NZZ am Sonntag writes.

‘Switzerland must not give in to the Big Tech nar­ra­tive’

This con­tent was pub­lished on

Switzerland can be more in­de­pen­dent from tech gi­ants like Microsoft when it comes to ar­ti­fi­cial in­tel­li­gence, says a lead­ing dig­i­tal sov­er­eignty ex­pert.

Read more: ‘Switzerland must not give in to the Big Tech nar­ra­tive’

However, for­mer army chief Thomas Süssli called for al­ter­na­tive so­lu­tions to be ex­am­ined more quickly. A fea­si­bil­ity study now shows that re­place­ment with open-source soft­ware is pos­si­ble. Germany serves as a ref­er­ence: there, work is un­der­way on an in­de­pen­dent open-source so­lu­tion in which Bern is also in­ter­ested.

The German state of Schleswig-Holstein has al­ready switched over its ad­min­is­tra­tion. Open-source soft­ware can be used freely, while it can also be fur­ther de­vel­oped in­de­pen­dently of cor­po­ra­tions.

Swiss au­thor­i­ties have spent a tidy amount on Microsoft soft­ware in re­cent years: an in­ves­ti­ga­tion by SRFExternal link last year showed that the fed­eral gov­ern­ment and can­tons spent over CHF1.1 bil­lion ($1.4 bil­lion) on li­cences with the tech gi­ant over the past ten years.

The Trump ad­min­is­tra­tion and its ap­proach to the rule of law are in­creas­ing con­cerns among users of US tech­nol­ogy. This is be­cause US law — thanks to the 2018 Cloud Act — al­lows the gov­ern­ment to ac­cess all data stored by US tech cor­po­ra­tions.

This means that if data is stored on servers or clouds of US firms such as Microsoft, Apple or Adobe — no mat­ter where in the world — US au­thor­i­ties may re­quest this data from the US cor­po­ra­tions. This could even be the case if the servers are in Switzerland. Users gen­er­ally have no idea which au­thor­ity is ac­cess­ing the data nor what is be­ing done with it.

We se­lect the most rel­e­vant news for an in­ter­na­tional au­di­ence and use au­to­matic trans­la­tion tools to trans­late them into English. A jour­nal­ist then re­views the trans­la­tion for clar­ity and ac­cu­racy be­fore pub­li­ca­tion.

Providing you with au­to­mat­i­cally trans­lated news gives us the time to write more in-depth ar­ti­cles. The news sto­ries we se­lect have been writ­ten and care­fully fact-checked by an ex­ter­nal ed­i­to­r­ial team from news agen­cies such as Bloomberg or Keystone.

If you have any ques­tions about how we work, write to us at eng­lish@swiss­info.ch

In com­pli­ance with the JTI stan­dards

More:

SWI swiss­info.ch cer­ti­fied by the Journalism Trust Initiative

Posts from this au­thor will be added to your daily email di­gest and your home­page feed.

Posts from this au­thor will be added to your daily email di­gest and your home­page feed.

All em­pires even­tu­ally fall, and it seems the cre­ative soft­ware in­dus­try has col­lec­tively de­cided that Adobe’s time has come. The Creative Cloud provider’s suite of de­sign tools have been con­sid­ered the in­dus­try stan­dard for decades — de­spite un­pop­u­lar de­ci­sions to fully em­brace gen­er­a­tive AI and aban­don soft­ware li­censes in fa­vor of ex­pen­sive, com­pli­cated sub­scrip­tions.

Pricing in par­tic­u­lar has given com­peti­tors an open­ing to at­tack. Some of the best al­ter­na­tives aren’t just un­der­cut­ting Adobe’s price — they’re avail­able for free. People love free.

One ex­am­ple that was an­nounced this week is Autograph, mo­tion de­sign soft­ware akin to Adobe After Effects. Autograph was ac­quired by Cinema 4D maker Maxon last year, and has now been re­launched with free ac­cess for in­di­vid­ual users. It ini­tially cost $1,795 for a per­ma­nent li­cense (or $59 per month on sub­scrip­tion) when it launched in 2023, which was a hard sell com­pared to the $34.49 per month stand­alone After Effects sub­scrip­tion that Adobe de­manded, and con­tin­ues to charge to­day. And while Autograph is­n’t di­rectly com­pa­ra­ble, it pro­vides a sim­i­lar suite of an­i­ma­tion and VFX tools and does­n’t charge a dime.

Perhaps co­in­ci­dently, Canva also dropped its own bomb on Adobe’s After Effects this week. Canva has made the full ver­sion of Cavalry avail­able for free in­stead of lock­ing the mo­tion graph­ics soft­ware be­hind its own user sub­scrip­tions, af­ter the de­sign plat­form ac­quired it back in February. If that sounds fa­mil­iar, it’s be­cause Canva did a sim­i­lar thing last year with Affinity — a trio of apps it ac­quired that pro­vide sim­i­lar fea­tures to Adobe’s Illustrator, Photoshop, and InDesign soft­ware. While Affinity Designer 2, Affinity Photo 2, and Affinity Publisher 2 were each a one-off $69.99 pay­ment be­fore (or $169.99 for all three), they’ve since been com­bined into a sin­gle, en­tirely free app.

Other Adobe apps also took a hit this week thanks to the lat­est DaVinci Resolve 21 up­date. The free mul­ti­pur­pose post-pro­duc­tion soft­ware — which is al­ready con­sid­ered a ri­val to Premiere Pro — now in­cludes photo edit­ing fea­tures like color-cor­rec­tion, mask­ing tools, and im­port sup­port for Apple Photos and Lightroom Catalog files. The up­date also adds sup­port for Affinity’s .af file for­mat, mak­ing it eas­ier to use an­other free app along­side DaVinci Resolve.

Even when the Adobe al­ter­na­tives aren’t free, they’re be­com­ing more at­trac­tively priced. Apple launched its Creator Studio suite in January, which in­cludes ac­cess to a whole host of edit­ing apps, in­clud­ing Final Cut Pro, Logic Pro, Pixelmator Pro, Motion, Compressor, and MainStage. The $12.99 monthly Creator Studio fee is more af­ford­able than Adobe’s $69.99 monthly Creative Cloud Pro sub­scrip­tion by com­par­i­son, and Apple is­n’t forc­ing users into a sub­scrip­tion plan. You can still buy one-time li­censes for in­di­vid­ual apps on Apple’s App Store. Take that Adobe.

When we cov­ered that an­nounce­ment, sev­eral themes ap­peared in our com­ment sec­tion. One was the col­lec­tive shock at how low Apple’s pric­ing was com­pared to Adobe’s de­spite be­ing, well, Apple. The other was that all the Creator Suite needed was a suit­able Lightroom al­ter­na­tive to seal the deal. Apple may yet find a way to make it hap­pen, but DaVinci has filled that gap in the mean­time.

When you pair these re­cent an­nounce­ments with cre­ative soft­ware that was al­ready free, or at least sub­scrip­tion free, then you have an in­dus­try move­ment that should give Adobe some­thing to worry about.

Freedom from Adobe’s app ecosys­tem is ac­tu­ally start­ing to look plau­si­ble. And mak­ing that free­dom in­creas­ingly free is the ic­ing on the cake.