Claude Opus 4.8, OpenRouter's $113M Round & SQLite's Anti-AI Stance — The Weekly Diff #2

Claude Opus 4.8

Anthropic shipped Opus 4.8 this week, and while the version bump is incremental, the changes aren't. Opus 4.8 (claude-opus-4-8) flags uncertainties more readily, asks questions before making changes, and catches its own mistakes, which is kind of the behavior that separates a useful coding assistant from a confident sounding autocomplete.

The pricing stays the same as 4.7, $5 per million input tokens and $25 per million output tokens, and "Fast" mode is now 3x cheaper than previous models at $10/$50.

What's new is Dynamic Workflows, and is available in Claude Code on Enterprise, Team, and Max plans. It lets Claude spin up hundreds of parallel subagents for large scale tasks like codebase migrations across hundreds of thousands of lines. If you've been doing multi file refactors one file at a time, this is the feature that changes that workflow.

Other notable additions include an effort control slider on claude.ai that lets you trade depth for speed, and a Messages API enhancement that lets you insert system instructions mid-conversation without breaking prompt cache. Latter one matters more than it sounds, it means you can update agent instructions on the fly without paying for a full context re-read.

Anthropic also teased Claude Mythos Preview, a higher-intelligence class model coming to all customers within weeks. Between this and the Weekly Diff #1 coverage of Microsoft killing Claude Code licenses, the AI tooling landscape is moving fast.

OpenRouter Raises $113M Series B

OpenRouter, the model routing API that sits between your app and dozens of AI providers, just raised $113 million led by CapitalG (Alphabet's independent growth fund). The investor list reads like an AI infrastructure roll call and includes NVentures (NVIDIA), ServiceNow Ventures, MongoDB Ventures, Snowflake Ventures, Databricks Ventures, with existing backers Andreessen Horowitz and Menlo Ventures participating.

OpenRouter's weekly token volume jumped from 5 trillion to 25 trillion tokens in six months and they're serving 8 million+ developers across 400+ models. That's huge. The platform handles routing, reliability, cost optimization, failover, and compliance, essentially the trivial but crucial infrastructure layer that production AI needs.

If you've read my DeepSeek guide, you already know OpenRouter. I used it as the recommended way to access DeepSeek-R1 without dealing with API key management across multiple providers. This raise validates that the "model marketplace" layer is becoming essential infrastructure, not just a convenience.

The bet here is that the future of AI isn't one model from one provider, rather it's intelligent routing across many models, picking the right one for each request based on cost, latency, and capability. If that is right, OpenRouter is positioning itself as the Cloudflare of AI inference, the layer everyone routes through without thinking about it, but will see.

SQLite Does Not Accept Agentic Code

Simon Willison covered SQLite's quiet decision to explicitly reject AI generated code contributions. It's more of a hard "no" than "we're cautious about it" or "we'll review it more carefully".

SQLite's AGENTS.md file spells it out. They'll accept agentic bug reports with reproducible test cases, and they'll look at demonstration patches for documentation purposes, but they will not merge AI generated pull requests. The project recently removed qualifying language like "currently" from their policy, making it clear this isn't a temporary stance.

The reason being SQLite's forum was getting flooded with low quality AI generated bug reports, enough that D. Richard Hipp created a separate bug forum just to manage the volume. It sounds like a quality control decision from a project that ships in literally billions of devices and cannot afford regressions.

The code an LLM generates might look correct, pass tests, and even work in production, but it carries different quality characteristics than human written code. SQLite's position is that those differences matter enough to draw a line. Whether you agree or not, every project maintaining critical infrastructure is going to have to take a position on this eventually.

Open Source Project Weaponized for Mass Phishing

Andrej Acevski woke up to a Resend quota alert and discovered that his open source project management tool, Kaneo, had been used to send 14,520 phishing emails to roughly 14,000 people.

The attack was clever precisely because it didn't exploit a vulnerability. The attacker used the tool exactly as designed. Attacker created 949 fake accounts using disposable email providers in a three hour window, crafted workspace names that mimicked phishing subject lines (fake banking and crypto offers), then used the workspace invitation feature to blast emails. Because the emails came from Kaneo's verified Resend domain with proper DKIM signatures, they sailed right past spam filters.

"They used my tool exactly as designed. The design was just bad enough that the tool was good for phishing." - Andrej Acevski

The cleanup was straightforward. It involved revoking API keys, deleting bot accounts, and purging 14,520 invitations in a single database transaction. The fixes were standard too, and required captcha, rate limiting, disposable email blocking, workspace-name filters, and restricting guest accounts from sending invitations.

Self-hosted and cloud versions of the same software have fundamentally different security profiles. When you self-host, the operator controls the blast radius, but when you run a multi-tenant SaaS, you inherit responsibility for every action any user takes that touches external systems. If your open source project has a cloud offering with email sending capabilities, abuse isn't a matter of if but when.