InfoQ Homepage Python Content on InfoQ
-
PyPI Supply Chain Attack Compromises LiteLLM, Enabling the Exfiltration of Sensitive Information
Discovered by FutureSearch researcher Callum McMahon, a supply chain attack against LiteLLM on PyPI resulted in over 40 thousand downloads of a compromised version that installed a malicious payload capable of harvesting and exfiltrating sensitive information. LiteLLM is downloaded roughly 3 million times per day.
-
Discord Open Sources Osprey Safety Rules Engine Processing 2.3 Million Rules per Second
Discord open-sourced Osprey, a safety rules engine processing 400 million daily actions and 2.3 million rules per second. Osprey uses a polyglot architecture: a Rust coordinator manages traffic, while stateless Python workers execute logic using a Python-based domain-specific language called SML. This design allows trust and safety teams to deploy real-time threat mitigations at high scale.
-
QCon London 2026: Behind Booking.com's AI Evolution: the Unpolished Story
Jabez Eliezer Manuel, senior principal engineer at Booking.com, presented “Behind Booking.com's AI Evolution: the Unpolished Story” at QCon London 2026. Manuel discussed how Booking.com has evolved over the past 20 years and the challenges they faced on their journey to incorporate AI.
-
Google Open-Sources the Common Expression Language for Python
Google has open sourced CEL-expr-python, a Python implementation of the Common Expression Language (CEL), a non-Turing complete embedded policy and expression language designed for simplicity, speed, safety, and portability.
-
Pandas 3.0 Introduces Default String Dtype and Copy-on-Write Semantics
The pandas team has released pandas 3.0.0, a major update that changes core behaviors around string handling, memory semantics, and datetime resolution, while removing a substantial amount of deprecated functionality. The release introduces several changes to core behaviors in the library’s API.
-
Daggr Introduced as an Open-Source Python Library for Inspectable AI Workflows
The Gradio team has released Daggr, a new open-source Python library designed to simplify the construction and debugging of multi-step AI workflows. Daggr allows developers to define workflows programmatically in Python while automatically generating a visual canvas that exposes intermediate states, inputs, and outputs for each step in the pipeline.
-
Google and Retail Leaders Launch Universal Commerce Protocol to Power Next‑Generation AI Shopping
Google launched the Universal Commerce Protocol (UCP), an open standard co-developed with Shopify, Target, and others, enabling AI-driven shopping agents to complete tasks end-to-end from product discovery to checkout and post-purchase management. UCP aims to standardize commerce capabilities, support multiple payment providers, and expand globally. Shaping the next generation of agentic commerce.
-
Django Releases Version 6.0 with Built-In Background Tasks and Native CSP Support
Django 6.0 has arrived, offering developers cutting-edge features like a built-in tasks framework, enhanced security with Content Security Policy, and template partials for modular design. This release supports Python 3.12 to 3.14, streamlining web app development while promoting clean, rapid design. Join the excitement as Django modernizes the landscape of web application development!
-
Facebook Survey Reveals Growing Adoption of Typed Python for Improved Code Quality and Flexibility
Conducted among over 1,200 respondents, Facebook's 2025 Typed Python Survey highlights how and why Python developers have increasingly adopted the language's type hinting system. The survey also sheds light on what developers value most, as well as their biggest frustrations and wishes.
-
Intel DeepMath Introduces a Smart Architecture to Make LLMs Better at Math
Intel has announced DeepMath, a lightweight agent built on Qwen3-Thinking that specializes in solving mathematical problems. To address common limitations of LLMs in math reasoning, DeepMath generates small Python scripts that support and enhance its problem-solving process.
-
Google’s Eight Essential Multi-Agent Design Patterns
Google recently published a guide outlining eight essential design patterns for multi-agent systems, ranging from sequential pipelines to human-in-the-loop architecture. The guide provides concrete explanations of each pattern along with sample code for Google's Agent Development Kit.
-
Python Workers Redux: Wasm Snapshots and Native uv Tooling
Cloudflare's latest advancements in Python Workers revolutionize serverless performance with near-instant cold starts, expanded package compatibility, and streamlined workflows via the uv package manager. By leveraging memory snapshots and WebAssembly, Cloudflare drastically reduces startup times, making Python a prime choice for AI and data science applications.
-
Google Metrax Brings Predefined Model Evaluation Metrics to JAX
Recently open-sourced by Google, Metrax is a JAX library providing standardized, performant metrics implementations for classification, regression, NLP, vision, and audio models.
-
Transformers v5 Introduces a More Modular and Interoperable Core
Hugging Face has released the first candidate for Transformers v5, marking a significant evolution from v4 five years ago. The library has grown from a specialized model toolkit to a critical resource in AI development, achieving over three million installations daily and more than 1.2 billion total installs.
-
AWS Transform Custom Tackles Technical Debt
AWS Transform Custom revolutionizes code modernization with AI-driven, out-of-the-box transformations for Java, Node.js, and Python. This enterprise-focused tool accelerates application upgrades by up to 5x while learning from organizational nuances to deliver high-quality, repeatable transformations.