Changelog

What's new in Bee.

Public release notes for Bee. Major model updates, platform changes, pricing, and security bulletins land here. The list below is curated from the project git history.

1. 2026-05-11Platform

   Partner Program, VC Partner Program, BEE for Startups

   Three program intakes shipped: /partners (Build / Service / Resell / Cloud lanes — integrators, resellers, MSPs, cloud platforms, app builders), /vc-partners (venture firms backing AI-native startups), and /startups (early-stage AI-native companies — credits up to $25,000, architecture review, /platform listing, compliance head-start). All three back JSON POSTs at /api/{partners,vc-partners,startups}/apply, fan-out to bee-partners@cuilabs.io with structured emails, and ship dedicated legal docs at /legal/{partner,vc-partner,startup}-program-terms. Startup credits are reviewed manually — no auto-grants — and use the existing credit_ledger when accepted.

2. 2026-05-07Model

   Production-grade Apache-2.0 bases across the seven customer tiers

   Seven customer tiers locked: Cell · Brood · Comb · Buzz · Hive · Swarm · Enclave. Each ships on a curated open-weight Apache-2.0 / MIT base under our governed release policy — specific base disclosure is contractual via the Enclave deployment manifest. Bee Ignite remains an internal R&D track, not a customer-selectable tier. Source of truth for engineers and auditors: governance documentation + per-adapter validation records published at /trust.

3. 2026-05-05Model

   Hive / Swarm / Enclave tier expansion + Vertex auto-post + Kaggle multi-slug

   Vertex training pipeline extended beyond Comb: Hive cybersec adapter smoke RUNNING on A100 SPOT (~10h ETA); Swarm cybersec dispatched on A100 80GB (~14h ETA); Enclave queued pending H100 80GB quota approval. Vertex worker now auto-posts to /api/training/runs (closes the gap that produced manual backfills), so eval-gate logic, the cutoff badge, and /admin/training see Vertex runs going forward. Kaggle dispatcher gained a multi-slug path so up to 3 kernels can run concurrently. With Vertex (~10 jobs), Kaggle (3), and Colab (2) live simultaneously, Bee now sustains roughly 15 parallel training jobs across the four-pipeline architecture. None of Hive / Swarm / Enclave is shipped — adapters are in training, not merged into routing. (Commit 1c285de.)

4. 2026-05-05Model

   Stage 0.5 — cybersec adapter pipeline + research queue

   Wired the elite cybersec adapter pipeline: Vertex Comb cybersec adapter landed at train_loss 0.314 over ~6h on L4. Tier-1 CII (Critical Information Infrastructure) wrapper and Bee Ignite research queue both online. Across today's haul: 12 Cell / Brood rotations across 9 domains via Colab (all candidate_worthy), 3 Comb domain adapters via Kaggle (cybersec, quantum, infrastructure). (Commit 9d20b3b.)

5. 2026-05-05Security

   Stage 0 — runtime safety wrapper + marketing-claim audit

   Added a runtime safety wrapper around every API call and ran a full marketing-claim audit so the public-facing copy matches what's actually live. Honest APK launch ready. (Commit 45a597e.)

6. 2026-05-04Release

   Bee inference live on Modal — first real eval baseline

   Bee Cell live on Modal serverless inference (infra/modal/bee_app.py). Cold start ~45s, warm ~1s. Bee Security Eval Harness produced our first auditable baseline: 12.5 / 100 — base, no adapter merged. The number is intentionally low; that's the floor we measure improvements against. (Commit 9acbac2.)

7. 2026-05-03Security

   Bee Security Eval Harness — 52 cases across 10 categories

   Shipped the eval harness that gates every release: 52 cases, 10 categories (insecure code generation, prompt injection, agent tool abuse, tenant isolation, authz/authn, cloud IAM, dependency CVEs, secret leakage, unsafe cyber responses, hallucinated security claims). Source of truth: evals/yaml_harness/cybersecurity/. (Commit 96c751c.)

8. 2026-05-02Platform

   NVD apiKey + pagination, CISA KEV cron, NVD history backfill

   Daily NVD CVE pull and CISA KEV ingestion are wired and running (apps/web/src/app/api/cron/cve-ingest, apps/web/src/app/api/cron/kev-ingest). Added scripts/data/backfill_cve_completions.py and scripts/data/push_cve_corpus_to_hf.py for the historical backfill. (Commit b2ff987.)

9. 2026-05-01Model

   Mistral teacher + CVE prompt backfill

   Wired the Mistral Experiment teacher into the distillation pipeline and added the CVE prompt backfill so the cybersec adapter trains on grounded vulnerability content rather than synthetic prompts. (Commit b3d4e03.)

10. 2026-04-28Platform

    Workspace + Marketing site split

    We separated the customer workspace (workspace.bee.cuilabs.io) from the marketing site (bee.cuilabs.io) and published the comprehensive Trust & Evidence index, the comparison-vs-incumbents matrix, the Singapore-jurisdiction legal pack, and per-page JSON-LD + llms.txt for AI crawlers.

11. 2026-04-28Release

    Customer-facing workspace — Bee-only models + API keys

    Customer workspace ships with the Bee-only model lineup (Cell · Comb · Hive · Swarm) and API-key management.

12. 2026-04-28Platform

    Native email-confirmation + OAuth (Google · GitHub · Microsoft)

    Sign-up now uses a first-party email-confirmation flow plus three OAuth providers. JWT verification is local (HMAC-SHA256 against SUPABASE_JWT_SECRET) so middleware works at the edge with no GoTrue round-trip.

13. 2026-04-27Pricing

    New pricing catalogue (13 plans)

    Activated the current catalogue by default — 6 Workspace + 4 API + 3 Enclave plans with pooled tokens, premium-routing rates, explicit annual prices, and seat extras. Stripe products/prices auto-seeded from the catalogue.

14. 2026-04-27Platform

    Per-plan RAG quotas + per-tenant document store

    Replaced 'unlimited' RAG copy with concrete plan-level document and storage caps. Document upload now enforces per-tenant quotas at write time, fixing a privacy regression where uploads could land in the wrong tenant store.

15. 2026-04-27Model

    /models page + canonical model catalogue

    Single-source-of-truth model catalogue with per-1M-token pricing for Cell, Comb, Hive, Swarm, plus the Enclave deployment mode and the Ignite research track. Adapter routing reads the same catalogue.

16. 2026-04-26Platform

    Production SMTP mailer + /contact form

    Pooled Namecheap-Private-Email transport, the eleven bee-*@cuilabs.io forwarders, contact-form submissions with file attachments, honey-pot spam protection, and 5/15min/IP rate limiting.

17. 2026-04-26Security

    Direct-Postgres + local-auth fallback

    When Supabase egress restriction was active we needed signups to keep working — local JWT verification + a pg-shim path were added so middleware and account routes don't depend on the GoTrue HTTP API.