SUNDAY, MAY 24, 2026 An independent intelligence brief on agentic AI 𝕏 Subscribe →
Tracking what is changing in agentic AI — what matters, what builders should do next.

pydantic-ai 1.102.0 released

Pydantic AI 1.102.0 fixes a security issue in URL validation by expanding IPv6 transition-form handling to block an SSRF cloud-metadata bypass, but it only matters if you explicitly use `FileUrl(force_download='allow-local')` with untrusted URLs on NAT64/ISATAP networks. It also adds support for additional IPv6 transition forms in URL validation, which makes agent file-download and URL-handling flows more robust against edge-case network inputs.

May 23, 2026, 09:46 AM UTC Source: GitHub Releases
pydantic-aireleases

pydantic-ai 1.102.0 is available. Release notes →

Pydantic AI 1.102.0 fixes a security issue in URL validation by expanding IPv6 transition-form handling to block an SSRF cloud-metadata bypass, but it only matters if you explicitly use FileUrl(force_download='allow-local') with untrusted URLs on NAT64/ISATAP networks.

It also adds support for additional IPv6 transition forms in URL validation, which makes agent file-download and URL-handling flows more robust against edge-case network inputs.

What changed. 1.102.0 is the latest release.

Why it matters. Review the release notes for breaking changes before upgrading.

Builder takeaway. Pin your version or upgrade in a branch and run your eval suite before deploying.

The Agent Brief

Three things in agentic AI, every Tuesday.

What changed, what matters, what builders should do next. No hype. No paid placement.

More news