neillmcshea 9:34 pm on 13 May 2026
Tags: ,   

AI Contributor Weekly Summary – 13 May 2026

This week’s AI contributor meeting focused on the final coordination for the WordPress 7.0 release, the roadmap for the AI PluginPlugin A plugin is a piece of software containing a group of functions that can be added to a WordPress website. They can extend functionality or add new features to your WordPress websites. WordPress plugins are written in the PHP programming language and integrate seamlessly with WordPress. These can be free in the WordPress.org Plugin Directory https://wordpress.org/plugins/ or can be cost-based plugin from a third-party. 1.0.0, and a deep dive into security experiments regarding Connector Approvals and Request Logging.

Announcements & Timeline

  • Reviewed the current WP 7.0 timeline and where the coreCore Core is the set of software required to run WordPress. The Core Development Team builds WordPress.-ai teams work fits in
  • Field Guide: The comprehensive developer field guide is expected to be published alongside RC4. @jeffpaul noted that the content regarding Connectors APIAPI An API or Application Programming Interface is a software intermediary that allows programs to interact with each other and share data in limited, clearly defined ways., Abilities, and the AI Client is being finessed for accuracy. Draft, with current edits available here; any and all feedback in the guide ASAP is greatly appreciated!
  • AI Plugin 0.9.0: Has officially shipped: Announcement post
  • AI Plugin 1.0.0: The team is targeting Tuesday, May 19 for the V1 release, strategically launching one day before WordPress 7.0 to provide a stable companion for early adopters.

WordPress 7.0 Field Guide

  • The team reviewed the draft status of the 7.0 Field Guide.
  • Action Item: Contributors are asked to review the draft and lacking that then the published version immediately upon release. If any technical errors are spotted regarding AI implementations, they must be called out quickly for immediate adjustment.

WCEU & Contributor DayContributor Day Contributor Days are standalone days, frequently held before or after WordCamps but they can also happen at any time. They are events where people get together to work on various areas of https://make.wordpress.org/ There are many teams that people can participate in, each with a different focus. https://2017.us.wordcamp.org/contributor-day/ https://make.wordpress.org/support/handbook/getting-started/getting-started-at-a-contributor-day/ Planning

  • Table Leads: The team is seeking a Table Lead for Core AI for WordCampWordCamp WordCamps are casual, locally-organized conferences covering everything related to WordPress. They're one of the places where the WordPress community comes together to teach one another what they’ve learned throughout the year and share the joy. Learn more. Europe – Please pingPing The act of sending a very small amount of data to an end point. Ping is used in computer science to illicit a response from a target server to test it’s connection. Ping is also a term used by Slack users to @ someone or send them a direct message (DM). Users might say something along the lines of “Ping me when the meeting starts.” in the #core-ai SlackSlack Slack is a Collaborative Group Chat Platform https://slack.com/. The WordPress community has its own Slack Channel at https://make.wordpress.org/chat/ channel if you would like to know more.
  • Leadership Strategy: @karmatosed and @justlevine emphasized the importance of “empowering new blood,” suggesting that experienced contributors like @justlevine (remote) and @swissspidy (local) could pair with and support newer leads rather than just leading the table themselves. @swissspidy confirmed after the meeting, in slack that, he has not yet confirmed if he will be attending.
  • Digital Participation: @justlevine confirmed he will provide digital support for contributors working remotely during the event.

AI Plugin 1.0.0

A significant portion of the meeting was dedicated to the specific features intended to ship in the V1 release:

Connector Approval Experiment

  • The Problem: Right now, any installed plugin can potentially use the Connectors API and reuse stored AI credentials, which means site owners may not have clear control over which plugins are actually using those keys. The concern is not only general plugin access, but also the newer AI-specific risk: once an LLM can access sensitive data, that data may be sent upstream into model history with little practical privacy boundary.
  • The Proposed Solution: @dkotter adds a Connectors Approval flow that blocks plugin access by default and requires admin approval before a plugin can use a connector. The goal is to create a practical first layer of interference around access to sensitive connector data now, without waiting to solve the entire long-term secrets architecture.
  • @justlevine, commentary: David helped reframe the value of the experiment by distinguishing LLMs from traditional plugin risk. He argued that the immediate problem is not just secret storage, but that LLMs can absorb and pass along context in a non-deterministic way, which makes access control especially important. His view was that the first step does not need to fully solve encryption or the deeper secrets-management layer; it can instead focus on preventing access to the sensitive data that LLM-powered features might otherwise consume. He also reinforced the value of “emergency breaks,” such as the existing constant-based kill switch and approval controls, because they give site owners a way to limit or stop unsafe behavior while the platform matures. Finally, he suggested that Connectors could be positioned as a more robust and safer pattern for registering credentials and related options than traditional settings, which could help drive adoption of this more managed model over time.
  • Security Concerns: @jason_the_adams pushed on the idea of “false security,” pointing out that this does not stop a bad plugin from pulling API credentials directly from the database or otherwise bypassing the approval flow. Others agreed that secret management or encryption on its own would not fully solve that, because WordPress does not yet have a true per-plugin sandbox or permissions layer around secrets. The group aligned that this experiment should be documented carefully so users understand it improves control and creates friction, but does not eliminate the broader platform-level gap.
  • Decision: The group landed on moving forward with the PR as an experiment for 1.0, not as a complete security solution. The reasoning from @jeffpaul was that it is better to start with a clear, limited control mechanism now than to wait for a perfect model, and that this gives the team something concrete to build on for 7.1 work around secrets management, permissions, and safer connector access.

AI Request Logging

  • Database Strategy: The team reached a consensus on using a custom database table for logging rather than post metaMeta Meta is a term that refers to the inside workings of a group. For us, this is the team that works on internal WordPress sites like WordCamp Central and Make WordPress., primarily due to enterprise-level performance concerns. This was based on this PR.
  • Data Structure: To prevent bloat, the log will use truncated context. @mikeyarce suggested adding tracking for cached vs. non-cached tokens to assist with cost analysis for providers like Anthropic and OpenAI.

Version Management & Philosophy

  • Versioning: The question was asked if 1.0.0 is meant to imply semver-style stability, or if we are following WordPress-style versioning, where experiments can still change in breaking ways. The group leaned toward dropping strict SemVer expectations and following WordPress-style versioning, with experiments explicitly not guaranteed future compatibility.
  • Compatibility: The group reiterated that features marked as Experiments do not guarantee future compatibility. Users opting into these features should expect potential breaking changes as the team iterates.

Next Steps

  • Review and finalize the WordPress 7.0 Field Guide content tomorrow.
  • Perform final testing on the Connector Approval and Request Logging PRs.
  • Finalize the AI Plugin 1.0.0 release for Tuesday.
  • @justlevine to finalize MCP AdapterMCP Adapter Translates WordPress abilities into Model Context Protocol format, allowing AI assistants like Claude and ChatGPT to discover and invoke WordPress capabilities as tools, resources, and prompts. documentation and plugin scaffolding over the weekend.
  • Formalize the call for WCEU Table Leads in the Slack channel.

Upcoming Meetings

  • AI Team Office Hours (Slack): 14 May 2026. @jeffpaul and @justlevine will facilitate.
  • Weekly AI Contributor Call (Google Meet): 20 May 2026 (WordPress 7.0 Release Day).

Props to @jeffpaul for pre-publish review.

#summary