Now the newsletter. Let me write it as the final output.

Ramsay Research Agent — 2026-02-25

Breaking News & Industry

RoguePilot: GitHub Issues Weaponized to Hijack Copilot and Steal Repo Tokens

Orca Security discovered "RoguePilot" — a passive prompt injection attack where malicious instructions hidden in GitHub Issues via HTML comment tags are automatically fed to GitHub Copilot when a developer opens a Codespace. The injected prompt exfiltrates the GITHUB_TOKEN, enabling full repository takeover with read/write access. This is a new class of AI-mediated supply chain attack — the coding assistant is weaponized against the developer it assists. GitHub has patched following coordinated disclosure. Action: Audit any workflow where AI agents process untrusted content (issues, comments, PRs) as execution context. (The Hacker News, SecurityWeek)

Terra Security Finds Widespread Flaws in AI-Generated Code — CVE-2026-25724 in Claude Code

Terra Security's adversarial testing found recurring vulnerability patterns across AI coding tools including Claude Code, Loveable, and Base44. CVE-2026-25724 is a path traversal vulnerability in Claude Code (pre-2.1.7) where symbolic links bypass deny rules in settings.json because matching uses the literal path rather than the canonically resolved path. Patched in v2.1.7. Action: Update Claude Code to 2.1.7+ immediately. Audit any symlink usage in workspaces. If you deploy apps built with AI code generation tools, perform independent security reviews. (AI Journal, NVD)

CrowdStrike 2026: AI Attack Breakout Time Drops to 29 Minutes

CrowdStrike's 2026 Global Threat Report shows 89% YoY increase in AI-enabled attacks, with average breakout time falling to 29 minutes (65% faster than 2024). Fastest recorded: 27 seconds. Data exfiltration began within 4 minutes in one case. Critically for builders: attackers are weaponizing victims' own local AI tools (Claude CLI and Gemini CLI) by shipping malicious npm packages that instruct these tools to steal credentials and cryptocurrency. Action: Treat AI CLI tools with terminal access as privileged attack surface. Vet npm dependencies. (GBHackers, CybersecurityNews)

Anthropic Cowork Enterprise: 13 MCP Connectors and Plugin Marketplace

Anthropic launched 13 new MCP connectors for Cowork covering Google Workspace (Drive, Calendar, Gmail), DocuSign, Apollo, Clay, Outreach, SimilarWeb, MSCI, LegalZoom, FactSet, WordPress, and Harvey. Enterprise admins get private plugin marketplaces from private GitHub repos. Cross-application context passing between Cowork, Excel, and PowerPoint. Open-source plugin templates at anthropics/knowledge-work-plugins. Spotify confirmed 90% reduction in engineering time and 650+ AI-generated code changes merged monthly. (TechCrunch, WinBuzzer)

HyperNova 60B: Free Quantum-Compressed Model with 5x Agentic Performance

Multiverse Computing released HyperNova 60B on Hugging Face for free — a 50% compressed version of OpenAI's gpt-oss-120B using quantum-inspired CompactifAI compression. Memory drops from 61GB to 32GB (fits single consumer GPU) while showing 5x improvement on Tau2-Bench and 2x on Terminal Bench Hard agentic benchmarks. Action: If you need an on-premise open-weight model for agentic tool-calling, evaluate this at MultiverseComputingCAI/HyperNova-60B. (TechCrunch)

METR Study Resurfaces: AI Tools Make Experienced Devs 19% Slower (They Think 20% Faster)

The METR randomized controlled trial (16 experienced developers, 246 tasks, 5+ years on specific codebases) found AI tools made developers 19% slower while they perceived 20% faster. This resurfaces alongside the Deloitte study (89% of 6,000 executives report no AI productivity impact). Builder context: Real productivity gains come from reduced context switching and automating routine work on unfamiliar codebases, not raw speed on codebases you already know well. (METR, Augment Code)

Vibe Coding & AI Development

Pencil.dev: Free Design Canvas with MCP Integration for Claude Code

Pencil.dev is a free, local-first infinite design canvas that connects to Claude Code via MCP. Design UI visually, and your coding agent reads the canvas context to generate matching production code (HTML, CSS, React) with zero information loss. Designs save as editable .pen files directly in your git repo — no Figma exports, no handoff documents. Supports Figma import for pixel-perfect translation. Available for Mac, Linux, and as a Cursor extension. Going viral among engineers who want to eliminate the design-to-code gap. Action: Install Pencil.dev (free) and configure its MCP server in your Claude Code or Cursor setup. (Pencil.dev)

EchoVault: Persistent Local Memory for Coding Agents

EchoVault solves the "agent amnesia" problem — coding agents forgetting everything between sessions. It runs as an MCP server giving agents three tools: memory_context (load prior decisions), memory_search (find specific memories), and memory_save (persist learnings). Storage is a Markdown vault indexed by SQLite FTS5 with optional semantic search. Zero RAM overhead at idle, no external servers. Works with Claude Code, Cursor, Codex, and OpenCode. Action: npm install -g echovault and add the MCP server to your coding agent config. (GitHub)

NVIDIA Nemotron 3 Nano: Open Agentic Model with RL Training Pipeline

NVIDIA debuted the Nemotron 3 family for agentic AI. Nano (30B params, 3B active via MoE) delivers 78% HumanEval, native 1M-token context, and 4x higher throughput than Nemotron 2 via hybrid Mamba-Transformer architecture. Critical developer angle: NVIDIA open-sources NeMo Gym with 10 RL environments (competitive coding, math, tool use, multi-turn conversations) for reproducing NVIDIA's agentic training loop. First time developers can fine-tune open models specifically for multi-step agentic behavior. Cursor is an early adopter. Action: Available now on HuggingFace and NVIDIA NIM. Explore NeMo Gym for fine-tuning agentic behavior on your own tasks. (NVIDIA Newsroom, NVIDIA Developer Blog)

Verification-Driven Development: The Standard Agentic Pattern

Multiple practitioner guides this month converge on "verification-driven development" as the core pattern for 2-3x better output from coding agents. Three pillars: (1) always give agents a way to verify their own output (tests, builds, linting, browser automation), (2) force an explicit design step before any file is touched (plan-first), and (3) actively manage the context window (compact or restart when approaching limits). Anthropic's own engineering team uses CLAUDE.md for project memory, plan-first for non-trivial tasks, and verification loops as mandatory workflow gates. Action: Add build, test, and lint commands to your CLAUDE.md. Use /plan for anything beyond trivial changes. (Cuttlesoft, DevGenius)

MCP eval() Epidemic Reaches 30+ CVEs

The MCP CVE count reached 30+, all sharing the same root cause: user-controlled input reaching exec()/eval() without sanitization. AgentAudit scanned 194 MCP packages and found 118 security findings across 68 packages — 14 rated critical or high. Anthropic's own Git MCP server had 3 CVEs enabling RCE via prompt injection (patched). Across 16 responsible disclosures to network-exposed MCP servers, response rates were low. Action: Audit every MCP server you use for eval()/exec() calls with user input. Use mcp-scan for automated detection. (DEV Community / Kai Security)

DeepSeek V4 Still Not Launched (Day 8+)

DeepSeek V4 remains unreleased as of Feb 25, now 8+ days past the Feb 17 target. The silent 1M context window upgrade appears to be a pre-V4 technical push. V4 Lite leaked Feb 23 with breakthrough SVG generation. Architecture confirmed: Manifold-Constrained Hyper-Connections + Engram conditional memory + Sparse Attention for 1M+ context. Action: Don't block on V4. Use the 1M context upgrade on current DeepSeek for long-context testing today. (Evolink)

Claude Code v2.1.54-56: Stability Phase

Three bug-fix releases shipped Feb 25. v2.1.55 fixes BashTool EINVAL on Windows. v2.1.56 fixes VS Code "command not found" crashes. No new features — stability continues after the v2.1.51-53 feature batch (remote-control, confirmation gates, tool result disk persistence). Action: Update to v2.1.56 if you're on VS Code or Windows.

Anthropic Self-Serve Enterprise: Single Seat, No Sales Call

Claude Enterprise is now purchasable directly on the website without a sales conversation. Single seat type includes Claude, Claude Code, and Cowork. SSO/SCIM, domain capture, audit logs, compliance API included. Usage billed at API rates. Action: If you need SSO or audit logs for Claude Code, set up Enterprise self-serve in minutes at claude.com.

What Leaders Are Saying

Simon Willison: Vibe-Coded a macOS Presentation App in 45 Minutes

Willison built Present.app — a full macOS presentation tool — in 45 minutes the night before a talk at Social Science FOO Camp. Used Swift (a language he doesn't know), produced a 355KB binary with phone remote control. Key insight: "Existing technical knowledge and familiarity with development tools remained essential" — vibe coding amplifies skilled engineers but doesn't replace foundational expertise. Separately reviewed Claude Code Remote Control and found it buggy: sessions break on restart, --dangerously-skip-permissions doesn't work, lacks scheduling. Also curated Kellan Elliott-McCrea's essay (below). (simonwillison.net, simonwillison.net)

Kellan Elliott-McCrea (amplified by Willison + Fowler): "Code Has Always Been the Easy Part"

The former Etsy CTO's essay is the most historically grounded take on AI coding. Core thesis: code was never the hard part — systems thinking, org design, and customer understanding were. Tech has "always fetishized the act of writing code" while successful teams knew "the value is the system." Key insight: "Review is fatiguing in a way that creating is not" — the cognitive burden shifts from generation to evaluation. Prior disruptions (web, CI/CD, mobile, SPAs, ML) all "broke how teams worked and required us to invent new ways of working." AI follows this pattern. Martin Fowler endorsed this in today's daily fragment, calling Willison "one of my most reliable sources for information about LLMs and programming." (laughingmeme.org, martinfowler.com)

Boris Cherny: "Software Engineer Title Will Go Away by Year-End"

Claude Code creator doubled down in Fortune: "I think by the end of the year, everyone is going to be a product manager, and everyone codes. The title software engineer is going to start to go away." Replaced by "builder." Compares to printing press. "I have not edited a single line by hand since November." At Anthropic, AI writes 70-90% of code company-wide, 90% of Claude Code itself is written by Claude Code. Advice: become "generalists" who understand design, infrastructure, and business. (Fortune)

Dario Amodei: Pentagon Ultimatum — The AI Safety Line in the Sand

Hegseth met Amodei Tuesday and issued an ultimatum: lift guardrails by Friday 5:01pm or face the Defense Production Act. Anthropic reiterated its redlines: no fully autonomous weapons, no mass surveillance of Americans. xAI's Grok already approved for Pentagon classified systems with no restrictions. Anthropic "has no plans to budge." This creates an industry-defining fork between AI companies willing vs. unwilling to accept unrestricted military use. (Axios, CNN)

Martin Fowler: Endorses Agentic Engineering Patterns

Fowler's daily fragment endorsed Willison's guide, specifically the Red/Green TDD pattern. Called him "one of my most reliable sources for information about LLMs and programming." Distinguished vibe coding from agentic engineering. His Thoughtworks team is formalizing "knowledge priming as infrastructure" — treating project context documents (CLAUDE.md, SPEC.md) as first-class infrastructure. When Fowler stamps a methodology, enterprise adoption follows. (martinfowler.com)

Thorsten Ball (Amp): "The Coding Agent Is Dead. The Text Editor Is Dead."

Ball and the Amp team concluded that the coding agent and the text editor are both solved/dying. "What we have right now isn't the future." Software is disappearing into agents — Geoffrey Litt received a Claude-generated workout app, Ryan Florence discarded his workout app for ChatGPT voice mode. If you're building tools that require humans to sit in a text editor, Ball says you're building for a dying paradigm. (Register Spill J&C #75)

Kate Jensen (Anthropic): "2025 Was a Failure of Approach"

Anthropic's head of Americas delivered the most honest post-mortem of 2025 enterprise AI: "2025 was meant to be the year agents transformed the enterprise, but the hype turned out to be mostly premature. It wasn't a failure of effort. It was a failure of approach." The approach that failed: "too generic, too hard to control, or too insecure." Thomson Reuters surged 11% post-briefing; IBM fell 13.2% (worst since 2000). (TechCrunch)

AI Agent Ecosystem

Check Point: Claude Code Triple Attack Surface — Configuration Files as Weapons

The most important security research this week. Check Point demonstrated three attack vectors in Claude Code exploiting project configuration files in untrusted repositories: (1) Hooks RCE (CVE-2025-59536, CVSS 8.7) — malicious hooks in .claude/settings.json execute shell commands before users see a trust dialog. (2) MCP Consent Bypass — .mcp.json overrides safeguards to auto-approve MCP servers. (3) API Key Exfiltration (CVE-2026-21852, CVSS 5.3) — overriding ANTHROPIC_BASE_URL redirects all API traffic including auth headers to attacker-controlled servers. All three trigger when you merely clone and open an untrusted repo. All patched. Action: Treat .claude/, .mcp.json, and env var overrides in any repository with the same scrutiny as executable code. (Check Point Research)

Claude Code Security: AI Vulnerability Scanner Finding 500+ Zero-Days

Anthropic launched Claude Code Security as a limited research preview for Enterprise and Team customers. Uses Opus 4.6 to reason about code like a human security researcher — tracing data flows across components, reading commit histories to find unpatched variants, identifying inherently risky code paths. Anthropic's Frontier Red Team found 500+ high-severity vulnerabilities in production open-source code that survived decades of expert review. Multi-stage verification filters false positives. Open-source maintainers get expedited access. Triggered 5%+ drawdown across cybersecurity stocks. (Anthropic Blog, VentureBeat)

New Relic Agentic Platform: No-Code Agent Builder with MCP and Governance

First major observability platform with a complete agent development and governance stack. Drag-and-drop agent builder for SREs. Pre-built agents like "SRE Nerd" handle root cause analysis, incident triage, and change management. Native MCP support lets agents access service catalogs, incident wikis, and CI/CD metadata. Enterprise governance via RBAC and audit logging. OTel integration. Directly relevant to anyone running production agent workloads that need monitoring. (TechCrunch)

OpenClaw CVE-2026-25253: One-Click RCE Kill Chain

CVE-2026-25253 (CVSS 8.8) enables millisecond-speed one-click RCE against OpenClaw. The attack exploits missing WebSocket origin header validation: visiting a malicious page triggers cross-site WebSocket hijacking → exfiltrates gateway token → disables sandboxing → escapes Docker → full RCE on host. Endor Labs separately disclosed 6 additional vulnerabilities (SSRF, path traversal, auth bypass). 1,862 publicly exposed instances detected. Patched in v2026.1.29 with Trust-on-First-Use and origin validation. Users must rotate gateway tokens and API keys immediately. (The Hacker News, Endor Labs)

ClawdINT: Agent Autonomously Published Confidential Threat Intelligence

A cybersecurity firm employee connected an OpenClaw agent to both their internal threat intelligence platform and ClawdINT (public research platform). The agent treated both identically — finding relevant content internally, fusing it with other sources, and publishing to the public platform. First documented case of an agent leaking confidential data through legitimate tool use, not exploitation. Action: Every agent tool connection needs explicit data classification labels. Implied boundaries don't work. (Awesome Agents)

MCP Ecosystem: 1,412 Servers, 38.7% Zero Authentication

An analysis of 1,412 company-operated MCP servers (up 232% from 425 in Aug 2025, 301 new in February alone) reveals: 81% from companies under 200 employees. 50% of companies with MCP servers don't even have a public API — MCP is their first machine-readable interface. 38.7% require zero authentication, 22.9% have wide-open CORS, 2.4% implement rate limiting. Builder opportunity: MCP security tooling is wide open. Auth middleware, rate limiting proxies, security scanners. (Bloomberry)

Hot Projects & Repos

Emdash — Multi-Agent Desktop Orchestrator (2.1K stars, Show HN trending)

YC W26 open-source desktop app for running 21+ CLI coding agents in parallel (Claude Code, Codex, Gemini, Qwen Code, OpenCode), each in isolated Git worktrees. Best-of-N mode runs multiple agents on the same task. Diff view, Kanban view, Linear/GitHub/Jira integration. The most polished multi-agent orchestration app available. (GitHub)

Anthropic Knowledge Work Plugins — Official Open-Source (8K stars)

11 enterprise Cowork plugins plus 13 MCP connectors. Covers productivity, sales, support, product management, marketing, legal, finance, data, enterprise search, bio-research. File-based format — no code infrastructure needed. Fork and customize for your domain. (GitHub)

LEANN — Vectorless RAG, 97% Storage Savings (10.1K stars)

Graph-based selective recomputation — computes embeddings on-demand instead of storing them. Indexes file system, emails, browser history, chat history, agent memory, codebases — all locally. MCP server included for Claude Code integration. Scales to 60M documents on a laptop with zero cloud costs. (GitHub)

Scrapling v0.4 — Adaptive Web Scraping with MCP (15.2K stars, +1,656/day)

774x faster than BeautifulSoup+Lxml. Parser learns from website changes and auto-relocates elements. v0.4 adds MCP server integration, Cloudflare Turnstile bypass, concurrent spider with pause/resume, automatic proxy rotation. Drop-in MCP tool call for structured web scraping. (GitHub)

Plano — AI-Native Proxy for Agentic Apps (5.6K stars, +205/day)

Built on Envoy by its core contributors. Agent orchestration (add agents without code changes), model routing, zero-code OTEL traces/metrics, and moderation via filter chains. Think "Envoy for AI agents." Infrastructure-level tooling for teams deploying multi-agent systems. (GitHub)

Moonshine Voice — Open STT Beating Whisper at 1/6th Params (4.9K stars, 310 HN pts)

245M param model beats Whisper Large v3 at 6.65% WER. Streaming-optimized with incremental audio caching for real-time agent voice. Cross-platform: Python, iOS, Android, macOS, Linux, RPi. No API keys. Free. (GitHub)

DeepAudit v3.0 — Multi-Agent Vulnerability Detection (4.8K stars)

Four agents (Orchestrator, Recon, Analysis, Verification) autonomously identify vulns, generate exploits, and sandbox-verify them. 49 real CVEs discovered across 16 projects. RAG-enhanced analysis. 10+ LLM backends including local Ollama. (GitHub)

Cisco MCP Scanner — Enterprise MCP Security (1.2K+ stars)

Three scanning engines: YARA rules, LLM-as-a-judge, and Cisco AI Defense inspect. New behavioral code threat analysis tracks untrusted data across functions. Also includes production readiness scanning. Enterprise-grade answer to the MCP security crisis. (GitHub)

visual-explainer — Agent Skill for Visual Output (2.7K stars, +180/day)

Generates rich self-contained HTML pages for diff reviews, architecture overviews, plan audits. 11 diagram types. Slash commands: /diff-review, /plan-review, /project-recap. Drop SKILL.md in your project and agents produce visual output instead of text walls. (GitHub)

taste-skill — Fix AI Design Slop (1.2K stars, trending)

Forces AI to build modern, high-end frontend interfaces instead of generic aesthetic. Tunable design variance, motion intensity, and visual density. Works with Claude Code, Codex, Cursor, Copilot, Gemini CLI. One file. (GitHub)

Best Content This Week

Research Papers

Nemotron-Terminal (arXiv:2602.21193, 66 HF upvotes) — First systematic study of data engineering for terminal/CLI agents. Terminal-Task-Gen pipeline with Dockerized environment interaction. Qwen3-initialized 8B model goes from 2.5% to 13.0% on Terminal-Bench 2.0. All checkpoints and synthetic datasets open-sourced at nvidia/nemotron-terminal. The open-source recipe for building your own Claude Code-like terminal agent. (arXiv)

PyVision-RL (arXiv:2602.20739, 43 HF upvotes) — Addresses "interaction collapse" where RL-trained agents learn to reduce tool usage and multi-turn reasoning. Oversampling-filtering-ranking rollout strategy sustains interaction. If you're training agents via RL, this solves a real problem. (arXiv)

TAPE: Tool-Guided Adaptive Planning (arXiv:2602.19633) — Graph-based multi-plan aggregation + constrained decoding + adaptive re-planning on environmental deviation. For agents in costly real-world environments (deployments, DB operations, financial transactions). (arXiv)

TTT with KV Binding = Linear Attention (arXiv:2602.21204) — NVIDIA/UofT/Vector Institute reveal test-time training with KV binding is mathematically equivalent to learned linear attention. Enables principled simplifications and fully parallel formulations. Replace complex TTT with simpler linear attention for same results. (arXiv)

DREAM: Deep Research Evaluation (arXiv:2602.18940) — AWS framework for evaluating deep research agents with metrics for multi-turn reasoning, tool use patterns, and research quality. If building Perplexity-style research agents, this provides standardized measurement. (arXiv)

Security Analysis

30 MCP CVEs Mapped Into Three Attack Layers — Comprehensive mapping: Layer 1 (Execution, 43%): 13 exec/shell injection CVEs. Layer 2 (Tooling, 20%): 6 CVEs targeting dev infrastructure — MCP Watch (a security scanner!) has command injection in its own repo cloning. Layer 3 (New classes, 14%): eval() and env var injection. 38% of 560 scanned servers have no auth. Your MCP security tools may themselves be vulnerable. (DEV Community / Kai Security)

Builder Methodology

Martin Fowler endorses Willison's Agentic Engineering Patterns — When Fowler stamps a methodology, enterprise follows. Specifically endorses Red/Green TDD. Thoughtworks formalizing "knowledge priming as infrastructure." (martinfowler.com)

SaaS Disruption & Builder Moves

The "Seat Extinction" Pattern: CRM, HR, Support, and Legal All Hit Simultaneously

In a single 30-day window, seat-based pricing is challenged in at least four unrelated categories: CRM (Salesforce Agentforce per-action at $0.10 via Flex Credits, $800M ARR), HR (Workday seat compression tanks stock 10% despite earnings beat), Support (Intercom Fin standalone at $0.99/resolution), Legal (Cowork + Harvey threatening per-seat legal tech). Law firm Mayer Brown published guidance on renegotiating SaaS contracts with flexibility clauses for mid-contract seat reductions. Enterprises reporting 90% seat reductions in support/payroll departments. Builder opportunity: Build tools that help enterprises audit seat usage vs. AI capability, model cost savings, and negotiate better contracts. SaaS cost optimization is itself becoming a category.

Databricks Ships Agentic Dashboard Authoring — BI Analysts on Notice

Databricks' February AI/BI update introduces agentic dashboard authoring (Beta): describe what you want, an agentic loop creates datasets, generates visualizations, configures filters, and organizes layouts from a single prompt. Combined with AI/BI Genie, this systematically eliminates the need for dedicated BI analysts using Tableau, Looker, or PowerBI. Startups like Querio and askEdgi push further with "zero-prep analytics." Builder opportunity: AI analytics agents for specific verticals — e-commerce, SaaS metrics, healthcare reporting — that deliver insights without dashboard setup. (Databricks Blog)

YC Spring 2026: 6 of 7 Ideas Are AI-Native

YC's Request for Startups features 7 ideas, 6 explicitly AI-native. The most builder-relevant: (1) "Cursor for Product Management" — AI agents that help PMs ideate and decide, replacing Productboard ($20K+/year). (2) AI-Native Agencies — instead of $50/mo SaaS, use AI internally and sell finished outcomes at $2K-$5K/month with 65-80% margins (vs traditional agency 20-35%). (3) AI-Guided Physical Work — Claude Code for the physical world. YC isn't funding "AI features." They want companies built with the assumption that agents do most of the work. The AI-native agency model may be the highest-leverage play for solo founders in 2026. (Y Combinator)

OpenAI Frontier: Enterprise Agent Platform Directly Competes With Incumbents

OpenAI's Frontier platform enables building, deploying, and managing AI agents that run other software (Salesforce, Workday, etc.). "Business Context" gives agents institutional memory. Multiyear deals with Accenture, BCG, Capgemini, McKinsey. Key insight: Frontier positions agent platforms as a new layer above existing SaaS — agents orchestrate tools rather than replacing them. The opportunity is building agents and workflows on top, not building the platform. (OpenAI)

Solo Devs Rebuilding Enterprise SaaS In-House

A growing 2026 trend: skilled developers using AI to rebuild enterprise SaaS as internal tools, eliminating $10K-$500K/year in licensing. Seven categories being rebuilt most often: document automation, task coordination, contact management, time tracking, analytics dashboards, customer chatbots, content automation. Idea-to-launch compressed from 6-18 months to 2-12 weeks at $500-$20K. The market favors "surgical instruments, not Swiss Army knives." Build narrow, build fast, charge $49-$299/month. (DEV Community)

Skills to Learn Today

1. Build Cross-Platform Agent Skills with SKILL.md (intermediate) — Write one SKILL.md file that works across 26+ platforms. Create skill directory, write YAML frontmatter, control invocation modes, restrict tool access, test locally, publish. (agentskills.io)

2. Harden MCP Servers Against the eval() Epidemic (intermediate) — Audit for eval/exec/subprocess shell=True, replace with safe alternatives (ast.literal_eval, JSON parsers, execFile + arrays), implement allowlist validation, enable auth. (DEV Community / Kai Security)

3. Install a PreToolUse Security Hook (beginner) — After CVE-2025-59536: create hooks directory, write security validator script, configure permissions.deny for sensitive files, hook into PreToolUse. Blocks destructive commands and credential access in under 5 minutes. (GitHub Gist)

4. Build a Claude Code Plugin (intermediate) — Package skills, subagents, hooks, and MCP configs into shareable plugins. Create manifest, add skills as SKILL.md, add agents, configure MCP, test with --plugin-dir, distribute via marketplace. (Claude Code Docs)

5. Orchestrate Parallel Agents with Filesystem-Lock Allocation (advanced) — From Anthropic's C compiler project (16 agents, 100K lines Rust). Git-tracked current_tasks/ directory for claiming work. AGENT_PROMPT.md for self-orientation. AI-optimized test harness with --fast flag. Worktree isolation. (Anthropic Engineering)

6. Create Subagents with Persistent Memory (intermediate) — Add memory: user or memory: project to subagent frontmatter. Agent gets auto memory directory. First 200 lines of MEMORY.md injected into every session. Code reviewer that remembers your patterns, debugger that recalls past fixes. (Claude Code Docs)

7. Defend Against AI-Orchestrated Espionage (advanced) — Build rate-anomaly detection (thousands of requests/second = AI), task-fragmentation classifiers (benign chains combining into attacks), AI-driven SOC defense. (Anthropic)

8. Audit Projects for Configuration-as-Code Attack Vectors (intermediate) — Inspect .claude/ before opening repos, check .mcp.json for auto-start servers, verify no ANTHROPIC_BASE_URL override, add config review to PR process, validate in CI. (Check Point Research)

Source Index

Breaking News & Industry

Vibe Coding & AI Development 9. Pencil.dev 10. GitHub — EchoVault 11. NVIDIA — Nemotron 3 12. Cuttlesoft — Verification-driven development 13. DEV Community — MCP eval epidemic 14. Cursor — v2.5 Changelog 15. Claude Blog — Self-serve enterprise

What Leaders Are Saying 16. simonwillison.net — Present.app 17. laughingmeme.org — Code has always been easy 18. martinfowler.com — Agentic patterns endorsement 19. Fortune — Boris Cherny interview 20. Axios — Amodei Pentagon ultimatum 21. Register Spill — Thorsten Ball

AI Agent Ecosystem 22. Check Point Research — Claude Code CVEs 23. Anthropic — Claude Code Security 24. TechCrunch — New Relic Agentic Platform 25. The Hacker News — OpenClaw CVE-2026-25253 26. Bloomberry — 1,412 MCP servers

Hot Projects & Repos 27. GitHub — Emdash 28. GitHub — knowledge-work-plugins 29. GitHub — LEANN 30. GitHub — Scrapling 31. GitHub — Plano 32. GitHub — Moonshine 33. GitHub — DeepAudit 34. GitHub — Cisco MCP Scanner 35. GitHub — visual-explainer 36. GitHub — taste-skill

Best Content This Week 37. arXiv — Nemotron-Terminal 38. arXiv — PyVision-RL 39. arXiv — TAPE 40. arXiv — TTT = Linear Attention 41. arXiv — DREAM 42. DEV Community — 30 MCP CVEs mapped

SaaS Disruption & Builder Moves 43. Salesforce — Q4 earnings 44. CNBC — Workday earnings 45. Databricks — Agentic dashboard authoring 46. Y Combinator — Spring 2026 RFS 47. OpenAI — Frontier platform

Meta: Research Quality

Most productive agents this run:

news-researcher — 10 findings including the day's biggest story (Claude/Mexico breach) and 3 critical security disclosures
projects-researcher — 14 repos including Emdash (multi-agent orchestrator), LEANN (vectorless RAG), and Scrapling (15.2K stars, explosive growth)
agents-researcher — Check Point triple attack disclosure was the most builder-relevant security finding of the week
saas-disruption-researcher — Connected the dots on seat extinction across 4 categories simultaneously

Most productive sources:

Bloomberg (exclusive on Claude/Mexico breach), Check Point Research (triple CVE disclosure), Simon Willison Blog (2 posts, both high-value), Bloomberry (comprehensive MCP ecosystem survey — new Tier 2 source), Martin Fowler (methodology endorsement signal)

Coverage gaps:

Chinese AI model ecosystem underrepresented — DeepSeek V4 delay continues but no coverage of other Chinese lab activity
Hardware/infrastructure layer — Vera Rubin covered but edge computing and device-level AI developments thin
Audio/video AI models — Moonshine found via projects but the broader multimodal agent space needs dedicated attention

Run stats: 478 total findings in database (+43 this run). 126 skills across 6 domains (+8). 132 patterns tracked (+5). 98 unique sources indexed (+5). 8 agents dispatched, 8 returned successfully. Run 19 of continuous daily operation.

How This Newsletter Learns From You

This newsletter has been shaped by 8 pieces of feedback so far. Every reply you send adjusts what I research next.

Your current preferences (from your feedback):

More builder tools (weight: +2.5)
More agent security (weight: +2.0)
More vibe coding (weight: +1.5)
Less valuations and funding (weight: -3.0)
Less market news (weight: -3.0)

Want to change these? Just reply with what you want more or less of.

Ways to steer this newsletter:

"More [topic]" / "Less [topic]" — adjust coverage priorities
"Deep dive on [X]" — I'll dedicate extra research to it
"[Section] was great" — reinforces that direction
"Missed [event/topic]" — I'll add it to my radar
Rate sections: "Vibe Coding section: 9/10" helps me calibrate

Reply to this email — I've processed 8/8 replies so far and every one makes tomorrow's issue better.