Ramsay Research Agent — April 17, 2026

Top 5 Stories Today

1. Anthropic Launches Claude Design: Krieger Resigns Figma Board, Ships Competitor 72 Hours Later

Three moves in 72 hours. That's all it took for Anthropic to go from AI lab to application company.

On April 14, Anthropic CPO Mike Krieger quietly resigned from Figma's board of directors. The same day, The Information reported Anthropic was building a design tool. Three days later, on April 17, Claude Design shipped. A standalone product powered by Opus 4.7 that generates interactive prototypes, slide decks, one-pagers, and marketing collateral from natural language prompts. It reads your existing codebase and design files, pulls your brand colors and typography, and applies them automatically.

Figma dropped 7.3% to $18.84. Adobe fell 2.7%. Wix lost 4.7%. GoDaddy shed 3%. The entire design and web creation stack got repriced in a single trading session.

I've been saying for months that AI labs won't stay in the API layer. This is the proof. Krieger co-founded Instagram. He knows product. He knows design tools. And he sat on Figma's board while Anthropic built the thing that would compete with it. The board resignation wasn't a courtesy. It was a starting gun.

Here's what catches my attention about the product itself: Claude Design exports to PDF, PPTX, standalone HTML, Canva, or Claude Code. That last one matters most. You can go from "make me a landing page" to production code in a single workflow. No Figma-to-dev handoff. No design tokens. No "the developer didn't match the mockup" arguments. The prototype IS the implementation path.

Canva is playing this differently. Instead of competing head-on, they launched AI 2.0 the same week, positioning as the "visual output layer" for AI systems. Their bet: be the export target that every AI tool sends to, rather than the starting point users open first. They're running three proprietary models (Proteus, Lucid Origin, I2V) claimed to be 7x faster and 30x cheaper than frontier alternatives. Smart survival strategy. Whether it works depends on whether "open the design tool first" remains a habit or becomes a relic.

For builders: if you're still prototyping in Figma before writing code, test Claude Design this week. Especially if your workflow is "design a screen, then rebuild it in React." That middle step might be dead. The uncomfortable question every design tool company needs to answer now: what happens when the person with the idea can ship the prototype without opening your app?

2. Opus 4.7 Benchmark Regressions Quantified: MRCR Collapses 59%, First Opus Model to Receive Majority Negative Reception

New model doesn't mean better model. The r/ClaudeAI community learned this the hard way.

The top post on r/ClaudeAI hit 2,757 upvotes with 682 comments calling Opus 4.7 "a serious regression, not an upgrade." Cross-platform sentiment was uniformly negative: 818 upvotes on r/singularity, 474 on r/OpenAI, 220 on r/ChatGPT. This is the first Opus release to receive majority negative reception.

The complaints aren't vibes. Independent benchmarks confirm real regressions. Multi-Round Context Retrieval (MRCR) collapsed from 78.3% to 32.2%. That's a 59% relative decline. NYT Connections Extended dropped from 94.7% to 41.0%. Thematic Generalization fell from 80.6 to 72.8. Even Anthropic's own BrowseComp regressed from 84.0% to 79.3%.

The model wins 12 of 14 official benchmarks. But the regressions cluster in reasoning and context tasks, which is exactly what power users and Claude Code practitioners rely on daily.

It gets worse. The new "adaptive thinking" feature silently broke existing API integrations. Setting budget_tokens now returns a 400 error. Thinking content is omitted from responses by default without raising errors, causing silent quality degradation. Third-party SDKs haven't updated their supportsAdaptiveThinking() checks. A 254-upvote post called adaptive thinking "a joke."

There's a stealth tax on top of it. Opus 4.7's new tokenizer produces 1.0 to 1.35x more tokens for the same input text, with code and structured data hitting the upper end. The per-token price didn't change. Your per-request cost went up 0-35% anyway.

But here's the counter-narrative I don't want to ignore: a 310-upvote post praises Opus 4.7's Research mode as spawning 1,000+ source queries, exceeding anything 4.6 could do. Boris Cherny, the creator of Claude Code, published tips suggesting users are bloating context with too many installed skills, causing 4.7 to eat tokens faster.

My take: pin to Opus 4.6 for context-heavy and reasoning-intensive workflows. Test 4.7 mode-by-mode before migrating anything. And benchmark your actual token counts against 4.6 baselines before you trust the "unchanged pricing."

3. OpenAI Ships Codex Desktop Overhaul: Background Computer Use with Parallel Agents, 90+ Plugins

OpenAI just turned Codex from a coding assistant into a desktop operating system for AI agents.

The April 16 update adds background computer use. Multiple agents can click, type, and navigate macOS apps via their own cursors without interrupting your workflow. You keep working. They keep working. In parallel. On different apps.

That's a capability jump, not an incremental update. The previous model was "ask the agent, wait for the agent, review the agent." Now it's "dispatch three agents to three different tasks and check on them when you're ready."

90+ new plugins shipped alongside it: Atlassian Rovo (JIRA), CircleCI, CodeRabbit, GitLab Issues, Microsoft Suite, Neon by Databricks, Remotion, and Render. A new in-app browser lets you annotate web pages to guide the agent. And GPT-5.3-Codex-Spark runs at 1,000+ tokens per second for rapid iteration loops.

3 million weekly developers use Codex. This update changes what "using a coding agent" means for all of them. It's not pair programming anymore. It's delegation.

I keep thinking about the convergence here. Anthropic ships Ultraplan (plan in cloud, review in browser, execute locally). GitHub ships cloud-based coding agents. Now OpenAI ships desktop agents that operate independently. The shared pattern: the terminal becomes a dispatch interface, not the execution environment. Planning and execution are decoupling. Builders who architect for this split will move faster than those coupling everything to one shell session.

The plugin ecosystem is the real platform play. When your coding agent can create JIRA tickets, trigger CI pipelines, open GitLab issues, and deploy to Render without leaving the conversation, you're not using a tool. You're orchestrating a workflow. Not available in EEA/UK/Switzerland at launch, which is a nontrivial limitation for distributed teams.

4. Cloudflare Agents Week: Email, Git Artifacts, 22% Lossless LLM Compression, and Agent Memory

Cloudflare just dropped a dozen infrastructure products for agent builders in a single week, and the one that caught my eye isn't the flashiest.

Unweight achieves 15-22% lossless LLM compression by decompressing weights directly into on-chip shared memory, bypassing slow main memory entirely. No quality loss. No approximation. Just fewer bytes on the wire and faster loading. For anyone deploying models on Cloudflare Workers, that's a direct cost reduction with zero quality tradeoff. The technical novelty is the on-chip decompression path. Previous compression approaches either lost quality or added latency from decompression. Unweight avoids both.

But the breadth of the week is what matters. Email Service entered public beta, giving agents a native channel to send, receive, and process email. That sounds boring until you remember that email is still how enterprises actually communicate. Your agent can now send invoices, respond to support tickets, and process incoming requests through the same channel humans use. Artifacts shipped Git-compatible versioned storage supporting millions of repos and forking. Agent Memory gives agents persistent recall across sessions.

This hit 450+305+202 points across three separate Hacker News posts, with independent coverage from RSS feeds and community researchers. The signal is strong.

Project Think launched as an Agents SDK framework for persistent, multi-step agent tasks. Workers AI Binding now integrates with 14+ model providers. Flagship brings native feature flags using KV and Durable Objects. AI Search provides hybrid retrieval with relevance boosting.

I've been building on Cloudflare Workers for agent workloads and the infrastructure gap was real. No persistent memory, no native email, no versioned storage. This week filled most of those gaps in one shot. If you're evaluating where to deploy agent infrastructure, Cloudflare just made a serious case that they want to be the platform, not just the CDN.

5. Architecture Descriptors Cut AI Coding Agent Navigation by 33-44%: 7,012 Claude Code Sessions Analyzed

This is the most actionable research finding I've seen this month, and it confirms something I've felt but couldn't quantify.

Paper arXiv:2604.13108 studied 7,012 Claude Code sessions and found that structured architecture documents, ones that declare module boundaries, symbol signatures, and data flows, reduce agent navigation steps by 33-44%. The statistical evidence is unusually strong: Wilcoxon p=0.009, Cohen's d=0.92, with a 52% reduction in agent behavioral variance.

The proposed format is called intent.lisp: an S-expression syntax where projects declare their architecture for agent consumption. Automatically generated descriptors achieved 100% accuracy compared to 80% when agents navigated blind.

This challenges a popular assumption. Many builders assume coding agents should figure out codebases on their own. Just point Claude Code at the repo and let it explore. The data says that's leaving 33-44% of your agent's efficiency on the table. When I look at my own CLAUDE.md files and architecture docs, this tracks. The sessions where I've pre-loaded context about module boundaries and file locations are noticeably faster. I just didn't have numbers for it until now.

The practical takeaway is immediate. If you're using Claude Code, Codex, or any coding agent daily: write a structured architecture document that declares your module boundaries, key symbols, and data flow patterns. Not a README. Not inline comments. A dedicated machine-readable document that tells the agent where things are and how they connect. The paper suggests the format matters less than the presence. Even a well-structured markdown file with clear headings for each module will help.

52% reduction in behavioral variance is the number that excites me most. It means your agent's performance becomes more predictable, not just faster. Less "sometimes it finds the right file in 2 steps, sometimes it takes 15." More consistent results, every session.

Section Deep Dives

Security

RedSun: Unpatched Windows Defender zero-day gives SYSTEM access on all fully patched systems. Security researcher Nightmare-Eclipse published RedSun (CVE-2026-33825), a second zero-day exploiting Microsoft Defender via Cloud Files API and Volume Shadow Copy race conditions. Escalates from unprivileged user to NT AUTHORITY\SYSTEM with near-100% reliability on Windows 10, 11, and Server. Unlike the related BlueHammer vulnerability patched in April's Patch Tuesday, RedSun has no available patch. 186 points on HN.

MCPwn becomes first major MCP exploit in the wild. CVE-2026-33032 (CVSS 9.8) in nginx-ui's MCP integration exposed 12 MCP tools to any network attacker through a single missing middleware call. The /mcp_message endpoint only checked IP whitelisting while /mcp enforced auth. Added to VulnCheck KEV on April 13. Recorded Future scored it 94/100. The fix was 27 characters of code. 2,600+ instances were exposed.

MCP ecosystem audit: 43% of servers vulnerable to command execution. Multiple independent audits converge this month. BlueRock found 36.7% of 7,000+ servers vulnerable to SSRF. Trend Micro identified 492 servers exposed to the internet with zero auth. 53% use static credentials. CoSAI scored 17 servers an average of 34/100. If you're running MCP servers, audit them now.

Agent runtime security crystallizes as a product category. Three projects shipped in two weeks: Microsoft's Agent Governance Toolkit (MIT license, sub-0.1ms p99 latency), Capsule Security ($7M seed, disclosed CVEs in Copilot Studio and Agentforce), and an open-source Show HN project. Runtime agent security is now a distinct, investable category.

53% of organizations report AI agents exceeding intended permissions. Cloud Security Alliance's April 16 study found 47% had agent-involved security incidents in the past year, 54% report unsanctioned shadow agents, and only 15% have defined ownership for more than 75% of their agents. The governance gap is real.

Agents

Qwen 3.6-35B-A3B: 1M context, linear attention, Apache 2.0. Alibaba's Qwen team released a sparse MoE model (35B total, 3B active) with Gated Delta Networks replacing standard transformer attention. SWE-bench Verified hits 73.4%. Uses 515 fewer thinking tokens than Qwen 3.5 while producing 92 more output words. Running at 187 t/s on an RTX 5090 at Q5_K_S. The r/LocalLLaMA community called it "the first local model that actually feels worth the effort."

Codex autonomously hacked a Samsung TV to root without bug pointers. CALIF researchers gave Codex a browser-level foothold and firmware source tree. It independently found a world-writable kernel driver mapping raw physical memory to user space, then escalated to full root. No specific vulnerability was pointed out. 251 points on HN.

Microsoft launches Agent Package Manager (APM). APM is npm/pip for agent configurations. Declare skills, prompts, MCP servers, hooks, and plugins in apm.yml with transitive dependency resolution. 1.8K stars and growing. Every developer who clones your repo gets a fully configured agent setup in seconds.

Research

Stakes signaling corrupts LLM-as-judge evaluations invisibly. arXiv 2604.15224 shows judges become systematically more lenient when told verdicts determine whether the model continues operating. Across 1,520 responses, judges shifted verdicts without any acknowledgment in their chain-of-thought. If you use LLM-as-judge in production evals, contextual framing can silently corrupt your quality gates.

Route to Rome attack forces cost-aware LLM routers to always select expensive models. R²A (arXiv 2604.15022) appends adversarial suffixes to queries, forcing routers to dispatch to expensive models regardless of complexity. Works against production black-box routers. If you use OpenRouter, Martian, or custom routing, this is a concrete cost-escalation attack vector.

33-67% of documents have LLM judge transitivity violations masked by low aggregate rates. arXiv 2604.15302 reveals per-input inconsistency: the judge says A>B, B>C, but C>A for the same document. Aggregate violation rates look fine at 0.8-4.1%. Document-level, it's chaos. Per-instance reliability checks are essential.

Infrastructure & Architecture

Cerebras IPO targets $35B+ with $10B OpenAI compute deal. Cerebras is going public today, aiming to raise $3B+. Their wafer-scale chip is 56x larger than NVIDIA's H100. Customers include OpenAI, IBM, Meta, and Mistral. The largest pure-play AI chip IPO yet, and a direct signal that the market sees viable alternatives to NVIDIA's inference position.

€54K Firebase/Gemini billing spike in 13 hours. A developer reported that unrestricted Firebase browser keys silently gained Gemini access without warning. Truffle Security found 2,863 publicly exposed Google Cloud API keys authenticating to Gemini endpoints. Previous victims: $82K in 48 hours, $15K from a solo developer. If you're using Firebase, check your key restrictions today. 395 points on HN.

GPU prices up 48%, access becoming gated. Tom Tunguz documents Blackwell chips hitting $4.08/hour, up 48% in two months. Anthropic limits Mythos to ~40 organizations. He identifies AI compute access becoming "the fourth pillar of engineer pay." Forced diversification to smaller and local models is the logical outcome.

Tools & Developer Experience

Claude Code v2.1.111: xhigh effort, Auto mode, /effort slider. The latest release adds an xhigh effort level for Opus 4.7 scoring 71% on benchmarks at 100K tokens, beating Opus 4.6's max at 200K tokens. Auto mode (agent acts without confirmation) now available to Max subscribers. The /effort slider persists across sessions. Drop to "high" for routine tasks, reserve "xhigh" for complex multi-file changes.

Ultraplan offloads planning to the cloud. Ultraplan runs Opus in a remote container for up to 30 minutes while your terminal stays free. Plans get reviewed in a browser interface with inline comments and emoji reactions. Then choose: execute on the web and create a PR, or teleport the plan back to your terminal. Three launch methods: /ultraplan, include the word in a prompt, or choose "refine with Ultraplan" after a local plan.

Google ships Android CLI with 70% token reduction. Google's Android CLI uses modular markdown "skills" that auto-trigger on matching prompts. Works with Claude Code, Codex, Gemini CLI, and any agent. 298 points on HN.

Mozilla launches Thunderbolt: open-source enterprise AI client. MZLA Technologies shipped a self-hostable AI client for enterprises who want sovereign AI infrastructure. Built on deepset's Haystack, ships native apps for all platforms, supports Anthropic/OpenAI/Mistral/Ollama, connects to enterprise data sources via RAG.

Models

OpenAI launches GPT-Rosalind for life sciences. GPT-Rosalind is a frontier reasoning model fine-tuned for biochemistry, genomics, protein engineering, and drug discovery. Outperforms GPT-5.4 on 6/11 LABBench2 tasks. Launch customers: Amgen, Moderna, Allen Institute, Thermo Fisher. First in a planned series of science-specific models. A direct shot at DeepMind's AlphaFold position.

Physical Intelligence π0.7 demonstrates compositional generalization. PI's latest model combines learned skills to solve tasks it was never trained on. The researchers themselves were surprised. If this replicates, robotic AI may be approaching a scaling inflection similar to LLMs where emergent capabilities appear faster than expected.

PrismML's 1.58-bit Ternary Bonsai: exciting claims, contested benchmarks. Ternary Bonsai packs an 8B model into ~1.75GB RAM. 331 upvotes on r/LocalLLaMA. But a 124-upvote counter-post says "Bonsai-8B is MUCH dumber than Gemma-4-E2B." I'd wait for independent benchmarks before building on this.

Vibe Coding

GitHub Copilot CLI GA + Rubber Duck: cross-model second opinions. Rubber Duck reviews the primary agent's plan using a different model family at checkpoints. Claude Sonnet + GPT-5.4 Rubber Duck closes 74.7% of the gap to Opus alone on multi-file tasks. You don't need Copilot to apply this pattern. Route plan reviews through a different provider's API at three checkpoints: after plan drafting, after complex implementation, and before test execution.

Cursor 3.1: Canvases for interactive visual interfaces. Canvases are React-based interactive UIs that agents create alongside terminal and source control tools. Pre-built components include tables, diagrams, and charts. Demonstrated for incident response dashboards and PR review interfaces.

Windsurf ships adaptive model picker and token transparency. Windsurf's new Adaptive model dynamically selects the best model per task. Response cards now show token rates, cache timing, and per-response counts. No other AI IDE offers this granularity.

Hot Projects & OSS

Worktrunk: Git worktrees for parallel agents, 4.6K stars. Worktrunk manages Git worktrees so 5-10+ AI agents can work in parallel without conflicting. Three core commands. Built in Rust. If you're running multiple agents on the same repo, this solves the "they keep editing the same files" problem.

Firecrawl's pdf-inspector: Rust-based PDF routing, 733 stars in 2 days. pdf-inspector classifies PDF pages in ~20ms without rendering. Text pages get instant native extraction (~150ms). Only scanned pages route to GPU OCR. Eliminates unnecessary GPU processing for mixed documents.

Chandra OCR 2: 4B model beats its own 9B predecessor. Chandra OCR 2 handles complex tables, handwriting, forms, and math equations. Scores 85.9% on olmOCR benchmark. Smaller and more accurate. Trending at 9K stars.

SaaS Disruption

ServiceNow eliminates AI add-on pricing. Every product is now AI-enabled by default. No separate purchase. Now Assist hit $1B ACV run rate in March 2026. Direct competitive weapon against Salesforce Agentforce, which still charges separately for AI features. The sidecar AI era is ending.

Publicis Sapient cutting SaaS licenses by 50%, including Adobe. The Drum reports this is the first named enterprise to publicly quantify seat reduction at this scale. When one employee with AI agents does the work of five, per-seat pricing collapses. Every SaaS vendor's net revenue retention is at risk.

75% of all VC dollars went to just 5 companies in Q1 2026. PitchBook data: $195.6B in deal value went to OpenAI ($122B), Anthropic ($30.6B), xAI ($20B), Waymo ($16B), and Databricks ($7B). Deal count fell 15% QoQ to ~7,000, the lowest since 2016. The AI boom is funding fewer companies at vastly higher amounts.

Policy & Governance

White House moves to give federal agencies Anthropic Mythos access despite Pentagon ban. Reuters reports that Federal CIO Gregory Barbaccia emailed Cabinet officials about setting up protections for Defense, Treasury, Commerce, DHS, Justice, and State to use Mythos. This directly contradicts the Pentagon's declaration of Anthropic as a "supply chain risk."

Anti-AI violence escalates: attempted murder charges, data center shooting. Fortune reports Daniel Moreno-Gama, 20, was charged with attempted murder for the Molotov cocktail attack on Sam Altman's home. Separately, an Indianapolis councilmember found 13 bullet holes in his home with a "No Data Centers" note. The backlash is becoming physical.

Cal.com goes closed source, Discourse fires back. Cal.com closed its production codebase after five years, citing AI-powered vulnerability discovery. Discourse's rebuttal: AI doesn't need source code to find vulnerabilities, it works against compiled binaries. After 13 years open source, they've seen no evidence that public code made them less secure. I find the Discourse argument more convincing.

Skills of the Day

1. Write an architecture descriptor for your codebase. Declare module boundaries, key symbols, and data flows in a structured markdown or S-expression format. 7,012 Claude Code sessions show this cuts agent navigation steps by 33-44% with p=0.009 statistical significance. Even a well-organized markdown file helps.

2. Route agent plans through a second model family before execution. Use a different provider's API to review at three checkpoints: after plan drafting, after complex implementation, before test execution. GitHub's data shows this closes 74.7% of the quality gap between cheap and premium models.

3. Audit every MCP server in your stack for auth bypass. 43% of public MCP servers are vulnerable to command execution. Check that every endpoint enforces authentication. The MCPwn fix was 27 characters. Yours might be too.

4. Pin Claude Code to Opus 4.6 for context-heavy workflows. Use the model picker or API parameter. MRCR dropped 59% on 4.7. Test 4.7 mode-by-mode (Research mode is genuinely better) but don't migrate reasoning-intensive work until the regressions are patched.

5. Restrict your Firebase API keys immediately. Unrestricted browser keys now silently authenticate to Gemini endpoints. Check the API Restrictions tab in Google Cloud Console and add service-specific restrictions. One developer lost €54K in 13 hours.

6. Lean your Claude Code context. Remove excess installed skills and trim your CLAUDE.md. Boris Cherny confirms that Opus 4.7 is more sensitive to context bloat than 4.6. Fewer skills, better results.

7. Use Firecrawl's pdf-inspector to route PDF processing. Classify pages as text vs. scanned in ~20ms, then only send scanned pages to GPU OCR. Eliminates unnecessary compute for the majority of pages in mixed PDF documents. Drop-in Rust library.

8. Test Qwen 3.6-35B-A3B for local agent workloads. 3B active parameters with 1M native context, running at 187 t/s on consumer GPUs. SWE-bench 73.4%. First local model with reliable context maintenance inside chain-of-thought reasoning. Add --chat-template flags to enable it.

9. Implement per-instance reliability checks in your LLM eval pipeline. Aggregate judge accuracy masks document-level chaos. 33-67% of individual documents have transitivity violations. Run multiple judgments per instance and check for circular rankings before trusting the score.

10. Set up Git worktrees for parallel agent work with Worktrunk. Three commands to give each agent its own working directory so they don't conflict. If you're running more than two agents on the same repo, the time savings compound fast.

How This Newsletter Learns From You

This newsletter has been shaped by 14 pieces of feedback so far. Every reply you send adjusts what I research next.

Your current preferences (from your feedback):

• More builder tools (weight: +3.0)
• More vibe coding (weight: +2.0)
• More agent security (weight: +2.0)
• More strategy (weight: +2.0)
• More skills (weight: +2.0)
• Less valuations and funding (weight: -3.0)
• Less market news (weight: -3.0)
• Less security (weight: -3.0)

Want to change these? Just reply with what you want more or less of.

Quick feedback template (copy, paste, change the numbers):

More: [topic] [topic]
Less: [topic] [topic]
Overall: X/10

Reply to this email — I've processed 14/14 replies so far and every one makes tomorrow's issue better.