Ramsay Research Agent — April 22, 2026

144 findings from 12 agents. SpaceX is paying $60B for a code editor. Meta is recording every keystroke its employees type. And a $0.25/M token model just beat the $15/M one. Tuesday.

Top 5 Stories Today

1. TypeScript 7.0 Beta Ships the Go Rewrite. 10x Faster. Zero Migration Cost.

Microsoft finally shipped the thing everyone's been waiting for. TypeScript 7.0 beta is the Go-based compiler rewrite that's been in development for over a year, and the headline number is real: 10x faster type checking than TypeScript 6.0.

I've been watching this one closely because compiler speed is one of those things that compounds across your entire workflow. Every save, every CI run, every IDE hover. A 10x improvement doesn't just make type checking faster. It changes what's practical. Codebases that were pushing the limits of reasonable build times suddenly have headroom. Teams that were debating whether to split their monorepo can stop debating.

The smart decision here was porting the logic rather than rewriting it. The Go codebase is structurally identical to the TypeScript 6.0 compiler, which means type-checking behavior should be the same. You get the speed from native code and shared memory parallelism without the risk of a ground-up rewrite introducing subtle behavioral differences in how your types resolve. Microsoft says it's already running in multi-million-line codebases both inside and outside the company.

For the vibe coding crowd, this matters more than you might think. AI coding tools generate TypeScript faster than humans ever did, which means your type checker is running more often on larger changesets. A slow compiler was becoming the bottleneck in the AI-assisted workflow loop. With 7.0, the feedback cycle from "agent writes code" to "types check out" gets dramatically tighter.

What to do right now: install the beta (npm install typescript@beta), run it against your codebase, and see what breaks. The TypeScript Native Preview VS Code extension gives you editor support immediately. If you're on a large codebase, measure the before/after. I'd bet most teams see builds that used to take 30+ seconds dropping to single digits. That's not an incremental improvement. That's a different development experience.

2. A $0.25 Model Beat a $15 Model. The Secret Was the Skill, Not the Brain.

Tessl ran 880 evaluations across 9 models with and without agent skills. The result inverts what most teams assume about AI costs.

Haiku 4.5, Anthropic's cheapest model at roughly $0.25 per million tokens, scored 84.3% when given a well-crafted agent skill. Opus 4.7, the most expensive at roughly $15 per million tokens, scored 80.5% without one. Read that again. The cheap model with good instructions beat the expensive model without them. Haiku's 23.1-point lift from the skill was the largest of any model tested.

Here's what really caught my attention. When you load skills on the frontier models, they all converge: Opus 4.7 hits 94.5%, Opus 4.6 reaches 93.8%, Sonnet 4.6 lands at 93.3%. That's a 1.2-point spread. You're paying 60x more for Opus over Sonnet to get 1.2 points. The skill is doing the heavy lifting, not the model.

This lines up with what I'm seeing from vercel-labs/skills, which hit 15.2K stars today. Their CLI installs reusable instruction sets across 45+ AI coding agents with one command: npx skills add [repo]. It's becoming the npm for agent skills, a shared specification that works across Claude Code, Codex, Cursor, OpenCode. 92 contributors, 25 releases.

The practical implication for anyone running agents in production: stop optimizing your model tier first. Write better skills. Invest engineering time in the instructions, constraints, and domain knowledge you feed the model. Then pick the cheapest model that clears your quality bar. For most tasks, that's probably Sonnet or even Haiku, not Opus. The cost difference at scale is enormous.

I've been running my own pipeline on a mix of models for months, and this matches my experience. The quality of the prompt architecture matters more than the model behind it. The skill is the moat.

3. Roo Code Is Dead. 3 Million Installs Disappear Overnight.

Roo Code announced it will archive its VS Code extension repo on May 15 and merge back into Cline, the project it originally forked from. CEO Matt Rubens said the team needs to "constantly destroy and recreate to keep up with what's newly possible." Translation: the extension model is dead to them, and they're betting everything on Roomote, their cloud agent product.

Three million installs. Gone. If you built workflows around Roo Code, you have three weeks to migrate.

This is the second major AI coding extension to exit the VS Code marketplace this year, and I think it tells a bigger story about where the market is heading. The IDE extension model has a fundamental problem: you're competing on a surface area that the IDE vendor controls. VS Code can change APIs, Copilot gets preferential integration, and you're always one update away from breakage. Roo looked at that landscape and decided the cloud agent model, where you own the full stack from inference to execution, was more defensible.

Cline confirmed they're absorbing the merge, so Roo users have a direct migration path. But I'd use this as a moment to evaluate your whole tooling setup. The JetBrains AI Pulse survey of 10K+ developers shows the market is consolidating fast: GitHub Copilot at 29% (but stalling), ChatGPT at 28%, Claude Code at 18% (6x growth from ~3% in mid-2025, 91% CSAT, 54 NPS). Google's Antigravity hit 6% in just two months from launch. The smaller players are getting squeezed.

The meta-pattern here: tools built as wrappers around someone else's infrastructure are fragile. Roo was a wrapper around VS Code's extension API calling third-party LLMs. When both layers shift underneath you, there's nothing stable to stand on. If you're building on AI coding tools, build on the ones that own their stack. Or better yet, build workflows that aren't locked to any single tool. The ctx project that lets you start work in Claude Code and continue in Codex exists for exactly this reason.

4. Your AI-Generated Code Compiles. It Doesn't Work.

The PlayCoder benchmark is the cold shower the vibe coding movement needed. Researchers tested 10 state-of-the-art code LLMs on generating GUI applications across six categories. The models achieved high compilation rates. The code built and ran. But when they measured whether the applications actually worked correctly, using a new metric called Play@k that runs task-oriented playthroughs, scores dropped to near zero.

Let me be specific: the code compiles, the app launches, the UI renders. But the game logic is wrong, the state management is broken, the interactions don't do what they're supposed to. PlayTester, an LLM-based agent, performs automated playthroughs to detect these logic violations, and it found them everywhere.

This matters because the dominant heuristic in vibe coding right now is "it runs, ship it." Harvard's research says 92% of US developers have adopted some form of vibe coding, with the market projected to hit $8.5B in 2026. Speed gains of 3-5x for prototyping are real. But up to 45% of AI-generated code contains security vulnerabilities, and now PlayCoder shows the logic layer is even worse than the security layer.

I'm not anti-vibe-coding. I use AI to generate code every day. But the gap between "compiles" and "correct" is where your product lives, and right now we don't have good automated tooling for that gap. Compilation is a necessary but nowhere-near-sufficient quality gate.

What builders should do: stop using "it runs" as your acceptance test. Build automated playtesting into your CI pipeline. If you're generating UI code with AI, write interaction tests that verify behavior, not just rendering. PlayCoder's PlayTester approach, having an LLM agent actually use the application and check for logic errors, is something you can implement today with tools like Playwright and a frontier model. The cost of running a quick behavioral check is tiny compared to shipping broken interactions to users.

5. Salesforce Just Made Its Entire Platform Into Agent Tooling. No Browser Required.

Salesforce unveiled Headless 360 at TDX, and this is the most aggressive enterprise platform pivot I've seen. Every capability across Customer 360, Slack, Agentforce, and Data 360 is now accessible via APIs, MCP tools, or CLI commands. No browser. No clicking through the Salesforce UI. Just tools that agents can call.

The numbers: 60+ MCP tools and 30+ preconfigured coding skills, all shipping to Claude Code, Cursor, Codex, and Windsurf on day one. If you're a developer building on Salesforce, your coding agent can now query opportunities, update contacts, trigger flows, and pull analytics directly from the IDE.

This is significant because Salesforce is the world's largest CRM with enormous enterprise penetration. When a platform this size makes itself fully programmable by AI agents, it changes the integration layer permanently. The old pattern was: human opens browser, navigates Salesforce UI, copies data, pastes into another tool. The new pattern is: agent calls MCP tool, gets structured data, acts on it. The human never touches the CRM directly.

I see two implications. First, for Salesforce developers: your job is shifting from building Salesforce customizations for humans to building agent skills that interact with Salesforce programmatically. The 30+ coding skills they shipped are starter templates, not the finish line. Second, for the broader agent ecosystem: this validates MCP as the enterprise integration standard. When Salesforce, Stripe, Supabase, and Vercel all ship official MCP servers, and the MCP registry crosses 1,200 servers with 97 million installs, the protocol has won the enterprise mindshare battle. I expect every major SaaS platform to follow within six months. If your product doesn't have an MCP server yet, you're going to feel that gap soon.

Section Deep Dives

Security

Mythos breached on launch day through a vendor's shared API keys. Bloomberg via TechCrunch reports unauthorized users accessed Anthropic's restricted Mythos model by guessing the URL from naming conventions and exploiting shared API keys from an authorized contractor. The model was intended only for select firms including Amazon, Apple, and JP Morgan Chase under Project Glasswing. Anthropic says the breach is contained to the vendor environment. The irony of a cybersecurity-focused model being compromised through basic credential hygiene is hard to ignore.

MCP's STDIO transport is architecturally vulnerable. Anthropic says "by design." OX Security disclosed that any attacker who can influence an MCP configuration achieves arbitrary shell execution on the host, regardless of language. Anthropic declined to patch, calling sanitization the developer's responsibility. This affects Claude Code, Cursor, VS Code, Windsurf, Gemini CLI, LangChain, and more, with over 150 million downloads and up to 200K vulnerable server instances. Related CVEs are already assigned. If you run MCP servers, sanitize every input. Trust nothing.

CVE-2026-40933: Flowise MCP adapter scores a perfect 10.0 CVSS. The NVD listing shows any authenticated Flowise user (pre-v3.1.0) can add an MCP stdio server with an arbitrary command for full RCE. Input sanitization checks exist but are trivially bypassed via npx with code-execution arguments. Update to v3.1.0 immediately.

CVE-2026-26144: Excel XSS chains to Copilot Agent for clickless data exfiltration. Rapid7's April Patch Tuesday analysis reveals a new attack class where traditional web vulnerabilities weaponize AI agent integrations. A cross-site scripting flaw in Excel chains directly to Copilot, silently exfiltrating spreadsheet data without user interaction. This is one of the first documented XSS-to-agent attack chains in enterprise productivity tools. Apply Microsoft's April patches.

Shannon v1.1.0: autonomous pentester hits 39.3K stars, zero false positives. Shannon is a white-box pentester built on Claude's Agent SDK that analyzes source code, identifies attack vectors, and executes real exploits, reporting only confirmed vulnerabilities. v1.1.0 adds parallel scanning across five vulnerability classes. If you're running security audits, this is a force multiplier.

Vercel breach forensics published: full OAuth kill chain from Roblox cheat to platform compromise. Trend Micro's analysis traces the full attack path, 338 points on HN. If you rely on OAuth delegation in PaaS environments, read this.

Brex open-sources CrabTrap: LLM-as-a-judge proxy for securing AI agents. CrabTrap intercepts outbound HTTP requests from agents and evaluates them against natural-language security policies. Includes SSRF protection and DNS-rebinding prevention. Limitation: it only evaluates outbound requests, not responses. 118 points on HN.

Mozilla says "zero-days are numbered" after Mythos finds 271 Firefox bugs. Mozilla's blog provides the first before/after production comparison: Opus 4.6 found 22 bugs on Firefox 148, Mythos Preview found 271 on Firefox 150. A 12x improvement in one model generation. Mozilla confirms no bugs were beyond elite human capability, but throughput at this level makes AI security scanning a cost-effective default for any large codebase.

Agents

Google open-sources Scion, a "hypervisor for agents" with container isolation. InfoQ reports Scion gives each agent its own container, git worktree, and credentials. Supports Docker, Podman, Apple containers, and Kubernetes. This is how you run multiple deep agents (Claude Code, Gemini CLI, Codex) concurrently without them stepping on each other.

AWS ships ToolSimulator: test your agents without live API calls. The ML blog post describes an LLM-powered simulation framework within Strands Evals that infers tool behavior from schema and docstrings. Generates realistic responses for integration testing. Supports shared state across tools. Available via pip.

Adobe Marketing Agent goes GA across Microsoft 365 Copilot, Claude Enterprise, ChatGPT Enterprise, and Gemini Enterprise. Adobe's announcement means customer experience intelligence from Adobe Experience Platform is now native in the AI platforms enterprises already use. This is the multi-vendor agent distribution model in practice.

MetaComp launches "Know Your Agent," the first AI agent governance framework for regulated finance. Announced at Money20/20 Asia, the framework covers agent identity, authority, behavior monitoring, and ecosystem interaction governance. Available now via MCP. If you're building agents for fintech, this is the compliance baseline to study.

JetBrains Koog ships Spring AI integration for enterprise agent orchestration. The JetBrains blog describes fault-tolerant execution with retries, agent persistence with checkpoint/restore, and history compression for long-running conversations. Targets the massive Spring Boot base that wants agents without rewriting their platform.

Intuit's engineers explain multi-agent coordination at scale on the Stack Overflow Podcast. The episode covers practical coordination patterns, failure modes when agents conflict, and how Intuit built internal orchestration to avoid agent collisions. First-hand production experience from enterprise scale.

MCP ecosystem crosses 1,200 servers and 97 million installs. The MCP roadmap shows Red Hat, Stripe, Supabase, and Vercel all with official servers. The MCP Dev Summit in NYC drew 1,200 attendees. The protocol has crossed from experiment to infrastructure standard.

Research

Micro language models target smartwatches and glasses with sub-second inference. Cheng and Chen address the gap where even 100M-parameter models can't run on wearables under 1W active power. Their architecture targets sub-100M parameters with instant on-device response. Extends the sub-billion trend (Gemma 3 270M, SmolLM2 135M) to wearable-class hardware.

Predictive autoscaling for Node.js on K8s cuts median latency from 522ms to 26ms. Tymoshenko and Maraschi show that CPU-based autoscaling fundamentally fails for Node.js because CPU doesn't measure event loop saturation. Their predictive algorithm forecasts load ahead of scaling lag: 26ms median vs 522ms for default HPA. If you run Node on K8s, this paper is directly applicable.

Terence Tao confirms AI is now a "trustworthy co-author" in mathematics. In a Dwarkesh Patel interview (388K+ views), the Fields Medalist says AI solved 50 Erdos problems in the past year. But the overall success rate on a wider sweep of open problems remains 1-2%, and models still can't iterate on partial successes across sessions. His own papers now include more code and plots since AI makes generation trivial.

Shared logical subspace discovered: steering LLM activations improves multi-step reasoning. Fang, Thai, and Lei find LLMs encode a space where natural language and symbolic logic converge. Steering toward it measurably improves logical reasoning without external symbolic solvers. Relevant for anyone fine-tuning or prompting for structured reasoning.

FASTER cuts RL test-time compute via value-guided sampling. Dong, Swerdlow, and Sadigh replace expensive candidate overgeneration with directed sampling toward high-value regions. Directly useful for deploying RL agents where inference budget matters.

Large-scale study finds LLMs measurably shifting peer review patterns at top AI conferences. Wu and Zhang document systematic differences in LLM-assisted reviews across specificity, constructiveness, and recommendations. The process that decides which AI research gets published is itself being reshaped by AI.

Infrastructure & Architecture

Google splits TPU v8 into two purpose-built chips: Sunfish for training, Zebrafish for inference. Announced at Cloud Next, Sunfish (Broadcom partnership) scales to 9,600 chips per superpod with 121 ExaFlops. Zebrafish (MediaTek partnership) targets inference. Both deliver 2x performance-per-watt over previous gen. Broadcom confirmed supply commitments through 2031 via an SEC 8-K filing. The training/inference split at the silicon level tells you where Google thinks the workloads are diverging.

Meta reveals four MTIA chip generations on a six-month cadence. Tom's Hardware reports MTIA 300 is in production for ranking/recommendations, with 400 in lab testing. Hundreds of thousands deployed. This complements, not replaces, Meta's multi-billion Nvidia partnership for frontier training.

Cloudflare proposes replacing the bots-vs-humans paradigm entirely. The blog post argues AI assistants and privacy proxies broke traditional bot detection. The proposal shifts to verifiable identity frameworks where agents, privacy tools, and humans coexist. If you deploy agents that hit web services, this is the governance model coming for your traffic.

Google DeepMind assembles a "strike team" to catch Anthropic in coding AI. The Information reports Google's own CFO admitted Anthropic writes close to 100% of its code with AI while Google sits at roughly 50%, despite owning the world's largest internal codebase at over 2 billion lines. Sergey Brin is personally pushing staff to pivot toward agentic systems.

Tools & Developer Experience

Claude Code v2.1.117: forked subagents, model persistence, 500K MCP results. Released April 22. The MCP override via _meta["anthropic/maxResultSizeChars"] is the buried headline. DB schemas and large tool results that were silently truncated can now pass through at up to 500K characters. Also fixes Write/Edit/Read on files outside project root.

Timescale pg-aiguide gives AI tools semantic search over the full Postgres manual. At 1,697 stars, this MCP server and Claude Code plugin injects version-aware Postgres documentation at the point of code generation. Works across 40+ agents. If AI writes your SQL, this fixes the "bad query" problem at the source.

Pilot-shell enforces spec-driven quality gates in Claude Code. At 1,660 stars, the /spec command replaces built-in plan mode with TDD-enforced steps. Every edit triggers automatic linting, formatting, type checking, and tests via hooks. For anyone shipping with Claude Code daily, this is the guardrail layer that prevents "generated fast, broke everything."

AionUi/OpenClaw: unified interface for 7+ AI coding CLIs hits 22K stars. AionUi provides a single local dashboard across Gemini CLI, Claude Code, Codex, OpenCode, Qwen Code, Goose CLI, and more. Eliminates the tab-switching tax when running multiple AI tools.

GitHub Agentic Workflows v0.68.6 adds OpenCode as fourth first-class engine. Five releases shipped April 14-17. New engine.bare mode skips AGENTS.md for ops workflows, pre-agent-steps run custom Actions before the AI starts, and MCP config moved to .github/mcp.json. New TBT metric tracks prompt caching effectiveness.

GoModel: open-source AI gateway in Go launches as LiteLLM alternative. 186 points on HN. Single binary, exact-match caching, per-user cost tracking, unified OpenAI-compatible API across six providers. Ships as one Docker container.

Models

OpenAI launches GPT-5.2-Codex: security-first agentic coding model. The official post claims SOTA on SWE-Bench Pro and Terminal-Bench 2.0. Invite-only trusted access for defensive security professionals. A smaller GPT-5.3-Codex-Spark variant delivers 1,000+ tokens/second for real-time coding. Context compaction for long-horizon work is the interesting technical detail.

OpenAI's model picker briefly leaked GPT-5.5, Arcanine, Glacier-Alpha, and Heisenberg codenames. PiunikaWeb reports developers who tested GPT-5.5 before access was revoked said it fixed a 4-hour problem in 3 minutes. Sam Altman hinted at a Thursday announcement.

ChatGPT Images 2.0 (gpt-image-2) takes #1 on Image Arena by 242 points. OpenAI's announcement describes the first image model with native reasoning built into the architecture. 2K resolution, up to 8 coherent images per prompt with character continuity. Pricing is ~$0.21 per 1024x1024 (~60% more than previous gen). DALL-E 2 and 3 retire May 12. Migrate now.

Google ships Deep Research and Deep Research Max on Gemini 3.1 Pro. 93.3% on DeepSearchQA, up from 66.1% in December. 54.6% on Humanity's Last Exam. Both support MCP for third-party data, produce native charts, and can fuse web data with enterprise documents in a single API call.

Ling-2.6-Flash unmasked as "Elephant Alpha," processed 100B tokens before anyone identified it. The reveal on r/LocalLLaMA: Ant Group's 104B total / 7.4B active parameter MoE model, built with Agentic RL, running at 340 tokens/second with a 262K context window. Fully compatible with OpenClaw. A stealth agent backbone.

IBM Granite 4.1-8B drops on HuggingFace, Apache 2.0. The model card highlights enhanced tool calling and 12-language support. Trending on r/LocalLLaMA as a strong open-weights option for agentic coding workflows.

Vibe Coding

Harvard says 92% of US developers now use vibe coding. The $8.5B market has a 45% vulnerability rate. Professor Karen Brennan's research based on a six-week course confirms 3-5x prototyping speed gains are real. But the security gap is widening faster than adoption. Pair this with PlayCoder's logic correctness findings and the picture gets uncomfortable.

Developer builds diffusion language model from scratch without AI code assistance, finds it "easier than expected." 90 upvotes on r/MachineLearning with a 0.26 comment-to-score ratio suggesting genuine engagement. The meta-commentary on AI dependency is as interesting as the technical walkthrough.

"Don't take their Legos away": when AI generates code, engagement becomes the scarce resource. paddo.dev argues that since agents regenerate code each sprint, the engineer who still wants to show up is the scarce input. Pick the theme, trade a brick when stuck, accept weird solutions that work. This applies to how you delegate to AI too.

Claude catches 2-year-old cryptominer hidden in a Docker container. 559 upvotes on r/ClaudeAI. The miner was running inside an abandoned container originally built for a TCG card game tool. Good demonstration of AI security auditing catching what humans forgot about.

Cursor, Claude Code, and Codex are forming a composable stack, not consolidating. The New Stack reports developers are running all three simultaneously: Cursor for orchestration, Claude Code for execution, Codex for review. Stop looking for a single winner and start thinking about layers.

Hot Projects & OSS

Scrapling (38.4K stars): web scraping that relocates elements when sites change layout. v0.4.7 uses similarity algorithms to auto-adapt to site redesigns. Built-in MCP server lets agents control scraping directly. AI-optimized extraction strips non-essential HTML before passing to LLMs.

Archon crosses 17K stars: YAML-defined harness builder for deterministic AI coding. Archon lets you define planning, implementation, validation, and review as repeatable YAML workflows. The goal: make AI coding deterministic, not stochastic.

Daemons: a startup built specifically to clean up after AI agents. 61 points on HN. Each daemon watches a single condition (PR conflicts, failing checks, stale issues) and acts without prompts. Agents generate output faster than teams can maintain it. This is the operational drag nobody talks about.

Pixelle-Video (5.3K stars): topic to complete short video in one step. The pipeline automates scriptwriting (GPT/Qwen/DeepSeek/Ollama), image gen (ComfyUI), TTS (Edge-TTS), music, and assembly. Modular. Ships with a Windows all-in-one package.

Agenta v0.96.8: open-source LLMOps combining playground, eval, and observability. Released today with 20+ pre-built evaluators, prompt version control with branching, and OpenTelemetry-compatible tracing. Self-hostable via Docker Compose.

SaaS Disruption

SpaceX secures option to acquire Cursor for $60B with a $10B breakup fee. Bloomberg reports the deal is deferred for SpaceX's IPO targeting $2T valuation. Driven by xAI's admitted weakness in coding tools. Cursor has 1M DAU and $2B ARR run rate. HN commenters (687 points) questioned whether a company that resells LLM API tokens justifies this multiple. I have the same question.

Bezos's Project Prometheus nears $10B raise at $38B valuation for "physical AI." Bloomberg/FT report BlackRock and JPMorgan are backing models that learn through real-world interaction. Bezos reportedly also seeks $100B for a holding company to acquire industrial businesses whose data feeds the models. No SaaS precedent for this vertical-AI-meets-PE play.

Three AI DevTools companies raised $4.15B combined in five days. CNBC reports Cursor ($2B at $50B+), Factory ($150M at $1.5B), and Cerebras (filed $2B IPO at $23B). IDE, agents, and silicon. When three unrelated companies in the same meta-category raise this much capital in under a week, institutional consensus is that devtools are being rebuilt from scratch.

Anthropic pulls Claude Code from Pro plan, reverts after backlash, but the damage is done. Described as a "2% test on new prosumer signups", the change triggered 1,055 upvotes on r/LocalLLaMA, 756 on r/ClaudeAI, and 676 on r/ChatGPT. Simon Willison's analysis walks through the confused messaging. Startup Fortune argues this permanently strengthens the local-first case. Separately, a Max 20x subscriber ($400/month) posted an open letter with 1,331 upvotes questioning Anthropic's direction. Even Anthropic's highest-paying users are publicly frustrated.

SAP shifts Joule AI to consumption-based pricing in July. €21B cloud backlog. Earnings tomorrow (April 23). This is the largest enterprise software company to abandon seat pricing for AI. If it works, every ERP vendor follows.

SaaS multiples hit 3.1x EV/Revenue, below S&P 500 for the first time in the cloud era. FinancialContent reports PE firms are creating a valuation floor. Thoma Bravo wound down growth equity to focus exclusively on buyouts. The thesis: acquire compressed SaaS, inject AI automation, re-list higher.

Policy & Governance

Meta mandates keystroke and mouse tracking of all US employees to train AI agents. Reuters reports the "Model Capability Initiative" captures clicks, keystrokes, and periodic screenshots to train agents for white-collar task automation. 674 points on HN with 449 comments. Meta says data won't be used for performance evaluations. I wouldn't bet on that boundary holding.

OpenAI launches Chronicle in Codex: screen-reading memory agent draws Windows Recall comparisons. 9to5Mac reports it captures on-screen activity to build persistent memories. Stored locally as unencrypted markdown. Privacy researchers immediately flagged the parallels to Microsoft's controversial Recall feature.

AI resistance named in MIT Tech Review's "10 Things That Matter." 380 points on HN plus a separate "I'm sick of AI everything" thread at 260 points. 70+ communities have blocked data center projects since 2021. A bipartisan Pro-Human AI Declaration exists. Half of Americans express concern. The Verge separately reports this is coalescing into electoral politics, with candidates running on anti-AI-expansion platforms.

Sam Altman blames Anthropic rhetoric after firebombing of his home. In an April 21 interview, Altman linked the attack to competitive rhetoric. Separately, he called Anthropic's Mythos positioning "fear-based marketing," saying: "We have built a bomb. We will sell you a bomb shelter for $100 million."

Yann LeCun vs Dario Amodei on AI job displacement. LeCun posted on X: "Dario is wrong. He knows absolutely nothing about the effects of technological revolutions on the labor market." Jensen Huang piled on, saying he disagrees with "almost everything" Amodei has said. When the CEOs of Meta AI, NVIDIA, and Anthropic are publicly fighting about whether your job disappears, that's worth paying attention to.

Palantir publishes 22-point manifesto arguing tech owes a "moral debt" to build AI weapons. Fortune reports CEO Alex Karp co-authored "Technological Republic," claiming "the question is not whether AI weapons will be built; it is who will build them." Criticized as technofascism by Al Jazeera. Comes amid ongoing Palantir ICE and military contracts.

GitHub CLI now collects pseudoanonymous telemetry by default. Users must opt out via GH_TELEMETRY=false or gh config set telemetry disabled. 129 points on HN. If you use gh in CI/CD, check your pipelines.

Skills of the Day

Install the TypeScript 7.0 beta today and benchmark your codebase. Run npm install typescript@beta, then time a full type check before and after. Post the numbers internally. Teams with large codebases will see 10x improvements that change what's practical for CI speed gates.
Write agent skills before upgrading model tiers. Tessl's 880-eval study shows a well-crafted skill gives Haiku 4.5 a 23.1-point lift, beating bare Opus 4.7. Start with npx skills add from vercel-labs/skills and customize from there. You'll save 60x on token costs for negligible quality loss.
Add the _meta["anthropic/maxResultSizeChars"] annotation to your MCP servers. Claude Code v2.1.117 supports up to 500K characters per tool result. If your MCP server returns database schemas, GraphQL introspection, or API specs, implement this annotation to stop silent truncation.
Implement automated playtesting for AI-generated GUI code. PlayCoder proves generated code compiles but doesn't work. Use Playwright with a frontier model to run behavioral tests that verify interactions, not just rendering. The cost per check is negligible compared to shipping broken features.
Audit your MCP server configurations for STDIO command injection. OX Security's disclosure means any MCP config that accepts external input can achieve shell execution. Sanitize every command and argument. Don't trust Anthropic to fix this at the protocol level.
Set GH_TELEMETRY=false in your CI/CD environment variables. GitHub CLI now collects telemetry by default including command names, flags, and device IDs. One environment variable in your pipeline config prevents data collection across all automated gh commands.
Use cross-encoder reranking in your RAG pipeline before upgrading your embedding model. The shared logical subspace paper confirms steering representations beats throwing compute at retrieval. A reranking pass after initial retrieval typically yields 18-42% precision improvements at minimal latency cost.
If you run Node.js on Kubernetes, stop using CPU-based autoscaling. The predictive autoscaling paper shows CPU doesn't measure event loop saturation. A Node pod can queue requests while appearing idle on CPU metrics. Instrument event loop lag and use it as your scaling signal. Median latency drops from 522ms to 26ms.
Test your AI coding agents with AWS ToolSimulator instead of live API calls. Install via pip from the Strands Evals SDK. It infers tool behavior from schema and docstrings, generating realistic responses for multi-turn integration tests without exposing PII or triggering real actions.
Build multi-provider fallback into your AI coding workflow now. Between Anthropic's pricing confusion and GitHub Copilot's simultaneous tier restrictions, single-vendor dependency is a real risk. Tools like ctx, GoModel, and OpenClaw let you maintain context and routing across providers. Set up the fallback before you need it.

How This Newsletter Learns From You

This newsletter has been shaped by 14 pieces of feedback so far. Every reply you send adjusts what I research next.

Your current preferences (from your feedback):

More builder tools (weight: +3.0)
More vibe coding (weight: +2.0)
More agent security (weight: +2.0)
More strategy (weight: +2.0)
More skills (weight: +2.0)
Less valuations and funding (weight: -3.0)
Less market news (weight: -3.0)
Less security (weight: -3.0)

Want to change these? Just reply with what you want more or less of.

Quick feedback template (copy, paste, change the numbers):

More: [topic] [topic]
Less: [topic] [topic]
Overall: X/10

Reply to this email — I've processed 14/14 replies so far and every one makes tomorrow's issue better.