Welcome, Developers! 👋 We've got a good one this week. Claude found 22 zero-day vulnerabilities in Firefox in two weeks. A GitHub issue title silently installed software on 4,000 developer machines. And Google just dropped a practical guide to teaching AI agents structured skills. This week's picks are the kind of reads that make you close your IDE for 20 minutes - and come back sharper. |
|
|
|
|
|
 |
Unlock the data your product can't see Most tools are still locked to their own database, blind to everything users already have in Slack, GitHub, Salesforce, Google Drive, and dozens of other apps. That's the ceiling on what you can build. WorkOS Pipes removes it. One API call connects your product to the apps your users live in. Pull context from their tools, cross-reference data across silos, power AI agents that act across services. All with fresh, managed credentials you never have to think about. |
| Start Building Connected Products |
|
|
|
🔖 The Reading Room Articles we have hand-picked for you: |
|
|
Partnering with Mozilla to Improve Firefox's Security Claude Opus 4.6 found 22 vulnerabilities in the current version of Firefox in just two weeks - 14 of them high-severity, nearly a fifth of all high-severity Firefox vulnerabilities remediated in 2025. Mozilla shipped fixes to hundreds of millions of users in Firefox 148, and Anthropic walks through the entire process: how the first Use After Free surfaced in twenty minutes, why Mozilla asked for bulk submissions, and what crude exploit attempts revealed about where AI-driven security research is heading. By Anthropic → |
|
Good Software Knows When to Stop Imagine updating your Linux box and discovering that ls has been replaced by an "AI-Powered Directory Intelligence" tool that predicts which files you meant to list. That satirical opener sets up a serious argument: the best software resists the urge to do everything, understands the problem it solves, and leaves the rest to other tools. Worth reading next time you're tempted to add "just one more feature." By Olivier Girardot → |
|
A GitHub Issue Title Compromised 4,000 Developer Machines An attacker embedded a prompt injection in a GitHub issue title. An AI triage bot read it, executed arbitrary code, poisoned the CI cache, stole npm credentials, and published a malicious package that silently installed a second AI agent on every machine that updated. Five discrete vulnerabilities chained together. Eight hours before anyone noticed. The entry point was natural language. By grith → |
|
The L in "LLM" Stands for Lying What if LLM output isn't creative or productive - but counterfeit? This essay reframes AI-generated code as forgery: imitations produced faster than a human could make them, then passed off as the real thing. The author argues that vibe-coding degrades software craft the same way counterfeit goods erode markets, and that the "inevitability" narrative around AI adoption is manufactured pressure, not a natural force. By Steven Wittens → |
|
Closing the Knowledge Gap with Agent Skills AI agents are great at following instructions but terrible at knowing what they don't know. Google's answer is structured skills - reusable, well-defined capabilities you package and deploy through the Gemini API so agents stop guessing and start executing reliably. If you've been frustrated by agents that work in demos but fall apart in production, this covers why and what to do about it. By Google Developers → |
|
|
|
|
|
|
🔗 The Link Lounge Unordered finds from around the web:
Find something cool? You can send us links to feature here via email. |
|
|
|
|
|
🧰 The Toolbox Tools and products we're excited about today: |
|
|
|
Claude Code Review Anthropic's new code review tool integrates with GitHub and automatically analyzes pull requests for logical errors. Designed for enterprise teams dealing with the flood of AI-generated code from Claude Code, Cursor, and other agents. Focuses on logic bugs over style nits. Learn more → |
|
Jido 2.0 Open-source Elixir agent framework for building composable AI agents with structured workflows. Supports multi-agent coordination, tool use, and persistent state. Just launched with 317 points on Hacker News. Learn more → |
|
Maestri An infinite canvas where coding agents work in concert. Multi-agent coordination with local execution, editor handoff, and traceability - moving from prompt to runnable software. Just launched on Product Hunt. Learn more → |
|
LibreSprite Free, open-source pixel art editor and a community fork of Aseprite from before it went proprietary. Full animation support, layers, scripting, and cross-platform. Learn more → |
|
|
|
Unlock the data your product can't see
Most tools are still locked to their own database, blind to everything users already have in Slack, GitHub, Salesforce, Google Drive, and dozens of other apps. That's the ceiling on what you can build. WorkOS Pipes removes it. One API call connects your product to the apps your users live in. Pull context from their tools, cross-reference data across silos, power AI agents that act across services. All with fresh, managed credentials you never have to think about. Start building connected products → |
|
|
|
🎤 Your Voice Your feedback shapes what comes next! We read every email, so simply hit reply and tell us what's on your mind. |
|
|
|
|
|
|
