Vibe Coding Weekly #28
Anthropic just decided it's in the infrastructure business.
This week in one satisfying refactor:
The Big Story: Anthropic launched Project Glasswing — a $100M+ cybersecurity initiative using Claude Mythos Preview to hunt and fix zero-day vulnerabilities across every major OS and browser, in partnership with AWS, Apple, Cisco, Google, and Microsoft
The Platform Story: Claude Cowork reached general availability with six enterprise governance features, while Claude Managed Agents launched in public beta — Anthropic is now directly competing in the agent infrastructure layer
The Tooling Story: GitHub shipped Rubber Duck, nested subagents, and Dependabot-to-agent assignment in the same week; Cursor Bugbot learned to remember your feedback; and Windsurf launched a smart model router to stretch your quota further
If you only read one thing this week: Project Glasswing is not a product — it’s a signal. Anthropic took an unreleased frontier model with the ability to find zero-days in every major OS and browser, partnered with AWS, Apple, Cisco, Google, and Microsoft, and deployed it defensively before anyone else could deploy it offensively. The infrastructure layer of AI is no longer neutral territory. Read more →
Key Takeaways
Claude Managed Agents enter public beta, reducing prototype-to-production timelines by 10x: For $0.08 per session-hour on top of standard token rates, enterprises get fully managed infrastructure: sandboxed environments, long-running autonomous sessions, built-in tool execution (bash, files, web), and multi-agent coordination for parallelizing complex tasks. Notion, Rakuten, and Sentry are already live. This moves Anthropic into direct competition with startups building agent harnesses on top of the Claude API. Read more →
Claude Cowork is now generally available — and most of its enterprise users aren’t engineers: All paid plans gain access to Claude Cowork on macOS and Windows, with six new enterprise governance features including role-based access controls, group spend limits, and a Zoom MCP connector. The more striking data point: the vast majority of Cowork usage is coming from operations, marketing, finance, and legal — not engineering. The “developer tool” label may already be obsolete. Read more →
GitHub Copilot CLI’s Rubber Duck closes 74.7% of the Sonnet-to-Opus performance gap: An experimental second model from a different AI family independently reviews the primary agent’s plans after drafting, after complex implementation, and after writing tests. The result: near-Opus reasoning quality at Sonnet price points. This is a meaningful architectural signal — multi-model review is becoming a standard pattern for pushing coding agent quality. Read more →
Dependabot can now hand security alerts directly to AI agents for remediation: When a vulnerability requires more than a version bump — API-breaking changes, complex cross-project updates — GitHub can now route the alert to Copilot, Claude, or Codex, which analyzes the dependency usage and opens a draft pull request with a proposed fix. The security-to-code pipeline just got a new autonomous step. Read more →
Cursor Bugbot now learns from your feedback and hit a 78% resolution rate: Bugbot converts pull request review feedback into “learned rules” that improve future reviews — making it a system that gets better the more your team uses it. The same update adds MCP server support for Teams and Enterprise plans, a “Fix All” action, and a redesigned settings interface. Read more →
Growing at 20% new subscribers per week.
The stories this week aren’t hard to find. What’s hard is knowing which ones actually matter before your team asks you on Monday.
That’s the only thing Vibe Coding Weekly does: cut through the volume so you arrive at the week with context, not anxiety.
Subscribers also get Change Management in Agentic AI Adoption — the framework for the conversation that always comes after “we should use AI more”: how to actually move an organization that didn’t ask to be moved. Included with every subscription.
📦 Releases & News
GitHub Copilot in VS Code: Autopilot Mode, Nested Subagents, Video Support
The VS Code Copilot March/April release (versions v1.111–v1.115) delivers three meaningful architectural changes. Autopilot — in public preview — allows agents to approve their own actions and automatically retry on errors, operating without manual intervention during multi-step tasks. Nested subagents allow one subagent to invoke another, enabling decomposition of complex workflows into coordinated specialist chains. And image and video attachment in chat means agents can now accept screenshots and screen recordings as inputs — and return images or recordings of their changes for review. Also included: integrated browser debugging with breakpoints, a unified customizations editor, and a /troubleshoot command for analyzing agent debug logs.
Windsurf Launches Adaptive Model Router for Quota Efficiency
Windsurf’s new “Adaptive” option in the model picker automatically selects the optimal underlying model for each task — minimizing premium model consumption while maintaining consistent output quality. The model picker now shows exact token pricing and billing rates directly in the interface, alongside a prompt cache timer integrated into the context window indicator. Available for all self-serve Pro, Max, and Teams subscribers.
Copilot Cloud Agent Validation Tools Are Now 20% Faster
GitHub’s Copilot cloud agent now runs its validation suite — CodeQL, the GitHub Advisory Database, secret scanning, and Copilot code review — in parallel rather than sequentially, cutting total validation time by 20%. The change means the agent resolves detected issues faster without sacrificing the coverage or depth of security and quality checks. Configurable through Copilot settings in each repository.
📚 Tutorials and Resources
GitHub Mobile: Research and Code with Copilot Cloud Agent from Your Phone
GitHub extended Copilot cloud agent to the full mobile workflow, beyond just pull request management. From a phone, developers can now research a codebase, generate an implementation plan before writing any code, and push code changes to a branch — reviewing diffs and iterating before deciding whether to open a pull request. For teams with async or distributed workflows, this is a meaningful expansion: the delegation model works regardless of whether you’re at a desk.
💡 Others
Cursor’s $2B Bet: The IDE Is Now a Fallback, Not the Default
This piece cuts to the strategic implication of Cursor 3: the company with the fastest revenue growth in AI coding shipped a product that is not a code editor. The Cursor 3 interface is built around the Agents Window — parallel agents running across local, cloud, worktree, and SSH environments — with the traditional editor as a fallback when you need to touch code directly. The argument is that Cursor has bet its next growth phase on a world where agents orchestrate development and the IDE is the exception, not the default. Worth reading as a frame for where the entire tool category is heading.
AI Tools Race: Week of April 3–9, 2026
A useful aggregation of the week’s parallel storylines: Microsoft released Agent Framework 1.0, unifying Semantic Kernel and AutoGen with full MCP and A2A support into a single composable stack. MCP crossed 97 million monthly SDK downloads, with v2.1 adding Server Cards for capability discovery. And a JetBrains survey of 10,000+ professional developers found that Claude Code has reached 18% professional adoption — tying GitHub Copilot in active usage share despite not existing in measurable form 18 months ago. If you want a quick map of the week’s competitive movements, this is the fastest read.
That’s a wrap for this week. Three Anthropic announcements in three days — Glasswing, Cowork GA, Managed Agents — add up to a company that has decided it is not just in the model business anymore. GitHub extended agent autonomy in six different directions inside a single changelog cycle. Cursor’s Bugbot now learns from your team’s feedback; Copilot’s Rubber Duck uses a second AI family to catch what the first one misses; Windsurf’s router picks your model so you don’t have to. The pattern across all of it: the agent is no longer a feature inside your tool — it’s becoming the infrastructure underneath your team.
Next week, the stack keeps moving. So does this newsletter. Fall behind one week, and you’ll spend the next three catching up.
Every week, a new model drops. A new agent framework ships. A new “this changes everything” thread goes viral. And you still have actual code to write.
Every Monday, you open your inbox and already know what matters. You’ve skipped three viral threads that turned out to be nothing. You know why Anthropic’s three-day repositioning is a different category of event. You know that Rubber Duck isn’t a gimmick — it’s a signal that multi-model review is becoming a standard pattern. You didn’t spend your weekend reading to know this. We did.
That’s what Vibe Coding Weekly is. For developers, architects, tech leads, and everyone building or managing software in the age of AI.
Clean code and positive vibes,
Angel.
"Dependabot can now hand security alerts directly to AI agents for remediation"
This is a cool one. Looking forward to see the effectiveness here, but more automation in this space is a net win for sure.