61 articles
April 2026's self-propagating npm worm used postinstall hooks to scrape developer tokens (npm, GitHub, AWS), then auto-publish backdoored package versions. Detection steps, rotation playbook, and the structural defenses (ignore-scripts, pnpm, sandboxed CI, signed publishes).
Vercel's April 6-9 edge function incident exposed env-vars and secrets in a subset of deployments. Timeline, scope, what was actually exposed, the rotation playbook for affected teams, and the structural defenses that prevent this next time.
The marketing says self-evolving; the engineering says adapter tuning + adaptive tool selection + memory consolidation on a static base. Honest breakdown of what M2.7 ships, when it wins, and when it doesn't.
Gemini 3.1 Pro tops the LM Council April 2026 board on GPQA Diamond and ARC-AGI-2 at 50% lower cost — but Opus 4.7 still leads on coding. The honest task-by-task decision guide.
Moonshot's Kimi K2.6 hits ~74% SWE-Bench Pro at $0.30 per typical run — 17-25x cheaper than Opus 4.7. Real benchmarks, where it falls short, and the two-tier routing pattern teams use in production.
Zhipu AI's GLM-5.1 beat Claude Opus 4.6 on SWE-Bench Pro at 7x lower API cost. Where the headline holds (batch coding, cost-sensitive loops) and where Opus still wins (subjective quality, agentic tool use, latency).
DeepSeek V4's 1T-parameter MoE architecture, the Engram learned-memory layer behind its 1M-token context window, real benchmarks vs Claude Opus 4.7 and GPT-5.4, API pricing, and the honest case for when to pick V4.
An honest look at where vibe coding works in production (greenfield prototypes, glue code, refactors), where it fails (payments, auth, hot paths), and the team norms that make it viable.
Real annual cost math for Claude Code, Cursor, Copilot, Codex, and self-hosted Aider across a 10-engineer team. The token-volume thresholds that flip the answer.
New articles delivered to your inbox. No spam.