The Linux Foundation launches Akrites, a coordinated body for open source vulnerability disclosure, with founding members including Anthropic, AWS, Google, Microsoft, etc. The initiative aims to address the challenges posed by AI-powered vulnerability discovery, which has outpaced existing coordination models.
Anthropic, after the Fable 5 ban, joins 19 other organizations to launch Akrites, an open-source security coordination body under the Linux Foundation.
Akrites consolidates vulnerability reports via a shared SIRT to reduce duplicates and speed up fixes for critical open-source projects.
The US government has directed OpenAI to restrict access to its upcoming GPT-5.6 model, allowing only approved partners due to cybersecurity concerns. The move sparks debate over security versus open innovation, with experts warning it could drive developers toward alternative models and weaken US AI leadership.
White House mandates OpenAI to limit GPT-5.6 access to a small number of government-approved partners.
OpenAI CEO Sam Altman reportedly expressed displeasure, calling it not his preferred long-term model.
Codeplain advocates for regenerating code from specifications rather than maintaining it. Their open-source spec language Plain serves as a single source of truth, and a new agentic framework plain-forge lets AI assistants draft specs interactively. The company has raised $3M and argues that specs, not code, should be the maintained asset.
Codeplain proposes that code should be regenerated from specs rather than manually maintained.
The new open-source framework plain-forge automates spec drafting through conversational AI agents.
Azul Systems is offering a free JVM vulnerability risk assessment tool to help DevOps and SecOps teams discover Java runtime exposures before AI-assisted attackers can exploit them. The tool scans networks for JVM instances, including embedded and unmanaged runtimes, and returns a prioritized remediation roadmap based on CISA KEV and NVD. Azul also highlights its security-only patching approach to reduce risk. The article discusses AI threats, particularly Anthropic's Mythos model, though Azul has not actually tested that model.
Azul offers a free JVM vulnerability assessment that scans networks and identifies unpatched instances.
The tool outputs a security dashboard and remediation roadmap aligned with CISA KEV and NVD.
Anthropic has announced Claude Tag, a new product that embeds Claude directly into Slack as a persistent, shared team member that accumulates institutional knowledge, works asynchronously, and can act without being prompted. Available in beta for Enterprise and Team plans, it replaces the older Claude in Slack app.
Claude Tag makes Claude a permanent member of Slack channels, capable of long-running tasks and accumulating context. It introduces 'agent identity' for secure tool access.
Multiple users can steer tasks in real time, and Claude can work autonomously with scheduled tasks.
Two open-source agent harnesses, OpenClaw and Hermes Agent, take different architectural approaches: OpenClaw prioritizes a gateway for multi-channel reach, while Hermes focuses on persistent memory for developer context. Both have gained significant adoption, with OpenClaw backed by Microsoft and Nvidia, and Hermes leading in usage metrics. The choice between breadth and depth will shape enterprise agent deployment.
OpenClaw uses a gateway-first design for broad channel integration, adopted by Microsoft and Nvidia.
Hermes Agent emphasizes persistent memory and self-improving skills for deep developer context.
GitLab's AI Accountability Report reveals that 43% of developers cannot reliably distinguish AI-generated code from human-written code, and 85% say AI has shifted the bottleneck from writing code to reviewing it. The report highlights the need for governance and integrated toolchains to manage AI-generated code.
91% of organizations use two or more AI coding tools.
43% cannot reliably distinguish AI from human-written code.
The Linux Foundation announced the Agent Name Service (ANS), an open standard giving AI agents verifiable identities via DNS. Originating from a 2025 OWASP paper, ANS uses existing DNS infrastructure and certificate authorities. Separate discovery standard DNS-AID handles agent discovery. Despite multiple proposals, major AI companies have yet to join.
Linux Foundation launches ANS to provide verifiable identities for AI agents based on DNS.
ANS uses ACME to prove domain control, issues certificates, and logs changes.
AI developer tools consolidation continues as Cursor acquires open-source coding assistant Continue, which is being shut down. Continue was positioned as an open-source alternative to GitHub Copilot with a focus on data control. This is part of Cursor's acquisition spree over 18 months, but Continue appears to be an acqui-hire with co-founder Nate Sesti joining Cursor.
Cursor acquires open-source coding assistant Continue; product is discontinued.
Continue was a Y Combinator-backed open-source coding assistant emphasizing data privacy.
Qodo launches cross-repo code review and other features to address governance challenges from AI-generated code. AI-driven PRs are 154% larger, take 91% longer to review, and ship 9% more bugs. Qodo aims to help teams stay in control with automated rule discovery and centralized management.
Valkey 9.1 uses an AI agent to automatically backport bug fixes, saving maintainers hours of manual work. A companion tool, Provenance Guard, scans pull requests for unauthorized code. Humans still sign off, but AI handles the heavy lifting.
Valkey 9.1 deployed an AI agent to backport bug fixes, handling cherry-picking, CI tests, and merge conflicts.
Provenance Guard runs automatically to detect unintentional code copying from unsanctioned sources.
Checkmarx releases a new SAST engine combining a deterministic rules-based scanner, an LLM trained on security data, and a third engine to classify findings as true or false positives before they reach developers. The company claims an F1 score of 0.499, far above the category average of 0.20, and found 327 true positives missed by a leading frontier model. The architecture emphasizes orchestration, automatically running three engines together to provide determinism, language coverage, and noise filtering.
Checkmarx's new SAST engine includes three engines: a deterministic rules scanner, an LLM, and a Findings Analysis Engine (FAE) to filter false positives before results reach developers.
The company claims an F1 score of 0.499, more than double the category average of 0.20, and found 327 true positives missed by a leading frontier model in tests.
Anthropic announced a major overhaul of Claude Design to simplify designer-engineer handoff with bidirectional Design-Code integration, brand consistency, and shared usage limits. Designer Alfie Martin says token inefficiency persists and handoff hasn't improved, while engineer Roman Martynenko is more optimistic about the integration, predicting a hybrid workflow.
Anthropic updated Claude Design with bidirectional Design-Code integration, brand guideline adherence, new editor, and more connectors.
Designer Alfie Martin criticizes token efficiency and argues the handoff remains unchanged, warning against full AI automation.
The Model Context Protocol (MCP) now has an enterprise-managed authorization extension, allowing businesses to centrally control MCP server access via existing identity providers. Anthropic and Microsoft are first to support it, with Okta as the first identity provider. It uses the emerging ID-JAG OAuth extension for consented‑free token exchange.
Anthropic and Microsoft support Enterprise-Managed Authorization in Claude, VS Code, etc.
The extension uses the ID-JAG protocol for token handoff without consent screens via identity providers.
On the same day SpaceX agreed to acquire Cursor for $60 billion, Cursor co-founder Tomas Reimers unveiled Origin, a Git-compatible code hosting platform built for an AI agent-dominated world. GitLab and Zed also announced their own alternatives, signaling a growing consensus that GitHub is buckling under the weight of AI-generated code.
SpaceX's acquisition of Cursor coincided with the launch of Origin, a platform designed to replace GitHub.
GitLab introduced Project Switch, a redesigned architecture for faster agent execution.
Vercel has announced eve, an open-source framework for building AI agents. Modeled after Next.js, eve treats each agent as a directory of files, bundling production infrastructure. It features durable workflows, sandboxing, human-in-the-loop tools, and integrations with Slack, Discord, and more. Vercel runs over 100 internal agents on eve.
Eve is an open-source framework from Vercel that defines agents as directories of files, akin to Next.js for web apps.
It includes durable workflows, sandboxing, human approval for tools, and integrations with Slack, Discord, etc.
Block developed BuilderBot on top of its open-source Goose framework, enabling engineers to manage a fleet of AI coding agents via a single Slack thread by tagging @builderbot. BuilderBot handles research, planning, and coding across hundreds of services, pulling tickets from Linear/Jira, creating branches, opening PRs, and iterating on CI feedback. It operates on source code and configs only, never customer data. The system runs 200k+ operations daily, merges ~1500 PRs weekly (15% of production changes), and has reduced months-long work to days. Block open-sourced Goose and co-developed the MCP protocol with Anthropic, amid a restructuring that cut 40% of staff.
Block's BuilderBot lets engineers manage AI coding agents from Slack, handling tasks across hundreds of services.
BuilderBot automates ticket handling, branch creation, PRs, and CI monitoring within the Slack thread.
Chainguard expands its AI coding agent security push with a public registry of 1,000+ hardened agent skills, a private registry, and a hardening service for internal skills. The service treats agent skills as first-class software artifacts, offering continuous hardening, audit trails, and support for tools like Claude Code, Cursor, GitHub Copilot, and Gemini CLI. It also addresses internal agent skill sprawl with versioning and access controls.
Chainguard launches a public registry of over 1,000 hardened agent skills, updated weekly.
Offers a private registry and a hardening-as-a-service for organization-specific skills (closed beta).
AWS announced new release management features for its DevOps Agent at the AWS Summit New York, including release readiness review and autonomous release testing, aimed at addressing the delivery bottleneck caused by AI-generated code.
AWS DevOps Agent adds release readiness review and autonomous release testing, now in preview.
The release readiness review evaluates code changes against production requirements and detects cross-repository dependency risks.
The Appia Foundation, under the Linux Foundation, aims to produce open specifications for verifying AI trustworthiness across the supply chain. Founding members include Google, Microsoft, OpenAI, and others. The foundation will develop conformity specifications that translate international standards into assessable criteria, enabling evidence pass-through across different parties.
Appia Foundation will develop open, modular conformity specifications for AI trust verification.
13 inaugural members include Google, Microsoft, OpenAI, Arm, Siemens, Mastercard, and others.
Enterprises are pouring billions into AI and getting garbage back. A new startup, Clario, says it knows why and has built the first platform designed to fix data ROT (redundant, obsolete, trivial files). Launched from stealth with $6M seed funding, Clario connects to enterprise file systems, scans metadata to identify junk, and triggers workflows for cleanup, charging only when action is taken. Early customers show up to 60% garbage rates, impacting AI project quality.
Clario addresses data ROT (redundant, obsolete, trivial files) that inflate storage costs and poison AI projects.
The company raised $6M seed funding and uses an outcome-based pricing model.
Databricks introduces LTAP architecture to unify transactional and analytical databases for AI agents, removing the divide between operational and analytical systems.
LTAP merges transactional and analytical data in a single storage layer with separate compute engines.
Lakehouse//RT delivers millisecond real-time analytics without extra data copies.
AWS introduces FinOps Agent in public preview, a natural-language AI tool to analyze cloud costs, identify anomalies, and create tickets automatically, shifting FinOps from periodic reviews to continuous workflows.
FinOps Agent is AWS's third specialized AI agent for IT operations, focusing on cloud cost management.
It uses natural language queries, correlates cost spikes with CloudTrail logs to identify root causes and owners.
Anthropic has paused a billing change for developers using its Claude Agent SDK through paid subscriptions, reversing the decision on the very day it was scheduled to go live. The move follows a turbulent week for the company, including the withdrawal of two AI models due to US government export controls, and aims to reassure the developer community.
Anthropic paused the planned billing change for Claude Agent SDK subscriptions on June 15, the effective date.
The change would have split Agent SDK usage into a separate monthly cap from standard subscription limits.
The Anthropic-Mythos-Fable story has been The Topic since Friday, and it moved fast enough to lose anyone who blinked. Here’s my opinionated tick-tock of what happened, who’s calling Anthropic the good guy, and who’s calling it the bad guy. Where I land: Anthropic mostly got this one right, and it’s one hell of an ad for Fable.
Anthropic's dispute with the DoD over AI model usage led to it being labeled a supply-chain risk.
Mythos model's cyber capabilities prompted Project Glasswing; White House and Anthropic clashed over access expansion.
Cohere releases North Mini Code, its first open-weight coding model under Apache 2.0, targeting developers who want to own and control their AI infrastructure. The 30B MoE model runs on a single H100 GPU, aiming to compete with Mistral, Qwen, and Gemma on agentic coding tasks.
Cohere launches North Mini Code, a 30-billion-parameter MoE coding model with 3B active parameters, available under Apache 2.0.
The model can run on a single Nvidia H100 GPU, making self-hosting practical for developers.
The prompt-to-app loop has gotten genuinely good. Describe the thing, watch it appear, click deploy. Replit, Lovable, Base44 and others have made that cycle feel close to magical. But everyone forgets about this detail: The app is running on the builder’s cloud, not yours. For a prototype, that barely matters. The moment the app needs to enter a real engineering workflow, it matters quite a bit.
AI app builders generate apps quickly but default to running on the vendor's cloud, causing lock-in.
Lock-in leads to issues with visibility, testing, compliance, and infrastructure drift in production.
On Friday evening, Anthropic suddenly disabled its new flagship models, Fable 5 and Mythos 5, after the U.S. government became aware of a way to perform a specific jailbreak on Fable 5 and put it under an export control order. Anthropic claims the vulnerability is minor, but White House AI czar David Sacks and Amazon's involvement escalate the situation, setting a precedent for AI safety regulation.
U.S. government issued an export control order on Fable 5, forcing Anthropic to disable the models.
Amazon CEO Andy Jassy reported a jailbreak discovered by Amazon researchers to officials.
JetBrains launched the Course Creators Program to embed hands-on coding exercises into professional IDEs, addressing the gap between online programming education and industry practice. While early-stage with only five creators onboarded, it emphasizes foundational developer skills and IDE fluency in an AI-assisted era.
JetBrains announces Course Creators Program allowing educators to embed IDE-based coding exercises from platforms like Udemy and Coursera.
The program targets the theory-to-practice gap in online coding education, but only five creators have completed integration so far.
Anthropic released Fable 5, claiming it's smarter than Opus 4.8 but with double the price and safety restrictions. Hands-on tests show they perform similarly on reasoning and coding tasks, with Fable 5 offering marginal gains while Opus 4.8 delivers better value.
Fable 5 costs twice as much as Opus 4.8 and routes sensitive prompts to Opus via safety classifiers.
In testing, Fable 5 showed slightly sharper analysis but Opus 4.8 produced equivalent results at half the cost.