Claude Code v2.1.152, Copilot Cowork Exfiltration, GPT-5.6 Leak

Claude Code v2.1.152 ships /code-review --fix auto-apply and skill-level tool disabling, directly upgrading agentic coding workflows.

Must read

• Claude Code v2.1.152: /code-review —fix, disallowed-tools in skills — Skills can now remove tools via frontmatter disallowed-tools, and /code-review --fix auto-applies findings — both directly improve your overnight-agent-factory discipline layer.
• Microsoft Copilot Cowork exfiltrates files via prompt injection — Concrete agentic security failure — validates why your MCP sandboxing patterns matter; the exfil vector applies to any tool-using agent with file access.
• GPT-5.6 leak: stronger multi-step reasoning, agentic workflows, June release — If real, stronger agentic capabilities from OpenAI in weeks — relevant for your LiteLLM routing decisions and model gateway config.
• Gemini 3.5 Flash: best at its speed tier, 4× faster than 3.1 Pro — Outscores 3.1 Pro on Terminal-Bench and MCP Atlas at 4× speed — strong candidate for your latency-sensitive routing tier via LiteLLM.
• SkillOpt: treating markdown skill files as trainable parameters — Formalises the agent-skills optimisation loop you’ve been building ad hoc — bounded edits gated against validation sets, converging in 1–4 accepted edits.

Tools & Frameworks

Claude Code v2.1.152

/code-review --fix auto-applies findings; skills gain disallowed-tools frontmatter; new /reload-skills command and SessionStart hook reloadSkills flag.

Why this matters: Direct upgrade to your skills framework and headless agent loops.

Vercel Sandbox persistence GA

Sandboxes now auto-save/restore filesystem state between sessions with durable named references — no manual snapshots.

Why this matters: Useful for agent-driven preview environments on your Vercel deploys.

Firecrawl on Vercel Marketplace

Firecrawl integration now available — scrapes sites into LLM-ready formats and supports agent retrieval workflows without managing crawl infra.

Why this matters: Firecrawl is on your MCP radar; marketplace integration simplifies deployment.

LangChain 1.3.2: PII middleware streaming

Adds PIIMiddleware that redacts streamed PII in flight, plus TodoListMiddleware fix and stream transformer registration.

Why this matters: Relevant if your RegTech pipelines use LangChain for PII handling.

Models.dev: model specs & pricing API

Open-source repo consolidating model specifications and pricing, queryable via API.

Why this matters: Handy reference for your LiteLLM gateway routing cost decisions.

Open Models & Local

Qwen3.5 35B-A3B uncensored with 785 MTPs preserved

Full MTP-preserved GGUF/NVFP4/GPTQ-Int4 quants of Qwen3.5 35B MoE (3B active) — runs on Apple Silicon with speculative decoding.

Why this matters: 3B active params with MTP makes this viable for local coding on your Mac setup.

Rejected llama.cpp PR: +30% prompt processing for MoEs on Strix Halo

Small patch to llama.cpp gives up to 30% faster prompt processing for MoE models at low context on AMD Strix Halo.

Why this matters: Watch-only unless you’re on AMD — but signals MoE perf is still leaving gains on the table in mainline.

Qwen3.6 27B impresses for local game/app coding

Developer reports Qwen3.6 27B handling complex game console API integration with minimal prompting — TypeScript, shader code, save systems.

Why this matters: Real-world local coding signal for a model you can run on Apple Silicon.

SGLang v0.5.12.post1: DeepSeek V4 stability fixes

12 cherry-picked fixes primarily for DeepSeek V4 — garbled text on B200/B300, EAGLE/MTP disagg crash, SWA allocator assertion.

Why this matters: If you’re serving DeepSeek V4 via SGLang, this is a must-upgrade.

Industry & Trends

curl team overwhelmed by AI-generated security reports

Daniel Stenberg reports security report rate 4–5× higher than 2024, now >1/day, driven by credible AI-assisted vulnerability hunting.

Why this matters: Signals the incoming flood of AI-generated security reports your own OSS dependencies will face.

AlphaProof Nexus solves 9 open Erdős problems for ~$100s each

DeepMind’s AlphaProof Nexus autonomously solved 9 of 353 open Erdős problems at inference costs of a few hundred dollars per problem.

Why this matters: Demonstrates frontier reasoning capability at surprisingly low cost — watch for downstream coding-agent implications.

GPT-5.6 leak: June, stronger agentic + frontend generation

Leaked details suggest GPT-5.6 focuses on multi-step reasoning, agentic workflows, and improved frontend code generation, targeting June release.

Why this matters: Plan model gateway updates; may shift your Sonnet vs GPT routing.

State of the software engineering job market 2026

Gergely Orosz deep-dives into whether AI engineering hiring is displacing traditional SWE roles, with exclusive job-market data.

Why this matters: Useful framing for your hiring and team-shape decisions as AI augments your engineers.

DeepSeek’s $10T hardware ecosystem strategy

Analysis argues DeepSeek aims to enable a $10 trillion Chinese AI hardware ecosystem while targeting $1T own valuation.

Why this matters: Context for DeepSeek’s open-source model motivations — relevant to your local-model bets.

Microsoft cancelling Claude Code licences internally

Per The Verge, Microsoft has begun cancelling internal Claude Code licences — competitive signal.

Why this matters: Watch for downstream effects on Claude Code enterprise pricing or bundling changes.

Org & Leadership

Stack-ranking engineers on Claude Code token usage

Engineering manager asked to rank team on AI token spend — community consensus: token usage is the wrong proxy for productivity.

Why this matters: Anti-pattern to avoid; reinforces your ‘context not control’ framing for measuring AI-augmented teams.

---

Auto-curated daily by Claude Opus 4.7 from Ben’s Bites, CrewAI blog, Don’t Worry About the Vase (Zvi), GitHub: anthropics/claude-code, GitHub: ggml-org/llama.cpp, GitHub: langchain-ai/langchain, GitHub: langchain-ai/langgraph, GitHub: sgl-project/sglang, GitLab blog, Import AI (Jack Clark), Interconnects (Nathan Lambert), JetBrains AI blog, LangChain blog, Last Week in AI, Latent Space, Lenny’s Newsletter, NVIDIA developer blog, One Useful Thing (Ethan Mollick), Simon Willison, TLDR AI, The Pragmatic Engineer (Gergely Orosz), Vercel blog, r/ClaudeAI top, r/LocalLLaMA top, r/MachineLearning top, smol.ai news. Source list and editorial profile maintained by Daniel.