Welcome back. The AI race is quietly opening side doors for supply chain attacks. Vercel just became the latest platform caught in the crosshairs after a major breach through a third-party AI tool. This may be a sign of things to come.

Also: How to check if the Vercel breach tool hit your Google Workspace, automate 5 dev workflows with Claude routines, and why the NSA is using Mythos despite a DoW blacklist.

Today’s Insights

  • Powerful new updates and hacks for devs

  • Why is selling chips to China splitting AI experts

  • How to catch errors before Claude Code commits

  • Trending social posts, top repos, and more

TODAY IN PROGRAMMING

Vercel CEO Guillermo Rauch is in the hotseat. Made with Midjourney.

Hackers breach Vercel through a compromised third-party AI tool: The frontend cloud platform disclosed that attackers compromised an employee through a breach at a third-party AI tool called Context.ai, then escalated from his Google Workspace account into Vercel's internal environments. There, they dug through environment variables that weren't flagged as sensitive. The attacker is now advertising stolen tokens and source code. Next.js and Turbopack remain unaffected, but customers should rotate their secrets immediately.

Open-source project recreates Claude Mythos architecture: A 22-year-old founder, Kye Gomez, just released OpenMythos. It's a PyTorch project that rebuilds what Gomez thinks is Anthropic's flagship model. His theory is that Mythos runs the same weights through a loop multiple times, doing all its thinking silently within a single forward pass. The code is available on GitHub, but without trained weights, engineering teams get a research baseline instead of a plug-and-play model.

Anthropic drops a new product for visual prototypes: The AI lab recently dropped Claude Design, a new tool from its Labs division that turns prompts, uploads, or codebases into prototypes, wireframes, and slide decks. It lets you quickly turn finished designs into ready-to-use production bundles. Claude also scans your codebase during onboarding to build a design system, keeping everything you build aligned with your current components and style.

PRESENTED BY GOOGLE

Best of NEXT for Startups

Skip the travel and catch the top startup insights from Google Cloud Next ’26

This high-impact digital wrap-up covers essential AI trends—like GenMedia and multi-agent workflows—and features a live expert Q&A to help refine your strategy.

Register now

INSIGHT

Jenses Huang lost his temper on a heated podcast interview that’s splitting Silicon Valley. Here’s why

Source: The Code, Superhuman

“I didn’t wake up a loser.” Nvidia CEO Jensen Huang's 103-minute sitdown with Dwarkesh Patel got heated when Patel argued giving China more compute would let them train and deploy dangerous AI models at scale. Huang called the idea that Nvidia should concede the Chinese market a "loser premise", arguing bans don't slow China's AI but drive business straight to Huawei.

Patel argued that American labs reach frontier capabilities first because they have more compute, a critical lead when a single model could deploy a million hackers instead of a thousand. And Anthropic's models already run on Nvidia, Trainium, and TPUs, so the argument for keeping China tied to American silicon looks shakier than it sounds.

Investor Gavin Baker counters that portability is quickly fading as labs shift their focus to inference. Huawei's CloudMatrix 384 uses a different scale-up topology than Nvidia's, meaning a model optimized for one won't run well on the other. This architectural fork strengthens the case for selling China older GPUs: keeping Chinese AI dependent on American hardware gives the US leverage it would lose to an all-Huawei stack.

If the US sells the chips, China may reach the AI frontier faster. If they don't, the US risks losing global hardware standards to Huawei. Both sides are looking at the same facts and just can't agree on which outcome is worse.

PRESENTED BY VIKTOR

The best-run companies we know all made the same hire.

One Slack message, and marketing gets a board-ready Google Ads + Stripe revenue report. Engineering gets a PR review cross-referenced with Linear tickets. Ops gets three vendor contracts summarized before the founder's morning coffee. Same colleague. Every department. 7,000+ teams already there.

Get Viktor free with $100 in credits →

IN THE KNOW

What’s trending on socials and headlines

Meme of the day.

  • Workspace Check: The tool that compromised Vercel may have hit your Google Workspace too. Here's the 2-step filter to find out in under a minute.

  • Prod-Ready Vibes: A 30-min talk from Anthropic's Member of Technical Staff is quietly becoming the go-to guide for vibe coding in production (1.2M views).

  • Parallel Play: An OpenAI Codex engineer shared how git worktrees turn Codex into a one-click sandbox for running multiple agents in parallel.

  • Frontier Leak: Anthropic restricted its top model to ~40 orgs for security reasons. Turns out the NSA is using it, despite being blacklisted by the Department of War.

  • Set and Forget: Claude's new routines run scheduled tasks on autopilot. These are 5 dev workflows you can automate today.

  • $100k Lesson: After getting hit with a $100k Claude Code bill, a founder shipped a plugin that cuts costs 25-55% and makes it meaningfully faster.

  • Exec Exodus: Three senior OpenAI leaders walked out in a single day, including ex-CPO Kevin Weil, as the company kills "side quests" like Sora to double down on its core business.

AI CODING HACK

How to catch errors before Claude Code commits

Claude's code often looks solid but hides type errors, unused imports, or missing return types. While you might catch these in review, some always slip through.

Language Server Protocol (LSP) plugins fix this by giving Claude automatic diagnostics after every edit. The moment a file is saved, the language server flags issues so Claude can fix them before you even check the diff. Just pick your language and run the command:

/plugin install typescript-lsp@claude-plugins-official
/plugin install pyright-lsp@claude-plugins-official
/plugin install rust-analyzer-lsp@claude-plugins-official
/plugin install gopls-lsp@claude-plugins-official

Run “/plugin” and head to the Discover tab to check out the full list. Just make sure you have the right language server binary installed on your system (the plugin will let you know if anything is missing).

TOP & TRENDING RESOURCES

Click here to watch the tutorial.

Top Tutorial

How to deploy LLMs on Cloud Run GPUs (by Google): This tutorial teaches developers how to self-host and deploy the Gemma 4 LLM on Google Cloud Run GPUs. You will learn to build automated CI/CD pipelines, manage model weights in Cloud Storage, and evaluate Ollama for rapid prototyping versus vLLM for high-performance production scaling.

Top Repo

Token Optimizer: This repo provides intelligent token optimization for Claude Code, achieving a 95%+ reduction in token usage through advanced caching, compression, and smart tool intelligence.

Trending Paper

Prefill-as-a-Service (by Moonshot AI): Splitting AI tasks across data centers is normally blocked by massive data transfer requirements. By pairing efficient models with smart routing, this research proves standard internet cables can handle the workload seamlessly.

Grow customers & revenue: Join companies like Google, IBM, and Datadog. Showcase your product to our 240K+ engineers and 150K+ followers on socials. Get in touch.

What did you think of today's newsletter?

Your feedback helps us create better emails for you!

Login or Subscribe to participate

You can also reply directly to this email if you have suggestions, feedback, or questions.

Until next time — The Code team

Keep Reading