AI Coding News

March 6, 2026

Key Signals

  • GitHub Copilot CLI reaches version 1.0 as VS Code v1.110 brings a sweeping agent platform upgrade. The Copilot CLI major version bump commemorates GA, while VS Code's February release introduces agent hooks, conversation forking, agent plugins, shared memory across Copilot CLI and code review, and a built-in Explore subagent — collectively turning the editor into a programmable agentic development environment. Copilot CLI is now natively bundled inside VS Code with diff tabs and trusted folder sync. [1][2]

  • OpenAI launches Codex Security as an AI application security agent while supply-chain attacks on AI coding tools intensify. Codex Security enters research preview as an agent that analyzes project context to detect, validate, and patch complex vulnerabilities with higher confidence than traditional SAST. Simultaneously, a supply-chain compromise of the Cline VS Code extension installed OpenClaw with full access on 4,000 developer machines before detection, prompting a security researcher to predict AI agent worms are imminent. The juxtaposition underscores that AI is simultaneously the attacker and defender in modern development security. [3][4]

  • Anthropic and OpenAI launch competing programs to court open-source maintainers with free AI coding tools. OpenAI's "Codex for Open Source" offers six months of ChatGPT Pro with Codex plus API credits, while Anthropic's "Claude for Open Source" provides Claude Max to up to 10,000 maintainers (~$12M retail value). Both programs target influential developers whose libraries underpin production systems, signaling how fiercely AI companies are competing for the developer ecosystem's trust and adoption. Google's Gemini CLI takes a different approach with a generous free tier of 1,000 requests/day for all users. [5]

  • ETH Zurich research finds that AGENTS.md context files often hinder AI coding agents rather than help them. LLM-generated context files reduced task success rates by 3% and increased inference costs by over 20%, while human-written files offered only a marginal 4% gain at 19% higher cost. The study tested four agents on 138 real-world tasks and found agents followed the instructions but performed unnecessary extra exploration — challenging the widespread recommendation to use context files like AGENTS.md, CLAUDE.md, and .cursorrules. [6]

  • Anthropic's Frontier Red Team used Claude to discover 14 high-severity Firefox bugs, yielding 22 CVEs. Mozilla collaborated with Anthropic on AI-assisted vulnerability detection and landed all fixes in Firefox 148. The AI identified distinct classes of logic errors that decades of fuzzing and static analysis had never uncovered, demonstrating that large-scale AI-assisted security analysis is a powerful new complement to traditional techniques. [7]

  • Claude Code v2.1.70, Gemini CLI, and OpenCode all ship significant updates on the same day. Claude Code fixes critical API compatibility issues for third-party gateways and Bedrock inference profiles while adding VS Code MCP server management. Gemini CLI adds native gVisor sandboxing support and fixes OOM crashes. OpenCode migrates from Bun-specific APIs to Node.js equivalents and adds GPT-5.4 to its allowed models — reflecting the rapid pace of iteration across the AI coding tool ecosystem. [8][10][11]

AI Coding News

  • Google releases a new Workspace CLI that integrates with OpenClaw and other AI agent tools. The tool bundles all Google Workspace APIs — Gmail, Drive, Calendar, Chat — into a command-line package with structured JSON outputs and over 40 agent skills. While published as a GitHub project by Google, it is explicitly not an officially supported product, and functionality may change dramatically. The design prioritizes agentic systems that create CLI inputs and parse JSON outputs, positioning it as infrastructure for AI-powered workspace automation. [15]

  • OpenAI and Anthropic compete head-to-head with free AI tool programs for open-source maintainers. OpenAI's newly announced "Codex for Open Source" builds on $1M in existing API credits distributed over the past year, adding six months of ChatGPT Pro with Codex and conditional Codex Security access. Anthropic's "Claude for Open Source" targets maintainers with at least 5K GitHub stars or one million monthly npm downloads. Notable early participants include Dax Raad (OpenCode, 117K stars), despite Anthropic's recent moves to restrict Claude subscription use through third-party harnesses. [5]

  • ETH Zurich study on AGENTbench challenges the value of AGENTS.md files for AI coding agents. The researchers tested Claude 3.5 Sonnet, Codex GPT-5.2, GPT-5.1 mini, and Qwen Code on 138 niche Python tasks sourced from repositories outside SWE-bench. Trace analysis revealed that agents followed context file instructions faithfully, running more tests and grep searches, but this broader exploration was often unnecessary for the task at hand. Developer reactions were mixed — some argued the findings actually validate the usefulness of high-quality, hand-written context files for larger closed-source projects. [6]

  • Security researcher warns the first AI agent worm is months away after Cline supply-chain compromise. The Cline VS Code extension was compromised via a title injection attack against a PR review agent, installing OpenClaw with full access on approximately 4,000 machines before detection. The researcher predicts AI worms will originate through open-source projects using automated PR review tooling, spread via local credentials, and be nondeterministic in nature — making them harder to detect than traditional malware. The advice: FOSS developers should avoid relying on agent-based coding or review tools until sandboxing matures. [4]

  • Anthropic's Claude identifies 14 high-severity Firefox security bugs that traditional fuzzers missed. Mozilla's collaboration with Anthropic's Frontier Red Team resulted in 22 CVEs and 90 additional bugs, all fixed in Firefox 148. The bug reports included minimal reproducible test cases, distinguishing them from typical AI-generated submissions that often burden open-source projects with false positives. Mozilla has already started integrating AI-assisted analysis into its internal security workflows, viewing it as analogous to the early days of fuzzing — with a substantial backlog of now-discoverable bugs across widely deployed software. [7]

  • OutSystems CEO argues enterprises succeed with AI agents only when blending them with human oversight, APIs, and workflows. The 95% agent pilot failure rate is misleading because many "failures" were simply low-commitment trials, and successful deployments combine AI with traditional business logic. Dutch travel company Travel Essence compressed a two-hour planning process to three minutes using an agentic system, accelerating growth by 20%. Martin warns that per-seat SaaS pricing faces real risk as agents reduce the need for human seats, predicting more custom software will be built in the next five years than in the five before. [16]

  • Oracle and OpenAI scrap plans to expand their flagship Texas AI data center. Negotiations dragged over financing and OpenAI's changing needs, ending the expansion of what was intended to be a landmark AI infrastructure project. The decision reflects shifting dynamics in AI infrastructure investment as companies reassess capacity requirements. [17]

Feature Update

  • GitHub Copilot CLI v1.0.2 marks the first major version increment to celebrate general availability. The release adds the ability to type 'exit' as a bare command, Enter-key submission for ask_user forms with custom enum responses, cross-platform hook config support via a 'command' field alias, and a fix for meta key handling with control keys including shift+enter from /terminal-setup. [1]

  • GitHub Copilot CLI v0.0.423 adds security guardrails and MCP OAuth support. Users are now prompted when shell commands involve potentially dangerous expansion or substitution patterns, with additional guardrails for malicious exploits. MCP servers can request users to visit a URL for out-of-band interactions such as OAuth flows or API key entry. The explore agent gains improved precision and large repository support through better context sharing, and diff mode now renders cleanly on Windows with CRLF line endings. [9]

  • GitHub Copilot in VS Code v1.110 delivers a comprehensive agent platform overhaul. New programmability features include agent lifecycle hooks, conversation forking from any checkpoint, /autoApprove and /yolo toggles for auto-approval with terminal sandboxing, and the ability to queue follow-up messages while agents work. Extensibility expands with agent plugins, agentic browser tools for navigation and screenshots, and /create-* commands for generating reusable prompts and hooks from chat. Context management gains shared agent memory across Copilot CLI and code review, persistent plan memory through compaction, a built-in Explore subagent, and manual /compact with natural language guidance. [2]

  • Figma MCP server now supports bidirectional design-to-code workflows in VS Code. GitHub Copilot users can connect to the Figma MCP server to pull design context into code and send rendered UI back to Figma as editable frames. The feature is available today in VS Code for any Copilot subscriber on any Figma plan, with Copilot CLI support coming soon. [13]

  • Claude Code v2.1.70 ships extensive fixes for API compatibility, plugins, and VS Code integration. Critical fixes address API 400 errors with third-party gateways, the effort parameter failing on custom Bedrock inference profiles, and empty model responses after ToolSearch. Plugin reliability improves with auto-refresh after marketplace installation and correct installed-state display. Performance gains include 74% fewer prompt input re-renders, 426KB less startup memory, and a 300× reduction in Remote Control polling load. VS Code gains a session activity bar with spark icon, markdown plan views with comment support, and a native MCP server management dialog. [8]

  • Gemini CLI v0.34.0-nightly adds native gVisor sandboxing and fixes OOM crashes in long sessions. The nightly release introduces runsc-based container sandboxing for command execution, a critical OOM crash fix for long-running sessions contributed by a community member, custom footer configuration via /footer, and AI Gateway authentication support for ACP. Additional fixes improve Windows Terminal compatibility, macOS Terminal.app theme contrast, and handling of cancelled shell output. [10]

  • OpenCode v1.2.19 adds GPT-5.4 support and migrates core APIs from Bun to Node.js. The release replaces Bun-specific APIs with Node.js equivalents across core, TUI, and snapshot modules, improving cross-runtime compatibility. GPT-5.4 joins the Codex allowed models list via community contribution. [11]

  • OpenCode v1.2.20 fixes a critical fsmonitor daemon memory leak causing 60GB+ committed memory. The release stops leaking fsmonitor daemons after test runs and continues the Bun-to-Node.js migration by replacing Bun.which with npm which in the TUI. [12]

  • OpenAI Codex Security enters research preview as an AI application security agent. The tool analyzes project context to detect, validate, and patch complex vulnerabilities with higher confidence and less noise than traditional static analysis tools. It is available to Codex for Open Source program members with qualifying repositories. [3]

  • OpenAI Codex ships seven alpha releases (v0.112.0-alpha.1 through alpha.7) in its Rust rewrite. The rapid cadence of alpha releases suggests active development on the Rust-based Codex CLI, though individual release notes contain no detailed changelogs. [14]