AI Coding News

March 13, 2026

Key Signals

  • NanoClaw partnered with Docker to provide MicroVM-based sandboxing for AI coding agents, signaling that secure agent isolation is becoming an industry standard. Each agent now runs inside its own lightweight MicroVM with a private kernel and Docker engine, providing two layers of defense — container isolation plus VM boundary. The partnership formalizes what has been an ad-hoc trend across the ecosystem: autonomous coding agents that execute arbitrary code, install packages, and invoke APIs need hardware-level containment, not just software sandboxes. NanoClaw grew from a 500-line weekend project to 22,000 GitHub stars in six weeks after OpenClaw's security issues (unencrypted WhatsApp data exfiltration, 800K LOC supply chain risk) drove demand for a minimal, auditable alternative. [1][2]

  • GitHub Copilot CLI v1.0.5 shipped with a new /pr command that automates the full pull request lifecycle — creating PRs, fixing CI failures, addressing review feedback, and resolving merge conflicts. The release also introduces /extensions for managing CLI extensions, experimental embedding-based dynamic retrieval of MCP and skill instructions per turn, and syntax highlighting in /diff for 17 languages. The write_agent tool now supports multi-turn conversations with background agents, pushing the CLI further toward asynchronous agentic workflows. [3]

  • GitHub now allows repository administrators to skip the manual approval step for Actions workflows triggered by the Copilot coding agent, removing a key friction point in the agentic development feedback loop. Previously, Copilot was treated like an outside contributor on every push, meaning CI/CD pipelines would not run until a human clicked "Approve and run workflows." The new opt-in setting lets tests execute immediately, dramatically shortening the iteration cycle for agent-driven PRs while accepting the security trade-off of automated workflow execution. [4]

  • Anthropic committed $100M to the Claude Partner Network, with Claude Code identified as the fastest-growing segment of its commercial portfolio. Accenture is training 30,000 professionals on Claude, Cognizant has opened access to its entire 350,000-person workforce, and Infosys has integrated Claude Code into its agentic AI platform. The program includes a Code Modernisation starter kit targeting legacy codebase migration — a direct play for the enterprise technical debt market. Anthropic claims its enterprise market share grew from 24% to 40% over the past year. [5]

  • Gemini CLI v0.35.0 nightly landed with 90+ merged PRs introducing a model-driven parallel tool scheduler, native gRPC support for agent-to-agent communication, and a SandboxManager interface. Other notable additions include OAuth2 authentication for A2A agents, customizable keyboard shortcuts, skill activation via slash commands, and a speech-friendly response formatter for voice mode. The release also adds Antigravity CLI fallbacks and --admin-policy for enterprise policy control, signaling Google's push to make Gemini CLI enterprise-ready and interoperable with other agent frameworks. [6]

  • Meta delayed its next-generation AI model to at least May after internal benchmarks showed it trailing Google's Gemini 3.0 and competing systems from OpenAI and Anthropic. While Avocado outperformed Meta's prior model and Google's older Gemini 2.5, it has not matched the frontier set by Gemini 3.0 from November 2025. Meta's AI division leadership has reportedly discussed temporarily licensing Gemini to power Meta's AI products — an extraordinary concession from a company that has positioned open-source models as its competitive moat. [7]

AI Coding News

  • An in-depth analysis on Lobste.rs examines OpenClaw's structural security problems and the broader "sandbox rush" in the AI agent ecosystem. The essay catalogs a series of disclosed vulnerabilities — ClawJacked, thousands of publicly exposed instances, malicious skills distributing macOS stealers, and fake installers carrying credential stealers. It argues that the current wave of VM and container sandboxing for agents is primarily evidence that autonomous AI still requires "adult supervision," noting that isolation protects the host machine from the agent's code execution but does not protect external services from the permissions the agent has already been granted. [8]

  • Palantir software demos and Pentagon procurement records reveal how chatbots like Anthropic's Claude could be used by the US military to analyze intelligence and suggest operational next steps. The report details specific demo scenarios where AI chatbots generate war plans from intelligence feeds, raising questions about the boundary between AI-assisted analysis and autonomous military decision-making. This comes in the same week as Anthropic's legal challenge to its Pentagon national security designation. [9]

  • Microsoft's Gaming Copilot AI assistant will expand to current-generation Xbox consoles later this year, following a beta period on the Xbox mobile app, Windows 11, and Xbox Ally handhelds. Announced at GDC by Xbox's product manager for gaming AI, the assistant uses voice interaction to help players who get stuck in games. While not a coding tool, the expansion illustrates Microsoft's strategy of deploying the Copilot brand across every surface — developer tools, productivity apps, and now gaming consoles. [10]

Feature Update

  • GitHub Copilot CLI v1.0.5 introduces /pr for full PR lifecycle automation, /extensions for extension management, and experimental embedding-based MCP retrieval. The release adds write_agent for multi-turn background agent conversations, /version for in-session update checks, preCompact hooks, and /changelog with last <N>, since <version>, and summarize subcommands. Bug fixes address Windows diff rendering, Kitty keyboard protocol escape sequences at shutdown, claude-sonnet-4.6 model persistence, authentication error handling for invalid tokens, and partial content display for large single-line files. [3]

  • GitHub added a repository setting to optionally skip human approval for Copilot coding agent Actions workflows. When enabled, CI/CD pipelines triggered by the agent's PRs and pushes run immediately instead of waiting for manual approval. The default remains requiring human approval to protect against security risks from automated workflow execution with access to tokens and secrets. [4]

  • GitHub Copilot for students transitions to a new dedicated Student plan with an updated model lineup. The change aims to build a long-term, sustainable Copilot experience tailored for students with continued investment in AI-native learning tools. Details of the specific model changes are available in the GitHub Community Discussion. [11]

  • Gemini CLI v0.35.0-nightly ships a 90+ PR development build with major agentic infrastructure additions. Highlights include a model-driven parallel tool scheduler for concurrent tool execution, native gRPC support and protocol routing for A2A agents, OAuth2 Authorization Code auth provider, SandboxManager interface and config schema, customizable keyboard shortcuts with Kitty protocol support, vim mode improvements, skill activation via slash commands, speech-friendly response formatter, browser agent automation overlay, --admin-policy flag, per-model token usage in stream-json output, and Antigravity CLI fallbacks. [6]

  • Gemini CLI v0.34.0-preview.3 is a hotfix patch release cherry-picking a single fix onto the preview branch. This is a minor maintenance release with no user-facing feature changes. [12]

  • Claude Code v2.1.75 ships a minor code-review improvement, ensuring inline comments are posted with confirmed=true in batch output mode. The change targets the code-review workflow where batch-posted inline comments now carry the confirmed flag, improving integration with code review platforms. [13]

  • OpenCode v1.2.26 adds an effect-to-zod schema bridge, Bun configuration serialization, and desktop multi-window support in Electron. Other core changes include paginated session history for improved server performance, text attachment support, and a fix for sessions lost after git init in existing projects. The desktop app receives model selection persistence per session, sidebar synchronization across the application, and numerous UX polish improvements. [14]

  • OpenAI Codex published 7 alpha releases (v0.115.0-alpha.15 through v0.115.0-alpha.21) on a single day, indicating intensive development on the Rust-based CLI rewrite. No detailed changelogs are provided for individual alpha builds, but the release cadence — roughly one every 2–3 hours — suggests rapid iteration on the Rust implementation. [15]