AI Coding News

April 9, 2026

Key Signals

  • OpenAI launched a $100/month ChatGPT Pro tier explicitly designed for heavy Codex users, directly undercutting Anthropic's identically priced Claude Max plan. With over 3 million weekly Codex users — up 5x in three months and growing 70% month-over-month — the new tier fills the gap between the $20 Plus and $200 Pro plans by offering 5x more agentic coding capacity. OpenAI is further sweetening the deal with a temporary 10x usage bonus through May 31, a move that openly targets developers who have been frustrated by Claude Code's rate limits. The pricing war between OpenAI and Anthropic for developer wallet share is now fully symmetric at $20/$100/$200 tiers. [1][2][3]

  • Anthropic promoted Claude Cowork from preview to general availability across all paid plans, shipping the enterprise governance layer that CIOs had been waiting for. The agentic desktop tool — born from the realization that Claude Code's filesystem capabilities appeal far beyond engineering teams — now includes role-based access controls via SCIM identity providers, per-MCP-tool action restrictions, team budget controls, and OpenTelemetry integration for analytics pipelines. A new Zoom MCP connector pulls in meeting summaries and action items. The launch directly competes with Microsoft's Copilot Cowork (which runs on the same Claude engine inside M365 tenants) and intensifies the agentic-desktop category race alongside Google's Gemini Agent Mode and OpenAI's Operator. [4]

  • Claude Code v2.1.98 delivered a sweeping security hardening release, patching multiple Bash tool permission bypasses that could lead to arbitrary code execution. Critical fixes address backslash-escaped flag exploits, compound command bypasses of forced permission prompts, and uncontrolled redirects to /dev/tcp or /dev/udp. New capabilities include subprocess sandboxing with PID namespace isolation on Linux, an interactive Google Vertex AI setup wizard, a Monitor tool for streaming background script events, and Perforce mode support. The volume of security fixes — over 15 discrete permission-related patches — signals the maturation pressure on CLI-based coding agents as enterprise adoption scales. [5]

  • Copilot CLI v1.0.22 advanced its plugin ecosystem with persistent cross-session plugins, a new agent skills field for eager context loading, and sub-agent depth/concurrency limits to prevent runaway spawning. MCP tool compatibility improved via JSON schema sanitization for non-standard schemas, and the CLI consolidated its config story by dropping .vscode/mcp.json in favor of .mcp.json with an automatic migration hint. Permission checks now work correctly with Anthropic models via BYOM/BYOK, reflecting the multi-model reality of modern coding agents. [6]

  • OpenAI is restricting its most cyber-capable model, GPT-5.3-Codex, to an invite-only "Trusted Access for Cyber" pilot backed by $10 million in API credits. The limited-release approach mirrors Anthropic's handling of its Mythos model and Project Glasswing, establishing a new industry pattern where frontier coding models with exploit-writing potential follow responsible-disclosure-style staged rollouts rather than broad public launches. [7]

AI Coding News

  • Mozilla formally accused Microsoft of undermining browser choice through Windows design decisions and aggressive Copilot system-level integration. Parts of Windows still route links to Edge regardless of default browser settings, including taskbar search results and links from Outlook and Teams. Mozilla specifically called out Copilot's automatic pinning to the taskbar, bundling with Microsoft 365, and dedicated laptop keyboard keys as examples of platform power being leveraged to push AI services at the OS level, making it harder for independent browsers and tools to compete. [8]

  • A Stanford-backed study of 100,000+ employees finds net developer productivity gains from AI coding tools settle at 15–20%, with 15–25% of AI-generated code eventually reworked. Presented at InfoQ, the analysis notes that while raw AI code output is 30–40% higher, bug rates and deletions erode the headline figure substantially. The accompanying presentation surveyed developer tool preferences and found Claude Code, Cursor, and IntelliJ IDEA topping the "next tool to adopt" list among VS Code users, while the AGENTS.md convention is emerging as a cross-tool standard adopted by Codex, Cursor, Gemini CLI, and Copilot for agent configuration. [9]

Feature Update

  • OpenAI introduced a new $100/month ChatGPT Pro tier offering 5x more Codex agentic coding capacity than the $20 Plus plan. The tier bridges a steep pricing gap that previously jumped from $20 to $200, and includes access to Pro models and deep research capabilities formerly exclusive to the top tier. Early subscribers receive a promotional 10x usage allowance through May 31. OpenAI states that "Codex delivers more coding capacity per dollar across paid tiers" compared to Claude Code, particularly during active coding sessions. [1][2][3]

  • Anthropic launched Claude Cowork to general availability on all paid Claude plans with a full enterprise governance stack. New features include SCIM-based role-based access controls for user group management, granular per-action restrictions on MCP tools, team-level API budget controls, usage analytics dashboards, and OpenTelemetry support for piping telemetry into existing enterprise analytics infrastructure. A Zoom MCP connector was also added to pull meeting summaries, action items, and transcripts into Cowork workflows. [4]

  • Copilot CLI v1.0.22 shipped with MCP schema sanitization, persistent plugins, agent skills support, and sub-agent safety limits. Custom agents can now declare a skills field to eagerly load skill content at startup, and plugins persist across sessions with auto-install on startup. The release removes .vscode/mcp.json and .devcontainer/devcontainer.json as MCP config sources, consolidating on .mcp.json with a migration hint for existing users. Sub-agent depth and concurrency limits prevent runaway agent spawning, and permission hooks now work correctly with Anthropic models via BYOM/BYOK configuration. [6]

  • Claude Code v2.1.98 shipped an extensive security and capability update with an interactive Vertex AI setup wizard, Perforce mode, and subprocess sandboxing. The release fixes a critical Bash tool permission bypass involving backslash-escaped flags that could enable arbitrary code execution, along with fixes for compound command permission bypasses, unsafe redirects to /dev/tcp and /dev/udp, and wildcard permission rule matching failures. New additions include a Monitor tool for streaming background script events, TRACEPARENT env var propagation for OTEL tracing, and LSP clientInfo identification. The /agents command now features a tabbed layout with Running and Library tabs, and Vim mode gains j/k history navigation. [5]

  • GitHub enabled "Ask Copilot" in security assessments, allowing organization admins and security managers to invoke Copilot directly from secret risk and Code Security risk assessment results. The feature provides contextual AI-powered explanations and guided next steps within the security assessment workflow, eliminating the need to context-switch to a separate Copilot interface when reviewing security findings. [10]

  • Gemini CLI released v0.37.1 as a stable patch alongside a nightly build (v0.39.0-nightly) that refactors subagent tooling into a unified invoke_subagent tool. The nightly also includes startup optimization with a lightweight parent process, JSONL streaming for chat recordings, Windows Terminal Ctrl+Backspace support, and sandbox security fixes for Windows symlink bypass and centralized macOS Seatbelt paths. Plan Mode gained a requirement for user confirmation before activate_skill executions. [11]

  • OpenCode v1.4.2 fixed subagent interactivity in the TUI and removed a forced loading delay in the Desktop app. Subagents are now clickable during execution rather than only after completion, and the Desktop client connects without an artificial delay. A companion v1.4.1 release was also published earlier the same day. [12]

  • OpenAI Codex published three alpha releases (v0.119.0-alpha.27 through alpha.29) continuing the rapid iteration cadence of the Rust-based Codex CLI. The releases maintain the project's daily shipping tempo as Codex's user base expands past 3 million weekly active users. [13]