AI Builders
Digest

Andrej Karpathy, AI researcher and former Director of AI at Tesla and founding team member at OpenAI, highlighted a new supply chain attack on the npm axios library, the most popular HTTP client with 300M weekly downloads. He personally found a vulnerable import from googleworkspace/cli in his system, noting that unpinned dependencies could have exposed him if timed poorly. He argued that package managers like pip and npm need default changes such as release-age constraints to prevent random, large-scale infections from temporary malicious packages. A comprehensive article on the issue is linked.

Vercel CEO Guillermo Rauch described the release of Opus 4.5 as opening a one-way door to agent-driven engineering, where agents now handle most coding. Aware of LLMs' over-confidence and flaws, his team enforces strict separation of casual 'vibing' from mission-critical infrastructure. He shared early internal guidance on 'agenting responsibly' with emphasis on security, durability, and availability at all times.

Ryo Lu, Designer at Cursor AI with prior experience at Notion and Stripe, reminisced about an era around 2005 when software felt alive with soulful details like bouncing docks and thoughtful animations, crafted by people passionate about user experience. He critiqued how growth optimization has stripped away personality, resulting in bland, uniform interfaces, and warned that AI agents' speed risks flooding the world with 'slop'—functional but soulless products. He believes true taste and caring remain human strengths that AI amplifies for a potential renaissance of personal, opinionated software, reminding us that all development is ultimately for humans.

Nikunj Kothari, partner at FPV Ventures, reflected on his meeting with Ivan Zhao 12 years ago, impressed by his dedication to tools that unite people. He contrasted AI doomerism focused on replacement with a vision of abundance where AI handles mundane tasks, allowing humans to collaborate more creatively on long-held dreams. He urged emphasizing this positive shift toward collective building.

Box CEO Aaron Levie outlined a major opportunity for resourceful talent inside organizations to reimagine workflows in the age of agents. This requires real effort: structuring unstructured data for agent access, mastering workflows to build skills and plans, connecting systems, and adapting processes—plus designing human oversight and validation roles. Unlike coding tasks where agents excel with context, broader knowledge work demands this investment, leading to new specialized roles that will be highly valuable, especially benefiting early-career professionals.

Dan Shipper, CEO at Every, called out a company's poor handling of a data breach bug that inadvertently served users' private data to other app users. He described the admission as a 'mealy mouthed way' to confess the issue and deemed it really bad.

Replit CEO Amjad Masad announced that builders can now monetize their Replit-built mobile apps using RevenueCat.

Swyx, AI builder affiliated with Cognition, Temporal, and Latent Space, pointed out that the frequently requested “sign in with ChatGPT” functionality already exists via the Codex app server. He noted it has been available for months and encouraged developers to read the docs to discover it. This was in response to discussions including at a Sam Altman town hall.

Josh Woodward, VP at Google Labs overseeing Gemini App and Google AI Studio, introduced a new featured notebook in NotebookLM titled 'The Science Of Ben Franklin.' Created in collaboration with The Royal Society, it features Benjamin Franklin's original papers, letters, and contemporary sources to enable learning from high-quality curated collections.

Peter Yang, Product lead at Roblox and curator of practical AI tutorials, reported that Cursor AI functions seamlessly in China with support for all model types.

Cat Wu, lead for Claude Code and cowork at Anthropic and previously at Dagster and Scale AI, announced broad support for GitHub Enterprise Server across Anthropic's product suite. This includes Claude Code on the web, iOS, Android, and Code Review features. She invited feedback on the update.

Anthropic's Claude AI announced the availability of Auto mode for Claude Code on the Enterprise plan and for API users. To enable it, users should update their installation and run the command claude --enable-auto-mode.

Zara Zhang, independent AI builder, introduced Lark CLI as transforming the all-in-one collaboration tool into the most agent-friendly platform, enabling full access and operation of chats, calendars, meetings, docs, and sheets. She built a skill that extracts and executes to-dos from meetings automatically. She also noted her Codebase-to-course project reached 2.6k GitHub stars after optimizations for token efficiency and reliability, suitable for CS learning or developer onboarding.

Y Combinator President and CEO Garry Tan shipped an improvement to the /review skill on GStack.