Hey —

Andrej Karpathy stood up at AI Ascent last week and said the quiet thing out loud: one-shot prompt coding is the warm-up. The real game is agentic engineering — disciplined workflows where multiple agents plan, edit, and verify across long-running tasks. Two days later, Snyk and Anthropic announced a security partnership, Opsera shoved a DevSecOps agent inside Cursor, and a new "Coder Agents" product launched specifically for enterprises that don't want their source leaving the perimeter. Theme of the week: vibe coding grew up.

This Week in AI Coding

• Karpathy redefines the field. At AI Ascent 2026, Karpathy framed the shift from "vibe prompts" to agentic engineering — disciplined multi-agent workflows that plan, verify, and iterate. Simon Willison followed up May 6 with the sharper version: the two practices are converging faster than is comfortable, and the line between "I just vibed this" and "an agent shipped it for me" is basically gone.
• Security finally caught the AI coding wave. Snyk and Anthropic announced a joint integration — Snyk's AI Security Platform now uses Claude under the hood, available to joint customers immediately. At RSAC 2026, OX Security demoed how reliably LLMs ship path traversal, XSS, command injection, and SSRF flaws. The takeaway isn't "AI is dangerous" — it's that security tooling is finally treating AI-generated code as the new default.
• Opsera + Cursor = DevSecOps inside the IDE. Opsera's agents now run as a native Cursor plug-in: Architecture Analyzer validates AI-generated code, plus a Security/SQL Scanner and a Compliance Auditor. This is the pattern to watch — every category of dev tool is becoming an agent that lives inside your editor.
• Coder Agents launched for enterprises that can't send source out. New product runs agent workflows entirely on the customer's own infrastructure, inside their network perimeter. No prompts leave, no source leaves. This is the unlock for regulated industries that have been stuck watching from the sidelines.
• Claude Design + Claude Security shipped alongside Opus 4.7. Claude Design lets you collab with Claude on real visual outputs (slides, prototypes, one-pagers). Claude Security is in public beta for Enterprise — code vulnerability scanning with proposed fixes, powered by Opus 4.7. Anthropic is openly building the "Claude does your job" stack.
• MCP is now infrastructure. Crossed 97 million installs. Prismatic shipped an open-source Skills plugin for Claude Code so you can ship integrations directly from inside Claude Code. If you're not building MCP servers yet, you're skipping the easiest leverage point in the stack.
• The model tier map is settling. Best read this week from DEV.to: three usable tiers — frontier closed (Opus 4.7, GPT-5.5, Gemini 3.1 Pro) for the hard 20% of work, cheap-and-good (Sonnet 4.6, DeepSeek V4-Flash, Grok 4.3) for daily driving, and open-weight (Qwen 3 Coder, Kimi K2.6) for self-hosting. Pick deliberately.

What We Shipped

• 6 new videos on @endofcoding this week — including "Cursor 3 Just Gave Every Developer a Team of AI Agents", "I Let Claude Code Run My Shopify Store for 24 Hours", "The Open Source Claude Code Alternative That Hit...", and "5 Vibe Coding Patterns That Break in Production". Daily Sun-Thu cadence is holding — 122 videos live now.
• LLMHire crossed 5,793 live AI jobs indexed. Did the analysis on what every high-paying role actually requires in 2026 (spoiler: it's not what the bootcamps are teaching). Full breakdown in this week's video — and you can search the live data at llmhire.com.
• EP115 flagship script is locked and ready for production — "5 Vibe Coding Patterns That Always Break in Production" hit hard, EP115 doubles down. Production cadence still every 2 days, every script grounded in real codebase failures we hit shipping the portfolio.

Tool of the Week: Claude Code "Tasks"

Claude Code quietly upgraded its Todos system to Tasks — a primitive for tracking complex, multi-session projects. Tasks persist across context windows and Claude Code sessions, which means you can hand off a 6-hour build to Opus 4.7, walk away, and pick it up tomorrow without re-explaining state. Combined with the longer-running agent improvements in 4.7, this is what finally makes "set it and check back" workflows actually work. If you've been bouncing back to your terminal every 4 minutes to nudge an agent, give Tasks a real test — leave it for an afternoon and judge by the diff.

Quick Links

• Simon Willison — Vibe coding and agentic engineering are getting closer than I'd like
• SD Times — May 8 weekly AI roundup (Coder Agents, Snyk-Claude, Opsera-Cursor)
• Anthropic — Introducing Claude Opus 4.7 (with Claude Design + Security)
• SC Media — Vibe coding has cybersecurity asking what AI can and can't replace

Building in public from Tel Aviv — Guy

endofcoding.com · vibecodingebook.com · llmhire.com · cyberos.dev · YouTube @endofcoding

Reply hits my inbox. I read everything.