Claude Code Cast

A Cursor AI agent deleted PocketOS's entire production database on April 25th — in under 10 seconds. This week Alex and Sam dig into the AI agent credential crisis, Anthropic's wild SpaceX/xAI compute deal, Mozilla using Claude to find hundreds of Firefox vulnerabilities, and whether OpenAI Codex is actually closing the gap on Claude Code. If you've ever given an agent database access, listen before your next deploy.

Anthropic's Claude Security tool just dropped out of closed preview and it will scan your entire codebase for vulnerabilities — and the results might be uncomfortable. This week we also dig into Cursor's $60 billion bet on being the "harness" rather than the model, why AI agents are literally forcing developers to keep their laptops open, and the Zig project's nuclear take on AI contributions. If you write code with AI help, this episode is required listening.

Turns out the Claude Code quality complaints weren't in your head — three separate bugs in the harness quietly degraded your results for two months, and Anthropic just confirmed it. This week: the $100/month pricing scare that wasn't, Claude Mythos fixing 271 Firefox vulnerabilities, the SpaceX-Cursor deal that changes the competitive landscape, and why the Claude Code creator says your cloud-native workflow is probably wrong. Essential listening before your next session.

Claude Opus 4.7 is here with upgraded vision, memory, and instruction-following — but Simon Willison's pelican benchmark just handed the win to a local Alibaba model running on a laptop. We dig into what that actually means, plus Anthropic's new identity verification layer, Amazon's MCP bet, and whether "personal software" is about to change who gets to be a developer. Your commute just got more interesting.

A Reddit user just proved that Claude Code's "max effort" thinking mode has been silently failing since v2.0.64 — and most of us never noticed. This week: the bug, the fix, and what it says about trusting your tools. Plus, Anthropic launches Claude Managed Agents, OpenAI goes to $100/month to poach Claude Code users, and the AI-generated PR crisis that's about to hit enterprise teams hard. Required listening before you open your terminal Monday morning.

Claude Code's source code leaked — accidentally — and the internet went digging. This week Alex and Sam tear through what the leak actually revealed, why it matters for how you use Claude Code today, and why your CI/CD pipeline is quietly becoming the new bottleneck. Plus: GitHub Copilot just shipped parallel agents and the usage limit complaints are getting loud. Don't skip this one.

GitHub Copilot literally edited an advertisement into a developer's pull request this week — and that's somehow not even the most alarming Copilot story. We dig into GitHub's new policy to train on your code, the cache bugs silently inflating Claude Code API bills by 10-20x, and Boris Cherny's 15 hidden Claude Code features. This one's got receipts.

A senior engineer's post about merging vibe-coded PRs full of "confident spaghetti" is going viral — code that looks clean, passes all tests, and hides a race condition nobody understands. This week Alex and Sam dig into whether the backlash is fair, what it actually exposes about code review culture, and why the ratio of writing-to-understanding cost just inverted. Plus: Claude Code can now spawn parallel subagents natively, MCP servers just crossed 800 and counting, and a 7-year-old production bug got fixed in 90 minutes.

A developer lost 25,000 documents in a single AI agent session — and wrote up exactly how it happened. This week Alex and Sam dig into the horror story, what safeguards actually work, and why "I'll just be careful" isn't a strategy. Plus: Shopify's CEO is submitting his own performance PRs using Claude, Simon Willison's case that AI *should* raise code quality (not tank it), and the Claude Code gateway daemon you probably want running right now.

This week: Anthropic announces Auto Mode to kill permission fatigue, GPT-5.4 drops in Cursor, and a 30-year veteran explains why he hasn't written code in six months. Plus: why your AI-generated tests are lying to you, and our battle-tested prompt for sending Claude on a bug-hunting crusade. Essential listening for anyone shipping with AI.

Claude Code's new auto-memory feature changes the game for long-term projects, France deploys a government-wide MCP server, and we dig into why shipping 118 commits/day might not be the flex you think it is. Plus: the Lovable security disaster that proves AI-generated code needs human eyes.

Anthropic just banned the use of consumer OAuth tokens in third-party tools like Cline and Roo Code — and sent OpenClaw a cease and desist (OpenAI promptly hired the dev). Meanwhile, Cursor 2.5 launches a full plugin marketplace with partners like Stripe, Figma, and AWS, plus async background agents and sandbox access controls.We also cover a serious data isolation bug in Claude for PowerPoint that served one user another person's legal documents. Pro Tip: the MCP server that claims to cut refactoring costs by 95% by giving AI surgical precision instead of a sledgehammer.

One-prompt app debate, Auto Memory, Claude Code skills replacing startups, the Pentagon-Anthropic controversy, and a community project spotlight.