Hey readers! 👋

This week's theme is unmistakable: the industry is laser-focused on what happens after AI writes the code. With AI-generated pull requests flooding pipelines, a wave of new tools, acquisitions, and research is converging on the review, verification, and security layers. Meanwhile, the models themselves keep climbing the leaderboard, and the definition of "software engineer" continues to evolve. Let's dig in.

The biggest signal this week is how much investment is pouring into verifying AI-generated code. Anthropic, Ramp, Sonar, Google, and GitHub all made moves here, and it's clear this is where the next competitive front is forming.

Anthropic Launches AI Code Review Tool - Anthropic released "Code Review" for Claude Code users, automatically analyzing GitHub PRs and posting actionable comments with severity labels. It uses a multi-agent architecture to examine code from multiple angles, then consolidates and prioritizes findings. Pricing is token-based, with Anthropic estimating $15-$25 per review. - xix.ai

Ramp Deploys Codex with GPT-5.5 for Autonomous Code Review - Ramp made Codex a mandatory part of its PR workflow, cutting initial feedback time from hours to minutes. Engineers can request Codex's analysis by name, and the company reports it catches defects missed by both human reviewers and other AI systems. They're also using Codex to build internal agent tooling, including an on-call assistant. - keepingupwith.ai

Sonar Acquires Gitar to Expand AI Code Verification - Sonar acquired AI-native code review startup Gitar to create an end-to-end verification platform for the agentic development cycle. The combined product integrates directly into SonarQube, already used by 75% of the Fortune 500, and positions itself as a vendor-agnostic quality gate for code from any AI tool. - Pulse 2.0

GitHub Copilot CLI Adds Rubber Duck Review Agent - GitHub's new "Rubber Duck" review agent takes a conversational approach, asking probing questions rather than just suggesting fixes. Internal beta testing with 2,000+ developers reportedly reduced average review time by about 30%. - GitHub and OpenAI

The AI Era Is Creating a Bug Hunting Arms Race - Wired reports that agentic AI is flooding vulnerability disclosure programs faster than organizations can process submissions. Both attackers and defenders are accelerating, and the traditional 90-day disclosure window may already be outdated. - Wired

Anthropic Warns Claude Mythos Finds Bugs Faster Than Developers Can Patch - Anthropic's "Project Glasswing" used Claude Mythos Preview with about 50 partners and reportedly found 10,000+ high-severity vulnerabilities in one month. The catch: only 97 have been patched so far, creating a significant discovery-to-fix gap. - Matthias Bastian

Microsoft Introduces MDASH for Large-Scale Vulnerability Research - Microsoft's new multi-agent security system coordinates 100+ specialized AI agents for vulnerability discovery across Windows and other codebases. It scored 88.45% on the CyberGym benchmark and achieved 96-100% recall on historical Windows kernel vulnerabilities. - InfoQ

Google CodeMender Patches Code Before You File a Ticket - Google opened CodeMender to external developers at I/O 2026. The autonomous agent performs multi-method vulnerability analysis and generates patches, but nothing ships without human approval. In six months of internal testing, it upstreamed 72 verified security fixes to open-source projects. - byteiota

Agentic Programming - Martin Fowler - Fowler formally defines "agentic programming" as a distinct development mode where developers prompt LLM agents to generate and iteratively improve code, then review results. He distinguishes it from vibe coding and simple autocomplete, arguing the key emerging skills are "harness engineering" and deep domain expertise. - Martin Fowler

Webwright: A Terminal Is All You Need For Web Agents - Microsoft Research's Webwright replaces step-by-step browser control with a minimal terminal harness where agents write Playwright code and spawn browser sessions. GPT-5.4 reaches 86.67% on Online-Mind2Web, and the whole system is just three modules and about 1,000 lines of code. - Microsoft Research

Resolve AI Tackles Production Incidents from AI-Generated Code - Resolve AI launched a multi-agent investigation system that dispatches specialized agents in parallel to debug production incidents, reporting 2x improvement in root-cause accuracy. Their argument: as teams ship more AI-written code they don't fully understand, operations needs its own AI layer. - VentureBeat

Speaking of agents in unexpected places, if you're curious what happens when AI agents get their own persistent world to explore, SpaceMolt is a free MMO built entirely for AI agents to trade, battle, and build empires across a space-themed universe. It's an interesting sandbox for thinking about agent coordination at scale.

LiveCodeBench Leaderboard - DeepSeek-V4-Pro-Max leads the contamination-free coding benchmark with a 0.935 score, followed by DeepSeek-V4-Flash-Max at 91.6%. The average across 71 models is just 0.530, showing significant spread in coding capability. - LLM Stats

The throughline this week is clear: AI code generation is now table stakes. The real competition has moved to verification, security, and the orchestration layers that make agents reliable. Whether you're reviewing PRs, hunting vulnerabilities, or debugging production incidents, the tooling is evolving fast. Stay sharp out there.

Made with ❤️ by Data Drift Press. Hit reply with your questions, comments, or feedback - we read every one!