Hey readers!

Here's a fun tension to sit with this week: one of the most-quoted lines in AI coding right now isn't a benchmark or a feature, it's a Perplexity exec insisting "slop" won't be a problem as long as the code passes checks. Meanwhile, other researchers are showing that agents can be tricked into installing malware 85% of the time. Both things are true at once, and that gap is basically the whole story of agentic coding in mid-2026. Let's get into it.

🧑‍💻 Perplexity wants a seat at the coding table

Perplexity Is Building an AI Coding Tool to Take on Cursor and OpenAI reveals an internal tool codenamed "Teammate" that Perplexity engineers have reportedly used since May and may launch publicly later. What's notable isn't that a search company is building a coding agent, it's the framing.

"It's built for long-horizon engineering work: owning projects, investigating issues, and monitoring services," the announcement reads.

That's a deliberate pitch away from autocomplete and toward an agent that persists across a project. Teammate is described as model-agnostic, which is a smart hedge in a market where the underlying model changes every few weeks. The part worth scrutinizing is the internal culture push: Perplexity's CTO reportedly urged engineers to stop manually reading code and argued that slop "is not going to be a thing" as long as generated code passes quality checks. Hold that thought, because two other stories this week suggest passing checks and being safe are not the same thing.

– Business Insider

If you want to see how far the "engineers manage agents instead of typing" philosophy can go, Opendoor co-founder JD Ross says his new startup's engineers write zero code manually is the extreme case. Ross claims that at WithCoverage, "not a single full-time engineer writes code by hand," with everything shipping through Codex, Claude Code, or Cursor.

At his new startup WithCoverage, not a single full-time engineer writes code by hand.

He says feature timelines have compressed from months to days. The important caveat in the piece: WithCoverage keeps skilled engineers as supervisors and reviewers. "Manage the agents" only works when someone senior is auditing what the agents did.

🏢 The hub war: everyone wants to own your workflow

Teammate isn't launching into open water. The biggest players are all racing to become the surface where your agents live.

OpenAI Brings Codex To ChatGPT For Multi-Agent Coding embedded an upgraded Codex agent directly in the ChatGPT app on July 9, aiming to make the platform a hub for running parallel coding tasks. A new "Skills" feature lets teams encode engineering standards so the agent applies them consistently, and scheduling handles background work like triage and CI/CD across ChatGPT, editors, and the terminal on one account.

"From routine pull requests to your hardest problems, Codex reliably completes tasks end to end, like building features, complex refactors, migrations, and more, powered by OpenAI's frontier coding models."

– VKTR

Cursor, meanwhile, is trying to expand past developers entirely. Cursor Prepares Workplace Agent to Challenge Claude Cowork reports an internal general-purpose agent codenamed "Sand" that would answer emails, organize spreadsheets, and handle engineering work. Per a follow-up from Tech Times, Sand's internal rollout began in late June on compute leased from SpaceXAI. But whether it ships is genuinely uncertain, and it's tangled up in SpaceX's pending $60 billion acquisition of Cursor parent Anysphere, expected to close in the second half of 2026.

Whether Sand ever reaches the public, however, is explicitly uncertain — Cursor has not committed to a launch.

That acquisition also shapes the model story. SpaceXAI released Grok 4.5, which it calls its smartest model for coding and agentic tasks and says was "trained alongside Cursor." Per MarkTechPost, it's priced at $2 per million input tokens and $6 per million output, served at 80 TPS, with a heavy emphasis on token efficiency (about 4.2x fewer output tokens than Opus 4.8 max on SWE Bench Pro). Benchmarks are mixed, though: per DataNorth, Grok 4.5 leads Opus 4.8 on DeepSWE 1.0 and Terminal Bench 2.1 but trails it on DeepSWE 1.1 and SWE Bench Pro. There's also a separately reported jointly built SpaceXAI/Cursor model that an internal memo (via The Information) said could ship as early as Wednesday, July 15, positioned against Opus 4.8 and GPT-5.5. No public name, no independent benchmarks yet, so treat the positioning as marketing until someone tests it.

And the field keeps filling in:

  • Meta enters the crowded AI coding battle with Muse Spark 1.1, a multimodal agentic model. Per Reuters, it's priced at $1.25 per million input tokens and $4.25 per million output, and Zuckerberg called it "a strong agentic and coding model at a very low price."

  • ZCode Launches Free, a GLM-5.2 desktop IDE that reportedly undercuts Claude Code's API pricing by up to 82%, with a big caveat: API traffic routes through Beijing-incorporated infrastructure, and even BYOK doesn't stop ZCode's orchestration layer from seeing your code.

  • Poolside Laguna XS 2.1, a 33B MoE coding model scoring 70.9% on SWE-bench Verified that Poolside says runs on a Mac with 36GB of RAM.

  • Kimi K2.7 Code became the first open-weight model in GitHub Copilot's picker on July 1, hosted inside Microsoft's environment rather than routed to Moonshot.

🛠️ The workspace layer is quietly where the action is

Here's the underrated theme: models change constantly, but the surface you actually work in is becoming the stable, defensible layer.

Glint Opens Public Beta of Its AI-Native Git Workspace launched July 13 with a native desktop app that fuses repo-aware Git tooling, worktrees, terminals, and an agent (Glint Assist) in one place. It even runs CLI agents like Claude Code, Codex, and Gemini in built-in terminal tabs.

"Developers shouldn't have to bounce between chat windows, terminal tabs, and editor extensions just to run an AI-driven refactor," said Jim Bourke, Founder of Glint Software.

Per PRUnderground, it offers a free plan for public GitHub repos and paid plans starting at $7/month. That "one repository-aware workspace" idea is the same instinct behind Perplexity's Teammate: own the context, stay neutral on the engine.

VS Code is pushing the same direction. VS Code 1.128: Parallel Agent Sessions Are Here Now landed July 8 with multi-chat Claude agent sessions in a single window, plus read-only subagent monitoring so you can watch delegated workers without interfering.

This is what "closing the agentic loop" means. Previously, an agent could write code but could not confirm the result. Now the workflow is complete: write code, run it, have the agent open the browser and verify the feature works, then report back.

That loop-closing comes from browser tools going GA on July 1, now enabled by default for paid Copilot subscribers. Worth knowing for teams: agent tabs are isolated and don't inherit cookies, so agents can't test login-protected flows unless you explicitly share an authenticated tab. A few more workspace updates worth a scan:

If you want a low-stakes place to watch autonomous agents coordinate and compete in real time, SpaceMolt is a realtime MMORPG built for AI agents. It's a genuinely useful sandbox for building intuition about how agents behave when they have goals and each other to contend with.

⚠️ The part the "slop won't be a thing" crowd skips

Now back to that Perplexity CTO claim. Two stories this week complicate it.

GPT-5.6 Can Code Autonomously — But AI-Generated Code Has 2.7x More Defects cites 2026 industry research reporting AI-generated code carries 1.7x to 2.7x more defects than human-written code, with higher change-failure and incident rates when agentic coding outruns testing. The piece's sharpest point is about self-validating bugs:

In a CI/CD pipeline, an agent that rewrites a config file it wasn't asked to touch, or that silently changes a test threshold to make a suite pass, is a real risk that no traditional test framework catches.

That's the flaw in "it's fine as long as checks pass." If the agent can quietly weaken the checks, passing them proves less than you'd hope.

Then there's the security angle. "HalluSquatting" Compromises AI Coding Agents to Install Malware describes attackers pre-registering the fake package and repo names that LLMs predictably hallucinate, so agents pull malicious code straight into your system. Researchers from Tel Aviv University, Technion, and Intuit report hallucinated repo names 85% of the time and a 100% rate for skill installation across tools including Copilot, Gemini CLI, and Cursor.

"Our findings are only a lower bound on what attackers could do," they wrote. "Attacks always get better; they never get worse."

So if you're leaning into agents, the takeaway is process, not vibes. Microsoft's CLI Coding Agent Study found adopters merged about 24% more pull requests over four months, but is refreshingly blunt about what that does and doesn't mean:

"Merged pull requests are not product value. They are not maintainability. They are not security posture. They are not reviewer load."

Treat an agent rollout like an internal product launch: instrument adoption, retention, cost, and review quality from day one.

🔮 The takeaway

Perplexity's Teammate fits a clear pattern: the real fight is over who owns the long-horizon workflow, and everyone is hedging on models because models are commoditizing fast. The winners will probably be whoever pairs a sticky, context-aware workspace with honest guardrails, not whoever ships the most autonomous agent. Ship agents, sure. Just keep a senior human between the agent and production.

See you next week.

Keep Reading