The Agents Are Multiplying

Anthropic launched Claude Cowork this week—a general-purpose AI agent for macOS that handles file management and document processing tasks. The real story isn't the product; it's what they built it with.

Cowork was created entirely using Claude Code, Anthropic's terminal-based coding assistant. That's the AI building its own autonomous offspring. Not as a research demo, but as a shipping product for everyday users who'll never touch a command line.

This marks a pivot point. For years, AI coding tools were developer utilities—useful, but contained. Cowork signals that the output of AI-assisted development can itself be autonomous software that works on behalf of non-technical users. The code-generation flywheel is spinning faster than most anticipated.

Cursor v2.4 dropped with two features that reveal where AI-native IDEs are headed: subagents that execute tasks in parallel, and Cursor Blame for enterprise customers who need to know which lines were written by humans versus AI.

Subagents let Cursor spawn child processes that work on independent parts of your codebase simultaneously. Think git branches, but for cognitive labor. While one subagent refactors your API layer, another writes tests, and a third updates documentation. The "skills" system lets you define custom capabilities these agents can invoke.

But it's Cursor Blame that should get enterprise attention. As AI-generated code becomes indistinguishable from human code, questions of liability, code review responsibility, and intellectual property attribution get murky. Blame creates an audit trail. It's the first serious attempt to answer "who wrote this?"—a question that will dominate engineering leadership conversations for years.

Also notable: agents can now ask clarifying questions instead of guessing. Simple, but it addresses one of the most frustrating patterns in current AI coding—the confident-but-wrong implementation.

GitHub released the Copilot SDK in technical preview, letting developers embed Copilot agents directly into their own applications. It's the same agentic runtime that powers the Copilot CLI, now available as LEGO bricks.

This is GitHub pivoting from product to platform. Instead of Copilot being a feature inside VS Code, it becomes infrastructure that any application can build on. Imagine CI/CD systems that automatically fix failing tests, documentation tools that update themselves, or internal dev portals with embedded AI assistance.

The timing aligns with Microsoft's broader agent strategy. Azure already offers various AI agents; Copilot SDK extends that reach into developer tooling. For startups building devtools, the calculus just changed: build your own AI, or embed Copilot and focus on your differentiation.

JetBrains integrated OpenAI's Codex directly into version 2025.3 of IntelliJ, PyCharm, WebStorm, and Rider. Developers can access it via JetBrains AI subscription, ChatGPT account, or raw OpenAI API key.

For the millions of developers who chose JetBrains over VS Code precisely because of its deeper language understanding and refactoring capabilities, this matters. You no longer have to choose between "the IDE that really gets Java/Kotlin/Python" and "the IDE with the best AI." You get both.

The integration covers the full development lifecycle: planning, coding, testing, deployment. It's positioned less as "autocomplete with AI" and more as "an AI pair programmer who understands your entire project context." Whether it lives up to that promise depends on how well JetBrains' semantic understanding feeds Codex's capabilities.

Cognition—the company behind Devin, the "AI software engineer" that made waves in 2024—launched Devin Review. It's an AI code review tool specifically designed to help humans understand changes made by AI agents.

This is meta in the best way. As more code gets generated by AI, the challenge shifts from "can AI write code?" to "can humans understand and verify what AI wrote?" Devin Review addresses this by integrating with GitHub pull requests and explaining complex changes in human-readable terms.

The product is free during early release—smart positioning to capture the workflow while the problem is still emerging. Think about the timing: Cursor ships subagents that write code in parallel, and Cognition ships a tool to review what those agents produced. The ecosystem is evolving faster than any single company can dominate.

Security firm Miggo disclosed a prompt injection vulnerability in Google's Gemini that could leak private Google Calendar data—meeting details, attendees, internal links. Google has patched it, but the disclosure highlights a structural problem with LLMs integrated into sensitive systems.

The attack vector: specially crafted prompts that trick the model into revealing information it has access to but shouldn't expose. This isn't a coding error in the traditional sense; it's a fundamental challenge of giving AI systems broad context about user data while expecting them to maintain access boundaries.

As AI assistants get deeper access to email, calendars, documents, and codebases, the attack surface expands. Every integration that makes AI more useful also makes it a more attractive target. The tools we celebrated this week—Copilot SDK, Claude Cowork, JetBrains Codex—all give AI broader access. That's a feature and a vulnerability simultaneously.

The implication for developers: security reviews now need to include "prompt injection" as a threat model. If your application exposes data to an LLM, assume attackers will try to extract it via cleverly constructed inputs.