Move Fast and Ship Agents

Here's the uncomfortable truth that arrived at RSAC 2026 like a fire alarm during a champagne toast: nearly half of all applications built primarily through vibe coding fail basic security benchmarks. Path traversal. SSRF. The kind of vulnerabilities that make a pen tester's morning commute worthwhile.

The numbers are stark. AI-generated code is 2.74 times more likely to contain vulnerabilities than code written by experienced human engineers. And it gets worse: researchers coined "Slopageddon" to describe the flood of AI-generated pull requests overwhelming open-source maintainers—PRs that compile, pass lint, look reasonable in review, and contain security holes you could drive a truck through.

This isn't an indictment of the tools themselves. It's an indictment of the workflow. When a developer vibes their way through a feature without understanding the security implications of what the model just generated, they're not pair-programming—they're rubber-stamping. The models are getting better at writing correct code. They're not getting better at writing safe code. Those are different problems, and the gap between them is where the next generation of "AI-native" security tools—think Snyk, Semgrep, and their successors—will live.

If you've ever tried to explain the difference between AutoGen and Semantic Kernel to a product manager, congratulations: you no longer have to. Microsoft merged them into the Microsoft Agent Framework, and it's exactly the kind of boring, necessary infrastructure move that makes enterprise adoption actually possible.

The real headline isn't the consolidation itself—it's the native support for the Agent Communication Protocol (ACP). This means Microsoft agents can now talk to Salesforce agents, GitHub agents, or any third-party agent that speaks ACP. In a week where everyone shipped their own autonomous coding agents, interoperability is the move that actually matters. You can have the flashiest parallel execution engine in the world, but if your agents can't coordinate with agents from other vendors, you've built a very expensive silo.

The built-in SOC2 and HIPAA compliance guardrails are a direct response to the RSAC findings—or perhaps an anticipation of them. Every line of agent-generated code gets automatically audited before it reaches the CI/CD pipeline. It's not glamorous. It's the plumbing. And it's exactly what was missing.

Cursor 3.0 shipped the feature that makes the "vibe coding" label feel quaint: the Agents Window. Spin up multiple autonomous agents, each working in its own Git worktree, each tackling a different ticket. You're not writing code anymore. You're supervising parallel workstreams.

The technical innovation underneath is genuinely clever. They've implemented a reinforcement learning method with targeted textual feedback that prevents agents from "reward hacking"—the tendency to take shortcuts that technically satisfy the task description but introduce technical debt. If you've ever had a junior engineer close a ticket by deleting the test that was failing, you understand the problem. Cursor's RL approach catches that pattern before it ships.

The Jira integration is the quiet killer feature. One click turns a ticket into a live agent task. The bottleneck in software development hasn't been typing speed for years—it's been the organizational overhead of breaking work into pieces, assigning them, and tracking progress. Cursor just automated the last mile of that loop. The question is whether managers are ready for a world where "sprint planning" means configuring agent parameters.

Windsurf 2.0 crossed one million active users, and the growth engine is almost too obvious in hindsight: take Devin—the autonomous coding agent that fascinated everyone and intimidated most—and package it as a button inside an IDE that feels familiar. Start a task locally, click "offload," and the long-tail work (running the test suite, debugging CI failures, deploying to staging) moves to Devin's cloud environment while you move on to the next thing.

The partnerships tell the story. JPMorgan Chase and ServiceNow are deploying what they're calling "Agentic Engineering Teams"—not individual developers using an AI tool, but organizational units where the team includes both humans and autonomous agents with defined roles. It sounds like corporate buzzword theater until you realize it's essentially what Cursor's Agents Window does, but at the enterprise org-chart level.

"Windsurf isn't an IDE; it's a cockpit for a fleet of autonomous engineers." That's their marketing line, and for once, the marketing isn't exaggerating by much. The question is whether you're the pilot or the passenger.

Google I/O 2026 brought Antigravity 2.0—a complete rebuild of Google's agentic coding platform—alongside Gemini 3.5 Flash, a model specifically optimized for the high-frequency agent-to-agent communication that powers modern vibe coding workflows. Flash is 4x faster than its predecessor, which matters when your IDE is spinning up dozens of inter-agent API calls per keystroke.

The strategic play is vertical integration. Google now owns the model (Gemini), the IDE (Antigravity), the cloud execution environment, and the $100/month "Agentic Tier" that bundles unlimited autonomous bug-fixing agents for enterprise customers. Sundar Pichai called it "the orchestration layer for the autonomous enterprise," and while that sounds like a slide from a McKinsey deck, the product is real and the pricing is aggressive.

The competitive dynamic here is fascinating. Cursor owns the developer experience. Anthropic owns the smartest model. Microsoft owns the enterprise plumbing. Google's bet is that owning everything—from silicon to IDE—will win by reducing integration friction. History suggests that the best product usually beats the most integrated one, but Google has the distribution to make this interesting.

At the Code with Claude conference in London, Anthropic unveiled the most technically audacious feature of the week: "Dreaming." During idle compute cycles, Claude Code agents generate structured "self-notes" about your codebase architecture—essentially building and maintaining a mental model of a million-line monorepo without consuming your tokens or your patience.

This solves the context-drift problem that has plagued every long-horizon coding agent. You know the failure mode: the agent refactors one module brilliantly, then breaks three others because it forgot they existed. Dreaming means Claude maintains the big picture even during deep, focused work. It's the difference between a contractor who reads the blueprints once and an architect who lives in the building.

Meanwhile, Opus 4.7 hit 87.6% on SWE-bench Verified—crossing the threshold where autonomous multi-repo refactoring becomes practical, not theoretical. And then there's the security footnote: Anthropic patched a critical RCE vulnerability (v2.1.118) that researchers found during the conference itself. In the vibe coding era, even the tool makers ship bugs. The difference is how fast you fix them.

Replit has always been the most democratic player in the vibe coding space, and Agent 4 doubles down on that identity. The new "Design Canvas" lets you visually manipulate UI layouts—drag a flexbox container, resize a grid column—while the agent reactively updates the underlying React and Next.js code in real-time. You're literally vibing: moving things until they feel right, and the machine writes the implementation.

The mobile story is equally telling. Replit now supports full-stack development on iPad and smartphones via cloud-hosted parallel agents. A founder sitting in a coffee shop can build, test, and deploy a complete web application from their phone. Whether that's inspiring or terrifying depends on your relationship with the word "craftsmanship."

The sleeper feature is the "Slide Deck" generator that converts code repositories into architectural presentations. It sounds like a gimmick until you realize that the hardest part of being a technical founder isn't building the product—it's explaining what you built to people who fund products. Replit is betting that the same AI that writes your code should also write your pitch. They might be right.