Stay ahead in AI —
in just 5 minutes a day.

Supply-chain attacks hit developer tools

• It was discovered that litellm v1.82.8 on PyPI had been tampered with using a malicious payload designed to steal credentials [1].
• The planted code was located in litellm_init.pth, and the serious part was that it could be triggered simply by installing the package [1].
• Moreover, v1.82.7 contained a similar mechanism via another path—one that activates when the module is imported [1].

What was stolen was “secret information needed for development”

• The attackers broadly exfiltrated secrets that developers routinely use, including ~/.ssh/, cloud configuration credentials, kube/docker/npm credentials, and even shell history [1].
• The impact isn’t limited to package contamination; it also creates the risk of a cascading compromise extending to GitHub, cloud environments, CI/CD pipelines, and Kubernetes [1].
• After detection, PyPI isolated the affected package(s) and limited further damage to within a few hours—but it demonstrated that even a short window is enough for leakage to occur [1].

AI agents’ “execution scope” expanded to cloud operations

• Microsoft released the Azure Skills Plugin, enabling AI to move from selecting Azure configurations to provisioning, building, and deploying — when instructed by “deploy this application” in tools like Claude Code or GitHub Copilot [3].
• It consists of 20 skills files, 40+ Azure services, an Azure MCP Server, and Foundry MCP—turning “code generation” into a concrete pathway toward infrastructure operations [3].
• This aligns with AWS’s Agent Plugins for AWS, indicating a shift where cloud/DevOps move from an area where humans decide and execute manually toward one where agents make decisions and carry out actions [3].

A “high-performance web operation AI” became more realistic—even if open

• Ai2 published MolmoWeb 4B/8B, which performs browser operations using only screenshots [5].
• It also released MolmoWebMix, which includes 30,000 instances of human action traces, 1,100+ sites, 590,000 subtasks, and 2.2 million screenshot QA—structured with an emphasis on reproducibility and auditability [5].
• In addition, test-time scaling, where you can run multiple trials during testing and pick the best result, suggests it could surpass open models of a similar scale [2][5].
• Because automating web operations directly translates to automating business tasks like searching, inputting, navigation, and comparison, it is likely to spread beyond technical teams into general work as well [5].

AI coding moved from “single-shot assistance” to “long-term co-piloting”

• Cursor announced a new internal model, Composer 2, optimized for low-latency and long development tasks [4].
• It focuses not just on code completion, but on multi-step codebase search and editing, recovery from failures, and maintaining long context [4].
• Together, this shows that AI coding assistance is shifting from “answering one question at a time” to ongoing support across work spanning hundreds of actions [4].

Corporate AI adoption is shifting from visualization to decision-making

• There’s growing momentum behind the argument that the role of data analytics should be redesigned—from displaying dashboards to providing decision support [9].
• If AI agents are assumed to do not only interpretation and recommendations but also execution support, then building the right data foundation and human-centered analysis design become critical [9].
• This suggests that adopting AI won’t stop at “making convenient reports,” but will push organizations to reconstruct the business workflow itself [9].

Direction in the near future

• In development, deployment, browser operations, and analytics, AI will move from being a “tool that suggests” toward an execution-focused entity that drives real work.
• At the same time, risks like secret leakage and misoperation will increase—so permission design, verification, and auditing will become part of competitive advantage.
• Going forward, the differentiator may be less about simply “adding AI,” and more about how far to delegate and where humans should stop the process.

1. Delegate “long tasks” with Claude Code or Cursor

• Cursor is well suited for long coding tasks and edits across multiple files [4].
• Claude Code also shines at organizing tasks that span multiple parts of a codebase [3][6].
• The basic approach is to split a single request into purpose, constraints, and output format.

Prompt examples you can use

• “Review the authentication logic in this repository. The goal is improved maintainability; the constraint is not breaking existing API compatibility. Output: a bullet list of proposed changes and a list of files to modify.”
• “Propose the implementation changes needed for this feature addition, in implementation order: first dependencies, then the affected scope, and finally test considerations.”

2. Have Azure Skills Plugin generate deployment plans

• Azure Skills Plugin supports Claude Code and GitHub Copilot to help with Azure configuration selection and deployment tasks [3].
• As a practical first step, have it produce a deployment plan for a verification environment, not for production.
• Human operators fit best as the “final approver,” verifying only from the angles of cost, permissions, and availability [3].

How to roll it out

• “If we deploy this application to Azure, propose 3 service candidate options.”
• “Compare the minimum-cost option, the standard option, and the option focused on redundancy.”
• “Summarize, in a table, the expected cost, operational burden, and impact in case of failures for each option.”

3. Use MCP to give “memory” to AI

• With Model Context Protocol (MCP), it becomes easier for AI to reference past context and internal notes [6].
• For example, using an MCP connector like Nokos lets you treat search, retrieval, and saving as tools [6].
• It’s more efficient than pasting long background explanations every time to build a mechanism that pulls out the needed information.

Operations you can try today

• Centralize important meeting notes and design decisions in a single place
• Ask AI: “Summarize the past discussions on this topic.”
• Reuse the returned key points as the premise for your next request

4. Standardize emails and proposals with ChatGPT / Claude

• Writing text becomes much more stable with Role + Context + Format [8].
• If you clearly specify the recipient, purpose, constraints, and output format to ChatGPT or Claude, you’re more likely to get copy that works in real operations [8].

Example

• “You are a sales representative. Create an update proposal email for an existing customer. Assume the contract renewal is 1 month away; the condition is no price increase. The output should include exactly three sections: subject line, body, and closing.”
• “Split this meeting record into a 3-line summary for my manager and 5 next actions.”

5. Apply the MolmoWeb-style approach to business automation

• MolmoWeb is characterized by its approach of progressing browser operations while looking at screenshots [5].
• Instead of using existing RPA or manual steps, it can be used for preliminary research and comparison tasks for standard workflows with lots of screen transitions.
• For example, start with “draft-level” automation for tasks like price comparisons, checking inquiry forms, and gathering information from recruiting sites [5].

6. The execution order you can start today

• First: write down three tasks by narrowing your work to what you repeat every week
• Second: delegate one of them to ChatGPT or Claude
• Third: if it goes well, add past-context reuse with MCP or Cursor
• Fourth: for development/operations, try execution-focused agents like Azure Skills Plugin starting from a verification environment
• Fifth: make sure you keep a responsible human for final review—not just optimize for speed