Simon Willison — 2026-04-04#

Highlight#

Simon highlights a staggering growth in developer activity on GitHub, pointing to massive recent surges in both commit volume and GitHub Actions usage. This brief but potent link post captures the sheer scale of how rapidly AI-assisted programming and automated workflows are accelerating platform activity.

Posts#

[Quoting Kyle Daigle] · Source Simon shares a striking quote from GitHub COO Kyle Daigle that reveals an explosive surge in overall platform activity. Commit rates have jumped to 275 million per week, which is on pace for 14 billion this year compared to just 1 billion total commits in 2025. Additionally, GitHub Actions usage has skyrocketed to 2.1 billion minutes in just the current week alone, up from 1 billion minutes per week in 2025 and 500 million in 2023. This massive scale-up highlights the unprecedented velocity at which code is currently being generated, integrated, and tested across the developer ecosystem.

Simon Willison — 2026-04-05#

Highlight#

Simon highlights a deep-dive post by Lalit Maganti on the realities of “agentic engineering” when building a robust SQLite parser. The piece beautifully articulates a crucial lesson for our space: while AI is incredible at plowing through tedious low-level implementation details, it struggles significantly with high-level design and architectural decisions where there isn’t an objectively right answer.

Posts#

Eight years of wanting, three months of building with AI Simon shares a standout piece of long-form writing by Lalit Maganti on the process of building syntaqlite, a parser and formatter for SQLite. Claude Code was instrumental in overcoming the initial hurdle of implementing 400+ tedious grammar rules, allowing Lalit to rapidly vibe-code a working prototype. However, the post cautions that relying on AI for architectural design led to deferred decisions and a confusing codebase, ultimately requiring a complete rewrite with more human-in-the-loop decision making. The core takeaway is that while AI excels at tasks with objectively checkable answers, it remains weak at subjective design and system architecture.

Simon Willison — 2026-04-06#

Highlight#

The most substantial update today is Simon’s look at the Google AI Edge Gallery, an official iOS app for running local Gemma 4 models directly on-device. It stands out as a major milestone for local AI, being the first time a local model vendor has shipped an official iPhone app with built-in tool-calling capabilities.

Posts#

Google AI Edge Gallery Simon highlights Google’s strangely-named but highly effective official iOS app for running Gemma 4 (and 3) models natively. The 2.54GB E2B model runs fast and includes features like vision, up to 30 seconds of audio transcription, and an impressive “skills” demo showcasing tool calling against eight different HTML widgets. Despite a minor app freeze bug and the unfortunate lack of permanent chat logs, Simon considers it a significant release as the first official iOS app from a local model vendor.

Simon Willison — 2026-04-14#

Highlight#

Simon highlights a fascinating paradigm shift in AI security: treating vulnerability discovery as an economic “proof of work” equation where spending more tokens yields better hardening. This creates a compelling new argument for the enduring value of open-source libraries in the age of vibe-coding, as the massive cost of AI security reviews can be shared across all of a project’s users.

Posts#

[datasette PR #2689: Replace token-based CSRF with Sec-Fetch-Site header protection] · Source Simon has replaced Datasette’s cumbersome token-based CSRF protection with a new middleware relying on the Sec-Fetch-Site header, inspired by Filippo Valsorda’s research and recent changes in Go 1.25. This modern approach eliminates the need to scatter hidden CSRF token inputs throughout templates or selectively disable protection for external APIs. Interestingly, while Claude Code handled the bulk of the commits under Simon’s guidance with cross-review by GPT-5.4, Simon chose to hand-write the PR description himself as an exercise in conciseness and keeping himself honest.

Simon Willison — Week of 2026-04-04 to 2026-04-10#

Highlight of the Week#

Anthropic’s decision to delay the general release of their highly capable Claude Mythos model under “Project Glasswing” marks a significant turning point in the AI industry. The move underscores a massive shift in frontier model capabilities, as models evolve from generating text to autonomously chaining multiple minor vulnerabilities into sophisticated exploits, requiring a new level of security safeguards before release.