Simon Willison — 2026-05-13#

Highlight#

Simon’s standout experiment today demonstrates a clever UX workaround for sandboxed iframes, intercepting Content Security Policy (CSP) errors and passing them to the parent window for user approval. It is a great example of his hands-on AI-assisted programming, notably built using GPT-5.5 xhigh in the Codex desktop app.

Posts#

[CSP Allow-list Experiment] · Source This technical experiment explores how to load an app within a CSP-protected sandboxed iframe while maintaining a smooth user experience. Simon implemented a custom fetch() that catches CSP errors and passes them up to the parent window. The parent window can then prompt the user to add the blocked domain to an allow-list before refreshing the page. He built the tool using GPT-5.5 xhigh via the Codex desktop app.

Tech Videos — 2026-05-14#

Watch First#

A single PR just hijacked the NPM registry… is a must-watch breakdown of a devastating supply-chain attack on Tanstack packages. It clearly explains how an attacker exploited the pull_request_target GitHub action from a closed fork to steal an NPM publish token and propagate self-replicating malware across Python and JavaScript ecosystems.

Company@X — 2026-05-15#

Signal of the Day#

Andreessen Horowitz (a16z) is opening its first-ever overseas office in Japan this summer, marking a major strategic expansion aimed at capitalizing on the Japanese startup ecosystem. Aligning with Prime Minister Takaichi’s “New Technology Nation” strategy, a16z intends to focus heavily on defense and security innovations, linking technological superiority directly to diplomatic and defense capabilities.

Tech Videos — 2026-05-15#

Watch First#

The single video most worth watching is Building AlphaGo from scratch – Eric Jang from the Dwarkesh Patel channel. It is a highly technical, rigorous breakdown of Monte Carlo Tree Search and reinforcement learning that clearly connects classical game-solving architecture to the future of large language model reasoning.

Engineering @ Scale — 2026-05-15#

Signal of the Day#

Agent harness engineering is eclipsing raw model selection as the primary lever for building reliable AI systems. A decent model wrapped in a tightly constrained harness—utilizing deterministic hooks, sandboxes, and strict sub-agent schemas—will consistently outperform a superior model deployed with poor scaffolding.

Company@X — 2026-05-16#

Signal of the Day#

xAI has integrated X Premium subscriptions and live X platform search into NousResearch’s Hermes Agent. This signals a strategic push by xAI to expand its developer ecosystem beyond native Grok interfaces, embedding its real-time data moat directly into popular open-weight agent frameworks.

Tech Videos — 2026-05-16#

Watch First#

Beyond Code Coverage: Functionality Testing with Playwright — Marlene Mhangami, Microsoft is the standout watch because it directly addresses how to prevent AI coding assistants from introducing massive entropy into our repositories. The live demo utilizing a Playwright Model Context Protocol (MCP) server to drive behavior-based test generation offers a credible, pragmatic blueprint for AI-assisted Test-Driven Development.

AI Reddit — 2026-05-17#

The Buzz#

The massive shift in Github Copilot’s billing model has the developer community in an uproar and actively stress-testing local alternatives today. Copilot’s abrupt transition to strict token-based weekly limits is driving engineers toward local agents like OpenCode and Qwen3-coder, though early adopters are discovering that replacing cloud integration requires exhausting manual context management. Meanwhile, the Model Context Protocol (MCP) is rapidly maturing from a neat demo into the actual “service mesh” layer for AI agents, complete with observability drafts in OpenTelemetry and complex new routing patterns.

Tech Videos — 2026-05-17#

Watch First#

Fighting AI with AI — Lawrence Jones, Incident is a masterclass in pragmatic AI engineering for testing complex, multi-prompt agent systems. The standout trick: instead of fighting complex evaluation UIs, incident.io serializes massive UI trace graphs into static local file systems for Claude Code to natively ingest and debug, allowing the agent to effortlessly trace errors through hundreds of tool calls.

Navigating the Agentic Shift and Infrastructure Backlash — 2026-05-18#

Highlights#

We are seeing a profound bifurcation in the AI ecosystem today. On the practitioner level, engineers are finally moving beyond the limitations of “pure LLMs,” actively deploying neurosymbolic stacks and verifiable constraints to achieve genuine agentic autonomy. Conversely, at the macro scale, the industry is slamming into severe socio-political friction, characterized by a massive public backlash against data center infrastructure and a dangerously fragmented regulatory environment.