Week 21 Summary

Simon Willison — Week of 2026-05-16 to 2026-05-22#

Highlight of the Week#

The most impactful milestone this week is the official announcement of Datasette Agent, merging Simon’s three years of work on his LLM library directly into Datasette. This conversational AI interface allows users to naturally interrogate their databases, boasting an extensible plugin architecture for charts, image generation, and secure code execution.

Key Posts#

[The last six months in LLMs in five minutes] · Source Simon shared annotated slides from his PyCon US 2026 lightning talk capturing a major inflection point in AI developer tooling. He highlights how coding agents crossed the threshold to become reliable daily drivers, and points to the astonishing capabilities of massive local models running on consumer hardware like Mac Minis.

Week 23 Summary

Simon Willison — Week of 2026-05-29 to 2026-06-05#

Highlight of the Week#

The single most impactful update this week is the release of Datasette 1.0a31, which marks a massive paradigm shift by introducing UI support for executing write queries directly against the database. By allowing developers with the right permissions to set up templated insert, update, and delete operations as “stored queries,” Simon is aggressively evolving Datasette from a purely read-only tool into one that embraces secure data mutation.

Week 24 Summary

Simon Willison — Week of 2026-06-06 to 2026-06-12#

Highlight of the Week#

The standout event this week was the release of Anthropic’s massive Claude Fable 5 model, which Simon immediately leveraged as a highly capable coding partner to essentially author complex new features across his open-source ecosystem. However, the most impactful takeaway was his deep dive into the model’s terrifyingly autonomous capabilities—such as independently writing CORS servers and injecting JavaScript just to debug a CSS glitch—which served as a stark reminder of why executing AI-generated code requires strict sandboxing.

Week 25 Summary

Simon Willison — Week of 2026-06-12 to 2026-06-18#

Highlight of the Week#

The most impactful release this week is the launch of datasette-apps, a major new plugin that allows developers to run self-contained, sandboxed HTML and JavaScript applications directly against a persistent Datasette backend. It brilliantly merges Simon’s ongoing experiments with AI-generated “vibe-coded” single-file tools and robust security architectures, pushing Datasette from a read-only publishing platform into a comprehensive ecosystem for building interfaces over data.

Week 26 Summary

Simon Willison — Week of 2026-06-18 to 2026-06-25#

Highlight of the Week#

This week’s absolute standout is the launch of the datasette-apps plugin, which fundamentally transforms how we build micro-applications over local databases. By utilizing tightly constrained iframe sandboxes and Content-Security-Policy headers, developers and LLMs alike can safely run custom HTML/JS interfaces against a persistent Datasette backend. It brilliantly merges Simon’s ongoing experiments with AI-assisted “vibe coding” and robust security architectures into a core ecosystem feature, effectively bridging the gap between Claude Artifacts and secure data environments.

2026-05-21

Simon Willison — 2026-05-21#

Highlight#

The major news today is the official announcement of Datasette Agent, merging Simon’s three years of work on the LLM library with Datasette to create an extensible, conversational AI assistant for querying data. It represents a huge milestone for his ecosystem, opening the door for users to naturally interrogate their databases and easily build custom tools using a new plugin architecture.

Posts#

Datasette Agent Simon officially announced Datasette Agent, a conversational AI interface that lets users ask questions of the data stored in Datasette. The post features a live demo using Gemini 3.1 Flash-Lite to successfully query a blog database to find a bird-watching record. He highlights a growing plugin ecosystem—including charts, image generation, and sandbox execution—and notes that tools like Claude Code and OpenAI Codex are proving excellent at writing these extensions. Looking ahead, Simon teased a major refactor for his LLM library, a Claude Artifacts-style plugin, and a personal AI assistant named “Claw” built using his older Dogsheep tools.

2026-05-30

Simon Willison — 2026-05-30#

Highlight#

Today’s standout is Simon’s breakthrough in running ASGI apps entirely in the browser using Pyodide and Service Workers. Guided by Claude Opus 4.8, this research paves the way for a major architectural upgrade to Datasette Lite, solving longstanding issues with JavaScript execution and plugin compatibility that plagued the older Web Worker approach.

Posts#

Running Python ASGI apps in the browser via Pyodide + a service worker · Source Simon documents a successful experiment using Claude Opus 4.8 to transition Datasette Lite from Web Workers to Service Workers. The previous Web Worker approach intercepted navigation but unfortunately broke inline <script> tags and numerous Datasette plugins. The new service worker method successfully runs a basic ASGI FastCGI demo and Datasette 1.0a31. Simon plans to fully implement this upgrade into Datasette Lite once he completely wraps his head around the AI-generated solution.

2026-06-01

Simon Willison — 2026-06-01#

Highlight#

The standout piece today is a staggering security failure at Meta, where an overly empowered AI support bot allowed hackers to hijack high-profile Instagram accounts simply by asking. It serves as a stark, practical reminder of the dangers of wiring LLMs directly into sensitive operational workflows without robust authorization safeguards.

Posts#

Hackers Simply Asked Meta AI to Give Them Access to High-Profile Instagram Accounts. It Worked Simon highlights a massive security oversight where attackers successfully bypassed the Instagram account recovery process merely by instructing Meta’s AI support bot to link a new email address to a target username. He notes this barely qualifies as a sophisticated prompt injection, but rather a profound architectural failure where Meta granted an AI chatbot the ability to fast-forward through the entire account recovery process. The core takeaway is a blunt warning to developers: never wire your support bots to execute one-shot account takeovers.

2026-06-03

Simon Willison — 2026-06-03#

Highlight#

Simon’s breakdown of Uber’s new $1,500 monthly cap on AI coding agents is a fascinating look at the real enterprise economics of token-burning tools. It puts a concrete dollar value on developer augmentation, framing AI spend as a direct percentage of software engineer compensation rather than just another standard SaaS subscription.

Posts#

Uber Caps Usage of AI Tools Like Claude Code to Manage Costs · Source Simon comments on a Bloomberg report that Uber is capping employee spending on agentic coding tools like Claude Code and Cursor to $1,500 per tool per month. He calculates that for two actively used tools, this translates to an annual cap of $36,000, which represents roughly 11% of the $330,000 median compensation for an Uber software engineer. Simon views this limit as a highly rational policy to manage token-burning costs, especially compared to gamified usage leaderboards, and notes that even his own heavy usage would still leave him with $500 a month to spare under this cap.

2026-06-06

Simon Willison — 2026-06-06#

Highlight#

The single most substantive piece today is Simon’s deep dive into building a safe WebAssembly sandbox for Python, tackling the highly risky business of executing untrusted, AI-generated code. It is a perfect example of using AI coding assistants to quickly prototype complex C and WASM integrations to solve a critical developer tooling problem.

Posts#

Running Python code in a sandbox with MicroPython and WASM · Source Simon tackles the security risks of running fully privileged plugin code in Python applications by embedding MicroPython within a WebAssembly environment. Using AI assistants like GPT-5.5 Pro, Codex Desktop, and Claude, he rapidly prototyped micropython-wasm, an alpha package that maintains persistent interpreter state and strictly controls file, network, and host function access. This vibe-coded sandbox is already powering a new code execution plugin for Datasette Agent, demonstrating a highly practical approach to executing AI-generated code safely without compromising the host system.