WEBVTT
NOTE The Rundown — nextbig.dev daily audio edition, 2026-03-05

1
00:00:00.000 --> 00:00:06.292
<v Marcus>Good morning and welcome to the Builder's Briefing for March 5th, 2026. I'm Alex, joined as always by Sam, and we've got a packed day — autonomous AI hackers, new models dropping, Apple hardware, and a TLS milestone that's been years in the making.

2
00:00:06.292 --> 00:00:10.528
<v Nadia>Yeah, honestly today's lineup feels like one of those days where you step back and realize the toolchain just fundamentally shifted under your feet. Let's get into it.

3
00:00:10.528 --> 00:00:18.418
<v Marcus>Alright, the big story. Shannon, from a company called Keygraph, is an open-source fully autonomous AI security agent. And it just posted a ninety-six percent success rate on the XBOW Benchmark. That's not finding theoretical vulnerabilities — it's constructing actual working exploits against web applications.

4
00:00:18.418 --> 00:00:25.115
<v Nadia>That number is wild. Ninety-six percent. And this isn't some black-box scanner dumping a PDF of CVEs at you. It reasons about your codebase and builds attack chains. If you give it source access, it finds the logic bugs that traditional DAST tools completely miss.

5
00:00:25.115 --> 00:00:30.773
<v Marcus>Exactly. The repo's live on GitHub, already over nine thousand stars and climbing. The practical move here is dead simple — point it at your staging environment, add it to your pre-deploy pipeline, run it weekly. It's free.

6
00:00:30.773 --> 00:00:38.434
<v Nadia>Right, and what's really interesting is the asymmetry shift. Autonomous offensive security is now commoditized and open source. Attackers have had these capabilities, but now defenders get the same tool. I'd bet within six months every serious CI/CD pipeline has some kind of AI red-team step baked in.

7
00:00:38.434 --> 00:00:43.559
<v Marcus>And if you're building security tooling commercially, your moat just got a whole lot thinner. Alright, moving to models — Qwen three-point-five dropped, and Unsloth already has a fine-tuning guide live.

8
00:00:43.559 --> 00:00:51.220
<v Nadia>That turnaround is insane. Simon Willison flagged the new Qwen activity, Unsloth ships a guide, and now if you're running self-hosted models you can test Qwen three-point-five against your Llama and Mistral baselines this week with memory-efficient tooling. The open-weight ecosystem is moving so fast.

9
00:00:51.220 --> 00:00:58.323
<v Marcus>Speaking of Simon Willison, he also published what's essentially the definitive guide to agentic engineering patterns. Tool use, human-in-the-loop, planning loops, error recovery — three hundred seventy-nine Hacker News points and the comments are genuinely useful, which is rare.

10
00:00:58.323 --> 00:01:06.949
<v Nadia>That's a bookmark-now kind of resource. If you're past the single-prompt stage and building multi-step agents, stop reinventing the wheel — use this as your architectural reference. And pair it with the piece from Leo de Moura about formal verification for AI-generated code. As AI writes more software, verifying it becomes the bottleneck.

11
00:01:06.949 --> 00:01:13.037
<v Marcus>Hundred percent. Okay, dev tools — this one's exciting. Weave is a new merge algorithm that understands code structure instead of just diffing text lines. It resolves conflicts based on semantic entities like functions, classes, and blocks.

12
00:01:13.037 --> 00:01:20.775
<v Nadia>Oh, this is the fix I've been waiting for. If you've got multiple AI coding agents generating PRs, merge conflicts are a nightmare because they're all line-based. Weave resolves conflicts semantically, which means way fewer false conflicts. This feels like the kind of tool that quietly becomes essential.

13
00:01:20.775 --> 00:01:27.472
<v Marcus>Also worth flagging — Zed Editor keeps trending. The Rust-based editor from the Atom and Tree-sitter creators has matured a lot since early betas. AI integration, collaborative features, sub-frame latency. If you haven't tried it recently, it's worth another look.

14
00:01:27.472 --> 00:01:31.785
<v Nadia>I switched back to it last month and the difference is night and day. It's fast in a way that makes VS Code feel sluggish, and the multiplayer editing actually works now.

15
00:01:31.785 --> 00:01:38.229
<v Marcus>Alright, new launches. The hardware story of the day — Apple announced the MacBook Neo. Seven hundred twenty-eight Hacker News points, over a thousand comments. For builders, the real question is whether the specs change your local model inference story.

16
00:01:38.229 --> 00:01:44.850
<v Nadia>That's exactly right. If it ships with enough unified memory — and knowing Apple's direction, it probably will — this could be the best local LLM dev machine on the market. That matters a lot for anyone doing inference without wanting to ship data to the cloud.

17
00:01:44.850 --> 00:01:51.116
<v Marcus>Also quick shout-out to KrillinAI — one-click video translation and dubbing across a hundred languages. Full pipeline from transcription to dubbing to format optimization. If you're building content tools or localizing video, link in the briefing.

18
00:01:51.116 --> 00:01:54.262
<v Marcus>Security corner. RFC ninety-eight forty-nine is official — TLS Encrypted Client Hello is no longer a draft. It's a real RFC.

19
00:01:54.262 --> 00:02:01.061
<v Nadia>This is huge and it's been a long time coming. The SNI field has been leaking which domain you're connecting to for years, and ECH finally encrypts it. If you run infrastructure, start planning support now. CDN and reverse proxy updates are going to start rolling out.

20
00:02:01.061 --> 00:02:07.708
<v Marcus>And a fun one — TikTok publicly refused to implement end-to-end encryption, claiming it makes users less safe. Which is a policy signal, not a technical argument. If you're building messaging or social features, E2EE is increasingly a competitive differentiator.

21
00:02:07.708 --> 00:02:10.422
<v Nadia>Yeah, users who care about privacy will simply move to platforms that offer it. That's the market speaking.

22
00:02:10.422 --> 00:02:14.633
<v Marcus>Okay one more I have to mention — nCPU. Someone implemented a full CPU architecture that runs entirely on GPU compute units. A hundred ninety-nine Hacker News points.

23
00:02:14.633 --> 00:02:20.367
<v Nadia>That is delightfully unhinged. Not production-ready, obviously, but if you're thinking about heterogeneous compute or GPU-native data processing, it's a fascinating architecture experiment worth studying. Link in the briefing.

24
00:02:20.367 --> 00:02:27.140
<v Marcus>Alright, let's tie it together. Three things converged today. Autonomous AI security testing went mainstream with Shannon. Agentic engineering got its definitive reference guide from Willison. And semantic-aware dev tooling is replacing line-based diffing with Weave.

25
00:02:27.140 --> 00:02:33.356
<v Nadia>The pattern is clear — if you're building with AI agents, add an AI red-team step now, structure your agents using proven patterns instead of reinventing them, and upgrade your merge tooling before AI-generated PRs overwhelm your review process.

26
00:02:33.356 --> 00:02:38.404
<v Marcus>The teams that treat AI-generated code as a first-class workflow concern — from generation to verification to merging — are going to ship faster and break less. That's the competitive edge right now.

27
00:02:38.404 --> 00:02:41.575
<v Nadia>Couldn't agree more. It's not about whether AI is writing your code — it's about whether your infrastructure is ready for it.

28
00:02:41.575 --> 00:02:45.000
<v Marcus>That's a wrap for March 5th. All the links and resources are in the briefing notes. We'll see you tomorrow — until then, keep building.
