WEBVTT
NOTE The Rundown — nextbig.dev daily audio edition, 2026-03-27

1
00:00:00.000 --> 00:00:06.304
<v Marcus>Hey everyone, welcome to Builder's Briefing for March 27th, 2026. I'm Alex, joined as always by Sam. We've got a packed one today — multi-agent coding workflows are officially here, a supply chain attack on AI middleware, and some really sharp quick hits.

2
00:00:06.304 --> 00:00:08.999
<v Nadia>Yeah, today's one of those days where you can feel the landscape shifting under your feet. Let's get into it.

3
00:00:08.999 --> 00:00:17.256
<v Marcus>Alright, the big story. There's an open-source project called oh-my-claudecode that's racked up nearly three thousand engagement on GitHub. It's a multi-agent orchestration layer built on top of Claude Code — so instead of one AI pair programmer, you're coordinating a whole team of agents working on the same codebase simultaneously.

4
00:00:17.256 --> 00:00:22.300
<v Nadia>Okay, this is the thing I've been waiting for. So you can actually define agent roles — like one's the implementer, one's the reviewer, one's running tests — and they share context and talk to each other?

5
00:00:22.300 --> 00:00:27.615
<v Marcus>Exactly. You set up communication channels between them, run parallel workstreams, and they stay coherent. The pitch is that multi-day PR cycles could collapse into hours for teams shipping across multiple services.

6
00:00:27.615 --> 00:00:35.057
<v Nadia>That's interesting because it mirrors how real engineering teams actually work, right? You don't have one person doing everything sequentially. And honestly, the solo builders and small teams are going to benefit the most from this — you're basically getting a whole engineering org's worth of agents.

7
00:00:35.057 --> 00:00:42.177
<v Marcus>And that connects perfectly to another data point that dropped this week — ninety percent of Claude Code output goes to repos with fewer than two stars. Solo projects, prototypes, side hustles. The power users aren't big open-source maintainers, they're individual builders shipping fast.

8
00:00:42.177 --> 00:00:46.602
<v Nadia>Which means the tooling should be designed for them. I'd bet every major AI coding tool ships some version of multi-agent coordination within six months. This is the new baseline.

9
00:00:46.602 --> 00:00:52.412
<v Marcus>Totally agree. The repo is early but functional — link in the briefing if you want to clone it. Okay, staying in AI land — the ARC-AGI-3 benchmark just dropped. This is the new bar for testing genuine reasoning versus pattern matching.

10
00:00:52.412 --> 00:00:58.345
<v Nadia>Right, and what's wild is how fast benchmarks get saturated now. ARC-AGI-2 felt brand new and models were already closing in. If you're evaluating models for complex decision-making, this is your new north star, but enjoy it while it lasts.

11
00:00:58.345 --> 00:01:04.229
<v Marcus>Also worth flagging — there's a Show Hacker News project offering a plain-text cognitive architecture for Claude Code. Basically a structured format for giving it persistent context, memory, and reasoning scaffolding across long sessions.

12
00:01:04.229 --> 00:01:09.446
<v Nadia>Oh, that's clever. Context window limits are the number one pain point in long coding sessions. If this is lightweight enough, it could save people from building custom tooling just to keep their agent on track.

13
00:01:09.446 --> 00:01:14.811
<v Marcus>And one more — there's a new open-source OCR model called Chandra that handles nested tables, handwritten forms, full layout preservation. If Tesseract has been choking on your real-world scans, this is worth testing.

14
00:01:14.811 --> 00:01:19.162
<v Nadia>Document processing is one of those unsexy problems that's actually a massive market. Good OCR on messy inputs is still genuinely hard, so I'll definitely be checking that out.

15
00:01:19.162 --> 00:01:25.219
<v Marcus>Alright, let's talk security because this one's important. There was a supply chain attack on LiteLLM — which a lot of people are using as their LLM proxy — and a builder documented their minute-by-minute incident response. Link in the briefing.

16
00:01:25.219 --> 00:01:31.127
<v Nadia>This is a wake-up call. LiteLLM sits in so many AI stacks right now. Your AI middleware is a tier-one attack surface and most people aren't treating it that way. If you're using it, go read the IOCs and remediation steps today, not Monday.

17
00:01:31.127 --> 00:01:38.915
<v Marcus>And relatedly, there's a solid writeup on what they're calling 'Disregard That' attacks — the class of prompt injection where adversarial content tells an LLM to ignore prior instructions. If you're building anything that processes user-supplied or web-scraped content, this taxonomy helps you think about defenses.

18
00:01:38.915 --> 00:01:42.673
<v Nadia>I like that it's getting a name. Once you can name a vulnerability class clearly, you can actually write policies and tests against it. That's progress.

19
00:01:42.673 --> 00:01:48.705
<v Marcus>Quick hit on the EU — Chat Control got voted down in Parliament, but a parallel push to scan private messages got revived in the same week. If you're building end-to-end encrypted messaging for EU users, the regulatory ground is still shifting.

20
00:01:48.705 --> 00:01:49.892
<v Nadia>Don't architect assuming that's settled. Got it.

21
00:01:49.892 --> 00:01:53.353
<v Marcus>Over in dev tools — Carbonyl is turning heads. It's full Chromium running inside your terminal. Not a simplified browser, the actual engine.

22
00:01:53.353 --> 00:01:58.891
<v Nadia>That sounds absurd and I love it. For CI/CD visual testing or SSH-only environments where you can't forward X11, this is actually incredibly useful. I've been in those situations and it's painful without something like this.

23
00:01:58.891 --> 00:02:05.071
<v Marcus>Swift six-point-three also landed with concurrency improvements. And here's a frustrating one — Apple is auto-closing bug reports unless developers actively re-confirm the issue still exists. If you maintain Apple platform code, go check your radars.

24
00:02:05.071 --> 00:02:10.115
<v Nadia>Oh, the classic 'verify or get closed' move. That's infuriating for anyone who's spent hours writing a detailed bug report. Definitely go check — your carefully filed reports may be silently disappearing.

25
00:02:10.115 --> 00:02:15.949
<v Marcus>On the infrastructure side, there's an open-source tool called Komodo for deploying across multiple servers without the Kubernetes tax. If you're running five to fifty servers and K8s feels like overkill, it's a pragmatic middle ground.

26
00:02:15.949 --> 00:02:19.856
<v Nadia>That's a huge sweet spot that gets ignored. Not everyone needs Kubernetes, but everyone outgrows bash scripts at some point. Good to have options in that gap.

27
00:02:19.856 --> 00:02:26.531
<v Marcus>Alright, quick hits. A DIY FPGA board running Quake II — because of course. Someone's running a Tesla Model 3 computer on a desk from crashed car parts. And the Supreme Court sided with Cox in the music copyright fight, which means ISPs are breathing a lot easier today.

28
00:02:26.531 --> 00:02:31.080
<v Nadia>The FPGA Quake thing is peak hacker culture and I'm here for it. And that Cox ruling is actually significant — it changes the liability picture for ISPs around subscriber infringement.

29
00:02:31.080 --> 00:02:34.442
<v Marcus>Also, 'Enforcing Bedtime on a Home Network with OpenBSD and pf' hit Hacker News, which is the most parent-engineer thing I've ever seen.

30
00:02:34.442 --> 00:02:36.469
<v Nadia>That is incredible. Only on HN would bedtime enforcement involve packet filtering.

31
00:02:36.469 --> 00:02:44.133
<v Marcus>Okay, here's your takeaway for the week. The Claude Code ecosystem is developing its own meta-layer fast — multi-agent orchestration, cognitive architectures, and usage data all in the same week. Stop treating AI coding tools as single-agent autocomplete and start architecting for coordinated agent workflows.

32
00:02:44.133 --> 00:02:49.004
<v Nadia>And on the security side, the LiteLLM attack is your reminder that AI middleware is now a first-class attack surface. Audit your LLM proxy dependencies this weekend. Not next sprint — this weekend.

33
00:02:49.004 --> 00:02:52.613
<v Marcus>That's the briefing for March 27th. Links to everything we talked about are in the show notes. If any of this was useful, share it with your team.

34
00:02:52.613 --> 00:02:55.1000
<v Nadia>Go clone that oh-my-claudecode repo, audit your LiteLLM setup, and maybe build an FPGA Quake board while you're at it. See you next time.
