WEBVTT NOTE The Rundown — nextbig.dev daily audio edition, 2026-05-18 1 00:00:00.000 --> 00:00:08.257 Hey everyone, welcome to Builder's Briefing for May 18th, 2026. I'm Alex, joined as always by Sam. We've got a packed show today — AI coding agents are getting their own package management ecosystem, there's a spicy BitLocker backdoor claim, and some really sharp takes on why AI isn't actually making your team faster. 2 00:00:08.257 --> 00:00:11.440 Yeah, it's one of those weeks where you can feel the ground shifting under the tooling landscape. Really excited to dig in. 3 00:00:11.440 --> 00:00:19.153 So the big story — the number one trending repo this weekend is agent-skills from Tech Leads Club. Think of it as npm but for AI coding agent behaviors. It's a validated, secure skill registry that works with Claude Code, Cursor, Copilot, and others. Over forty-six hundred engagement and climbing. 4 00:00:19.153 --> 00:00:27.669 That's interesting because up until now, everyone's been duct-taping their agent setups together — custom instructions, AGENT.md files, random prompt snippets scattered everywhere. This actually gives you a proper registry to publish, discover, and compose those skills with real validation before anything runs in your codebase. 5 00:00:27.669 --> 00:00:33.777 Right, and what's wild is it's not just one project. There's also sx, a package manager specifically for AI coding assistants, and OpenCLI with AGENT.md integration. You're looking at a full ecosystem forming around agent extensibility. 6 00:00:33.777 --> 00:00:41.775 This reminds me exactly of the VS Code extension story. Text editors were just text editors until you could compose them from a marketplace of capabilities. The teams that publish validated skills early into these registries are going to own developer muscle memory the same way popular npm packages do today. 7 00:00:41.775 --> 00:00:46.356 Totally. If you're building developer tools or internal agent workflows, start packaging your agent configs as reusable skills now. Links in the briefing for all three projects. 8 00:00:46.356 --> 00:00:53.733 Alright, shifting to AI and models. There's a great piece by Frederick Van Brabant that sparked a two hundred sixty comment debate on Hacker News — the core argument is that AI accelerates execution, but it doesn't speed up the messy human coordination that actually bottlenecks teams. 9 00:00:53.733 --> 00:01:00.747 Oh, this one hit home for me. I've seen teams throw AI at everything expecting a ten-x speedup, and then they're still stuck waiting three days for someone to approve a design decision. The bottleneck was never typing speed — it was handoff friction and decision latency. 10 00:01:00.747 --> 00:01:07.994 And speaking of reframing AI, Gruber over at Daring Fireball crystallized something a lot of builders already feel — AI as a standalone product is a shaky bet. AI as infrastructure embedded in existing workflows is what's durable. Build the integration layer, not another chatbot. 11 00:01:07.994 --> 00:01:15.034 That pairs nicely with the enterprise pricing story too. Per-seat AI pricing is quietly creating massive, unpredictable cost exposure. If you're doing B2B with AI, usage-based or outcome-based pricing is going to win. Enterprises are already getting burned on seat models. 12 00:01:15.034 --> 00:01:22.436 One more on the AI side — there's a detailed energy cost analysis showing that running LLMs locally on Apple Silicon actually costs more per token than routing through cloud APIs like OpenRouter. So if you've been justifying local inference on cost alone, you need to recheck that math. 13 00:01:22.436 --> 00:01:27.302 Right, the real arguments for local are privacy and latency, not cost. Which probably means most teams should be thinking hybrid — local for sensitive workloads, cloud for everything else. 14 00:01:27.302 --> 00:01:33.437 Okay, dev tools. OpenCLI is really cool — it wraps websites, Electron apps, and local binaries behind a standardized command-line interface so AI agents can use tools that don't have APIs. It's open source with built-in AGENT.md support. 15 00:01:33.437 --> 00:01:38.510 That solves such a real problem. Half the tools I use day-to-day have no API surface whatsoever. If my agent can just interact with them through a CLI wrapper, that's a huge unlock for automation. 16 00:01:38.510 --> 00:01:44.023 Also trending — Zerostack, a coding agent written in pure Rust following Unix philosophy. Three hundred thirteen Hacker News points. Small composable tools, pipes, plain text. No Node or Python runtime dependency. 17 00:01:44.023 --> 00:01:50.053 And the Tokio team shipped Toasty, an async ORM for Rust. That's a big signal that the Rust web ecosystem is maturing fast. If you've been grinding through raw sqlx queries, there's finally a proper query builder that's async-native. 18 00:01:50.053 --> 00:01:56.084 Now let's talk security because this one's a big deal. A security researcher claims Microsoft built a deliberate backdoor into BitLocker and has published a working exploit. Three hundred seventy-five Hacker News points and climbing. 19 00:01:56.084 --> 00:02:02.141 Wow. If your product or infrastructure relies on BitLocker for disk encryption, you need to re-evaluate your threat model right now. Even if the 'deliberate' framing ends up being debatable, a published exploit is a published exploit. 20 00:02:02.141 --> 00:02:08.482 Agreed. Link in the briefing. Also worth noting — Osmedeus is trending, it's an automated security orchestration engine that handles recon, vulnerability scanning, and reporting. Could replace a lot of custom scripting in your security pipeline. 21 00:02:08.482 --> 00:02:16.609 Quick hits before we wrap. There's a great two hundred fifty-seven point essay on Hacker News about how we've made the world too complicated. Someone converted an eighty dollar Android tablet into a Debian Linux workstation. There's a surprisingly good Prolog tutorial that uses Pokémon to teach logic programming. 22 00:02:16.609 --> 00:02:22.743 Oh, and someone's hosting a website on an eight-bit microcontroller, which is just pure chaotic energy that I love. Also the WHO declared the Ebola outbreak a global health emergency — that's obviously the serious note in the quick hits. 23 00:02:22.743 --> 00:02:32.035 So the big takeaway this week — AI coding agents are getting their own package management layer. Agent-skills, sx, and OpenCLI all point the same direction. Agent capabilities are becoming composable, versioned, and shareable. If you're in the developer tools space, publishing reusable skills into these registries is going to be a real distribution channel. 24 00:02:32.035 --> 00:02:36.539 And on the infrastructure side, think hybrid for inference. Local for privacy, cloud for cost efficiency. The Apple Silicon analysis should settle that debate for most teams. 25 00:02:36.539 --> 00:02:40.784 That's your Builder's Briefing for May 18th. All the links and project repos are in the show notes. If something here sparked an idea, go build it before next week. 26 00:02:40.784 --> 00:02:42.000 See you next time, folks. Ship something great.