MasterMindMandan - Field Report

Saturday, January 18, 2026 | Scan ID: 20260118
URGENT - Action Required
SECURITY AI IDE Extension Supply Chain Attack
Cursor, Windsurf, and Google Antigravity were recommending non-existent extensions from OpenVSX registry, allowing attackers to claim namespaces and upload malicious code. Cursor fixed Dec 2025, Google fixed Jan 1, 2026. Verify your extensions are from trusted sources.
Source: BleepingComputer | The Hacker News
DEPRECATION Gemini 2.5-flash-image-preview Shut Down
Model was shut down on January 15, 2026. If you have any integrations using this model, migrate immediately to Gemini 3 Flash.
Source: Gemini API Changelog
NEW - Worth Exploring
RUNTIME Bun 1.3 - Full Stack + Unified DB API Bun
Bun.SQL - unified API for MySQL, MariaDB, PostgreSQL, SQLite with zero dependencies. Zero-config frontend - run HTML files directly with HMR and React Fast Refresh built-in. bun update --interactive for selective dependency updates. Response.json() is 3.5x faster, 15% faster async/await.
Source: InfoQ | Bun Blog
CLI Codex CLI 0.86.0 - Skills + Web Search OpenAI
Agent Skills - reusable instruction bundles invoked with $skill-name syntax. Web search - Codex can now search the internet for docs and solutions. SKILL.toml metadata for skill config. Multi-conversation agent control for spawning/messaging other conversations.
Source: Codex Changelog | OpenAI Blog
MODEL GPT-5.2-Codex Released OpenAI
New agentic coding model optimized for long-horizon context, big refactors, Windows performance, and cybersecurity. Now the default model for Codex CLI and IDE extensions.
Source: OpenAI
CLI Gemini CLI v0.24.0 - Skill Creator + PR Creator Google
Built-in skill-creator and pr-creator skills. Dynamic mode-aware policy evaluation. Refined Gemini 3 system instructions to reduce model verbosity.
Source: Gemini CLI Changelog
MODEL Gemini 3 Flash Preview Available Google
Pro-grade reasoning at Flash-level speed and lower cost. Available via Gemini API, Google AI Studio, Vertex AI, Gemini CLI, and Android Studio. Good for coding, complex analysis, and interactive apps.
Source: Google Blog
API Gemini API - 100MB File Uploads + Cloud Storage Google
File size limit increased from 20MB to 100MB. Now supports Cloud Storage buckets and pre-signed URLs as data input sources.
Source: Gemini API Changelog
NOTED - Awareness Only
MARKET Google Antigravity Benchmarks
SWE-bench: Antigravity 76.2%, Cursor ~77%, Windsurf similar. All significantly outperform standalone models. Antigravity's "Manager View" runs 5 parallel agents with Chrome integration.
Source: Digital Applied
MARKET Anthropic Seeking $350B Valuation
Anthropic seeking $10B funding at $350B valuation. Revenue grew from $1B to $5B+ in eight months. "Do more with less" strategy focusing on algorithmic efficiency over raw compute.
Source: CNBC
POLICY Anthropic Third-Party Harness Crackdown
OAuth-based wrappers that pilot Claude Pro/Max accounts for automation are being actively blocked. Ensure any automation uses official APIs, not consumer account automation.
Source: VentureBeat
BILLING Gemini 3 Grounding with Google Search
Billing for Grounding with Google Search began January 5, 2026. Factor into cost projections if using this feature.
Source: Gemini API Changelog
MANDAN'S PICKS - Adopt Immediately
1. Bun 1.3 with Bun.SQL
Unified database API means one syntax for all your DB needs. Zero-config frontend dev eliminates build tooling overhead. The performance gains (3.5x faster Response.json) compound across every request.
2. Codex CLI Web Search
Enable web search in Codex to get real-time documentation and solutions. Combines well with the skill system for domain-specific workflows.
3. Audit AI IDE Extensions
The OpenVSX supply chain vulnerability is patched, but review your installed extensions. Remove any you don't recognize or actively use.