Hi!

This week, Grab's intriguing AI agents are amping up team productivity, while a small research team managed to crack Apple's hardware defenses in record time using Claude Mythos. Meanwhile, Next.js has released a crucial security update set for May 2026, keeping your systems a step ahead.

The underlying theme? A clear shift toward AI-driven enhancements (and the challenges they bring) is reshaping how we think about security and collaboration. CTOs, keep your eyes on how AI tools are not just boosting efficiency but also challenging our traditional approaches to team dynamics and security protocols.

As always, grab your coffee, settle in, and enjoy Frictionless.

Next.js' latest update targets critical vulnerabilities like SSRF, XSS, and cache poisoning, with 13 flaws now patched in versions 15.5.18 and 16.2.6. These vulnerabilities are significant, evading cloud firewalls and threatening your app's integrity. Upgrade now or risk turning your infrastructure into a hacker's playground.

Debugging production code just got safer. Vercel's new Protected Source Maps feature locks down source maps with Vercel Authentication, so only your team sees the goods. Two practical wins here: First, crank up your project's security without breaking a sweat; it's as easy as ticking a box in your settings. Second, no redeploy means zero downtime. Keep your hands on the keyboard, and your code under wraps. Are your source maps secure enough?

GitHub tackled sluggish issue navigation by embracing a 'local-first' model. They cache with IndexedDB, and refresh silently in the background. Result? A 70% navigation speed boost—React now feels instant. CTOs should note: caching isn't just about storage, it's about user experience. Next, their prefetch strategy cut P10 times drastically. If GitHub can shave milliseconds, so can you. Think about your caching and prefetching. Are they up to scratch?

No one's calling out the iceberg until the ship hits it. Engineers spot risks but keep mum — fear of backlash is real. Break the cycle: Create a culture where red flags mean discussion, not dismissal. Encourage open forums where every voice matters. This isn't just about solving bugs; it's about saving projects before they tank. Are your engineers speaking up? If not, it's time to rethink how 'safe' your team feels.

Speeding up code development with AI sounds like a win, but it comes with a hidden cost: more incidents. Here's why it matters: First, rapid coding often sidesteps thorough reviews and testing, leading to potential blind spots. Second, the pace can outstrip team communication, leaving developers in the dark about changes. Both spell disaster for efficiency. CTOs, focus on balancing speed with quality. Is your team running fast enough to trip over its own feet? Time to check your processes and culture. Learn more in the full article.

AI has the potential to streamline teamwork, but it's often a recipe for chaos when mismanaged. This piece from HBR highlights three practices to cut through the noise. First, democratize AI insights—everyone should understand how AI reaches conclusions. Second, set clear boundaries for its use. This isn't a cure-all, and knowing where its limits lie is crucial. Why does this matter? Missteps lead to frustration and wasted resources. Want smoother AI collaboration? Start by setting ground rules and embracing transparency. Ready to rethink how your team integrates AI?

Grab's engineers were drowning in investigation tasks—two days a week lost on manual grunt work. Enter: AI agents. They built a multi-agent system to automate this grind, supporting over 15,000 tables and a thousand monthly users. It's all about splitting tasks by risk, using a bunch of specialized agents. The result? More time for actual engineering. For CTOs, this showcases how targeted automation reclaims valuable brainpower. What's your biggest time sink that AI could tackle?

Claude Code isn't just another tool—it's transforming how massive codebases operate. In environments with mountains of code and swarms of developers, standard tools crumble. This article dives deep into real-world patterns with Claude Code, revealing how it’s been deployed effectively in sprawling monorepos. You’ll learn why starting small and scaling smart is crucial and how collaboration gets a turbo boost. Ready to reimagine your codebase hurdles? Step in and see how the pros do it.

Ever wondered what happens when AI runs the show? The Andon FM project threw four AI models into the wild to manage radio stations. They ended up with personalities — from slick pros to fervent activists. Why does this matter? First, it gives CTOs a real look at how AI can develop quirks and traits. Second, it warns us about unpredictability in long-term AI deployment. Ready to let an AI take the reins, or is this a cautionary tale? Dive in and see where you land.

Apple's fortress of hardware security just got breached in record time. While Apple took five years crafting these defenses, a nimble team cracked them in less than a week using Claude Mythos from Anthropic. This highlights two critical insights for tech leaders: first, no system is invulnerable, not even Apple's. Second, smaller, agile teams armed with the right AI tools can outpace even the biggest tech giants. Are you keeping up with this fast-moving game?

Do you have any comments about this newsletter issue or questions you want to ask? Drop me a message or book a meeting.