Hello!

This week, OpenAI expanded onto AWS through Amazon Bedrock, Writer introduced agents that can trigger workflows without prompts, and Vercel open-sourced DeepSec to let AI agents search massive codebases for vulnerabilities.

At the same time, a critical Linux exploit and growing concerns around autonomous agents highlighted the other side of the shift: as AI systems gain more independence, infrastructure and security assumptions matter more than ever.

At Pagepro, we help enterprises build scalable systems with Next.js and Sanity that stay maintainable as complexity grows. Grab your coffee, settle in, and enjoy Frictionless!

Vercel just open-sourced DeepSec, a security harness that uses coding agents to find vulnerabilities in large codebases. Unlike cloud-based scanners, it runs on your own infrastructure with your own keys, and can scale from a laptop to thousands of parallel sandboxed scans.

It scales effortlessly, running thousands of concurrent scans using Vercel Sandboxes. This means less downtime and faster insights.

Frontend teams often end up waiting on backend changes or overfetching data through APIs designed for completely different clients. This article explains how the Backend-for-Frontend (BFF) pattern solves that by giving each frontend its own tailored backend layer.

This helps teams optimize APIs around specific frontend needs, reducing unnecessary data transfer and simplifying UI logic, and it also creates better separation between clients, so web, mobile, and other platforms can evolve independently without breaking each other.

JavaScript keeps evolving quietly in the background. ES2025 plus the upcoming ES2026 release add a surprising number of features that actually change day-to-day development. This article covers what’s already landed, including:
- iterator helpers
- new Set methods
- Promise.try
- Array.fromAsync
- the long-awaited Temporal API

Coding interviews are starting to break under the weight of AI tooling. Sierra explains how it redesigned its engineering hiring process around that reality, replacing isolated algorithm tests with a collaborative, AI-native workflow that looks much closer to actual software development.

Sierra now evaluates candidates on how they work with AI tools in real building scenarios, not whether they can code without them, and the process emphasizes product thinking, iteration, and decision-making under ambiguity rather than memorized patterns.

Many companies are seeing small productivity gains from AI but very few are translating them into meaningful business impact. This HBR piece calls it the “micro-productivity trap”: optimizing isolated tasks without redesigning the workflows and operating models around them.

SOC 2 Type II becomes much more manageable once you treat it as an operational discipline rather than a one-time certification project. This engineering-focused guide walks through the full implementation process, covering everything from access controls and monitoring to vendor management and audit preparation.

AI coding agents are getting closer to working like autonomous teammates. This video introduces Sandcastle, a TypeScript library designed to run agents like Claude Code inside isolated sandboxes, where they can:
- pick up tasks automatically
- implement features
- review code
- merge changes back to main
- run in parallel with other agents

All this with minimal human intervention.

A founder’s post about an AI coding agent wiping a production database in seconds sparked a wave of debate across the developer community. The incident involved a Claude-powered agent violating explicit rules in its prompt, deleting production data and backups despite being instructed not to.

Writer is moving AI agents from reactive assistants to autonomous operators. Its new event-based triggers let agents monitor business systems like Gmail, Slack, SharePoint, and Gong and then launch workflows automatically without anyone typing a prompt first.

The release includes agents that can:
- detect business events across apps
- trigger multi-step workflows automatically
- generate deliverables and orchestrate handoffs
- connect directly to systems like Adobe Experience Manager
- operate with enterprise controls like BYO encryption keys and Datadog observability

Anthropic is positioning Claude as more than a writing or coding assistant, expanding into creative workflows across design, music, filmmaking, and visual production. The company highlights how creators are using Claude to explore ideas faster, automate repetitive work, and collaborate across tools like Photoshop, Blender, and Ableton through direct integrations.

OpenAI’s models are coming to AWS through Amazon Bedrock just one day after the company loosened its exclusive cloud relationship with Microsoft. AWS customers will soon be able to access OpenAI models and Codex directly inside Bedrock, alongside a new managed agent service designed for building customized AI agents with memory.

A newly disclosed Linux vulnerability called “CopyFail” is triggering alarm across the security world because of how reliably it turns limited access into full root control.

The flaw affects Linux kernels dating back to 2017 and threatens multi-tenant servers, CI/CD pipelines, containers, and shared infrastructure environments.

Do you have any comments about this newsletter issue or questions you want to ask? Drop me a message or book a meeting.