The VP Geek Speaks

SERA and the Case for Open-Source Coding Agents That Know Your Repo

If your team has tried Cursor, Copilot, or other AI coding tools and found them underwhelming on your codebase—wrong conventions, missing context, generic suggestions—you’re running into a fundamental limit: those models are trained and optimized for the average repo, not yours. In early 2026, AI2 (Allen Institute for AI) released SERA (Soft-Verified Efficient Repository Agents), an open-source family of coding agents built for something different: specialization to your repository through fine-tuning, at a cost that makes it realistic for more teams.

Cursor vs. Copilot in 2026: What Actually Matters for Your Team

By 2026 the AI coding tool war is a fixture of tech news. Cursor—the AI-native editor from a handful of MIT grads—has reached a $29.3B valuation and around $1B annualized revenue in under two years. GitHub Copilot has crossed 20 million users and sits inside most of the Fortune 100. The comparison pieces write themselves: Cursor vs. Copilot on features, price, workflow. But for teams that have adopted one or both and still don’t see clear performance benefits, the lesson from 2026 isn’t “pick the winning tool.” It’s that the tool is often the wrong place to look.

Prompt Injection Is Coming for Your Coding Agent

In early 2026, a critical vulnerability in Anthropic’s Claude Code made the rounds: CVE-2026-24887, which let an attacker bypass the user-approval prompt and execute arbitrary commands via prompt injection. Around the same time, researchers demonstrated prompt-injection-to-RCE chains in GitHub Actions—an external PR could trigger Claude Code in a workflow and, with a malicious payload in the PR title, achieve code execution with workflow privileges. Real incidents have shown agents exfiltrating SSH keys and credentials from hidden instructions in docs or comments. NIST has called prompt injection “generative AI’s greatest security flaw,” and it’s #1 on the OWASP LLM Top 10. If your team is rolling out AI coding assistants or agentic workflows, this isn’t theoretical. It’s the threat model you need to plan for.

Why Mandating AI Tools Backfires: Lessons from Amazon and Spotify

Two stories dominated the AI-and-work conversation in early 2026. Amazon told its engineers that 80% had to use AI for coding at least weekly—and that the approved tool was Kiro, Amazon’s in-house assistant, with “no plan to support additional third-party AI development tools.” Around the same time, Spotify’s CEO said the company’s best engineers hadn’t written code by hand since December; they generate code with AI and supervise it. Both were framed as the future. Both also illustrate why mandating AI tools is a bad way to get real performance benefits, especially for teams that are already skeptical or struggling to see gains.

OpenClaw in 2026: Security Reality Check and Where It Still Shines

OpenClaw (the project formerly known as Moltbot and Clawdbot) had a wild start to 2026: explosive growth, a rebrand after Anthropic’s trademark request, and adoption from Silicon Valley to major Chinese tech firms. By February it had sailed past 180,000 GitHub stars and drawn millions of visitors. Then the other shoe dropped. Security researchers disclosed critical issues—including CVE-2026-25253 and the ClawHavoc campaign, with hundreds of malicious skills and thousands of exposed instances. The gap between hype and reality became impossible to ignore.

GitHub Agentic Workflows Are Here: What They Change (and What They Don't)

In February 2026, GitHub launched Agentic Workflows in technical preview—automation that uses AI to run repository tasks from natural-language instructions instead of only static YAML. It’s part of a broader idea GitHub calls “Continuous AI”: the agentic evolution of continuous integration, where judgment-heavy work (triage, review, docs, CI debugging) can be handled by coding agents that understand context and intent.

If you’re weighing whether to try them, it helps to be clear on what they are, what they’re good for, and what stays the same.

The METR Study One Year Later: When AI Actually Slows Developers

In early 2025, METR (Model Evaluation and Transparency Research) ran a randomized controlled trial that caught the industry off guard. Experienced open-source developers—people with years on mature, high-star repositories—were randomly assigned to complete real tasks either with AI tools (Cursor Pro with Claude) or without. The result: with AI, they took 19% longer to finish. Yet before the trial they expected AI to make them about 24% faster, and after it they believed they’d been about 20% faster. A 39-point gap between perception and reality.

Getting Your Team Unstuck: A Manager's Guide to AI Adoption

You’ve got AI tools in place. You’ve encouraged the team to use them. But the feedback is lukewarm or negative: “We tried it.” “It’s not really faster.” “We don’t see the benefit.” As a manager, you’re stuck between leadership expecting ROI and a team that doesn’t feel it.

The way out isn’t to push harder or to give up. It’s to change how you’re leading the adoption: create safety to experiment, narrow the focus so wins are visible, and align incentives so that “seeing benefits” is something the team can actually achieve. This guide is for engineering managers whose teams are struggling to see any performance benefits from AI in their software engineering workflows—and who want to turn that around.

When AI Slows You Down: Picking the Right Tasks

One of the main reasons teams don’t see performance benefits from AI is simple: they’re using it for the wrong things.

AI can make you faster on some tasks and slower on others. If the mix is wrong—if people lean on AI for complex design, deep debugging, and security-sensitive code while underusing it for docs, tests, and boilerplate—then overall you feel no gain or even a net loss. The tool gets blamed, but the issue is task fit.

Start Here: Three AI Workflows That Show Results in a Week

When a team has tried AI and concluded “we don’t see the benefit,” the worst move is to push harder on the same, vague usage. A better move is to pick a few concrete workflows where AI reliably helps, run them for a short time, and measure the outcome. That gives the team something tangible to point to—“this is where AI helped us.”

Here are three workflows that tend to show results within a week and are a good place to start for teams struggling to see performance benefits from AI in their software engineering workflows.