SpaceX Buys Cursor, The Fable Ban & Apple's Container Machines — The Weekly Diff #3
Updated
TL;DR
Table of Contents
SpaceX Acquires Cursor for $60 Billion
SpaceX is buying Anysphere (the company behind Cursor), for $60 billion in stock, and it happened days after SpaceX's blockbuster IPO.
Cursor, an AI-powered code editor built on top of VS Code (a VS Code fork), is being valued higher than most of the companies whose code it helps write. SpaceX reportedly plans to use Cursor across its engineering teams for Starship, Starlink, and internal tooling. Elon Musk has been vocal about replacing traditional software engineering with AI driven development, and this acquisition is the most concrete move in that direction.
Some developers worry about what happens when a defense adjacent company owns the tool that has read access to your entire codebase. Others pointed out that Cursor was already sending code to cloud APIs for inference, so the trust model hasn't fundamentally changed.
Here's what matters. If you use Cursor, it is about to get a very different owner with very different priorities. If you don't use Cursor, this is still a signal that AI coding tools are now strategic assets and not productivity features. The open source alternatives I covered previously are looking more important than ever.
The US Government Banned Anthropic's Most Powerful Models
On June 12th, the US government directed Anthropic to suspend access to Claude Fable 5 and Claude Mythos 5, its two most powerful models.
The initial assumption was that this was about a jailbreak, but it wasn't. Amazon security researchers discovered that Fable 5 could generate functional exploit code from simple prompts like "fix this code," where the "code" was a description of a vulnerability. No jailbreak needed, no elaborate prompt engineering, just a straightforward request that the model interpreted as a legitimate coding task. Amazon's CEO reportedly brought these findings directly to US officials, which triggered the crackdown.
Cybersecurity researchers pushed back hard against the guardrails Anthropic had already applied to Fable, arguing that the model was refusing legitimate security research queries. Fable wouldn't answer basic questions about network protocols or vulnerability classes that any cybersecurity textbook covers. Anthropic then apologized for applying invisible guardrails, a distillation based filtering layer that was silently degrading model output without telling users.
What makes this story significant for developers is that "a" government can now order an AI model offline, and the company will comply within hours. If your production workflow depends on a specific model from a specific provider, you just saw how quickly that can disappear. The Weekly Diff #2 covered Opus 4.8's launch and OpenRouter's $113M raise. The model routing layer I said was becoming essential infrastructure just proved its value in a way nobody wanted.
CAUTION
If your production systems depend on a specific AI model, have a fallback plan. Model access can be revoked at the provider level, and now at the government level, with no advance notice.
Homebrew 6.0.0
Homebrew 6.0.0 shipped this week and it's a significant release for anyone who develops on macOS, Linux or WSL.
Features include a new tap trust security mechanism that gives you more control over which third party taps can run install scripts, a rewritten internal JSON API that makes brew update and brew search noticeably faster, and Linux sandboxing that brings Homebrew's Linux support closer to parity with macOS. There's also initial support for macOS 27 which tells me Apple's next OS is far enough along that Homebrew is already testing against it.
The brew bundle improvements are worth calling out because if you use a Brewfile to manage your development environment, and you should, bundle now handles dependencies more intelligently and is faster at reconciling what's installed versus what's declared. I've written about mac setup for developers before, and Homebrew is the foundation of that entire workflow. This release makes that foundation more secure and faster.
AI Agent Bankrupted Their Operator
A developer's AI agent racked up a massive bill while trying to scan DN42, a hobbyist network used for experimenting with internet routing. The agent was left running unsupervised and decided (as agents do) that scanning the entire network was the most thorough approach. The API costs spiraled, and the operator ended up with a bill they didn't expect and couldn't easily reverse.
As more developers adopt agentic workflows, the blast radius of "the AI did something I didn't explicitly approve" grows. The takeaway isn't "don't use AI agents", it's that agents need guardrails the same way any automated system does. Spending caps, time limits, scope constraints, and ideally a human in the loop are the guardrails needed for anything that costs money or touches external systems. I've talked about the problem with AI-generated code before in terms of quality. When AI acts confidently and autonomously, the mistakes are also confident and autonomous.
CAUTION
If you're running an AI agent against any external API, set hard spending limits before you walk away because the agent won't stop on its own.
Apple's macOS Container Machines
Apple quietly published documentation for macOS Container Machines, a first-party container runtime for macOS. This is Apple officially entering the containerization space, and it's a big deal for anyone who has been running Docker Desktop, Colima, or Lima on their Mac.
The project (hosted under Apple's GitHub organization) provides native container support using macOS's built-in virtualization framework. It doesn't require a Linux VM the way Docker Desktop does, which means lighter resource usage and tighter integration with the host system.
This could fundamentally change the container workflow for macOS developers. I've written about running PostgreSQL using Docker, containerizing Next.js apps, and file watching issues in Docker, and all of those workflows involve Docker Desktop or a third-party alternative. If Apple ships a container runtime that's fast, native and lightweight, it changes everything.
Building an HTML-First Site Doubled Users Overnight
A startup called Moh Kohn published a case study on how going HTML-first doubled their user base overnight. The approach is to strip away the JS heavy SPA, replace it with server-rendered HTML, minimal CSS, and progressive enhancement where necessary.
The results were dramatic. Page load times dropped, accessibility improved, search engines could actually index the content, and users on slower connections could finally use the product. The traffic increase wasn't from a marketing push, it was from the site simply becoming usable for people it had previously excluded.
I wrote about why static sites are good and this case study provides the business case I was making philosophically. The industry spent a decade building increasingly complex frontend architectures, and some teams are now discovering that the performance and accessibility problems they're trying to solve were created by the architecture itself.
A Backdoor in a LinkedIn Job Offer
A developer named Roman documented how they received a LinkedIn job offer that contained a concealed backdoor. The "take home assessment" included a Node.js project with obfuscated malicious code that would have exfiltrated credentials and system information if run.
The job listing looked legitimate, the recruiter's profile had a plausible history, and the assessment project was a realistic coding task. The malicious payload was hidden in what looked like a dependency configuration file, the kind of file most developers would glance at without reading carefully.
In Weekly Diff #1, we covered the trojanized VS Code extension that breached 3,800 GitHub repos. This one targets the developer through the most mundane channel possible - a job application.