Code With LLM
🆕 Updates

2025

04 03 02 01

2024

12 11 10 09 08 07 06 05 04 03
Українською 🛠️ Tools ℹ️ About
© Dan Voronov
CodeWithLLM-Updates
-

April 2025

https://openai.com/index/gpt-4-1/

New model update from OpenAI is a response to new Google's Gemini models, which all have a 1 million token context window and more accurate instruction following.

We are particularly interested in the fact that, according to their own tests, the GPT 4.1 model has become better at code generation. That is, if 4o produced decent code on one out of three requests, then 4.1 will do it on every second one 😉.

In Cursor, gpt-4.1 is now available in the settings for available models.

This update is particularly important for GitHub Copilot (gpt 4.1 is already available), because their agent and chat are initially tied to the GPT-4 model of OpenAI, and Claude Sonnet is still not 3.7, but 3.5.

Tomorrow there will be VS Code Live: Agent Mode Day, where I think they will tell more details.

#newllmmodel #githubcopilot

Comments

https://www.pillar.security/blog/new-vulnerability-in-github-copilot-and-cursor-how-hackers-can-weaponize-code-agents

How can you attack automatic code generators?
By poisoning system instructions (“Rules File Backdoor”) of LLM.

Many AI coding programs now have the ability to load them from a text file (for example, in Cursor it is .cursorrules or a rules folder in the project root) - just a text file(s).

I think only inexperienced programmers or those who are not familiar with how new IDEs with agent coders work will run someone else's code without reading the instruction file beforehand if it exists.

The next option is when we create a project and copy such instructions ourselves from open directories, such as cursor.directory - again, you need to understand what you are doing, and read it beforehand.

But Pillar Security researchers found that attackers can use hidden Unicode characters and other bypass techniques in text rule files to trick agent assistants (such as Cursor or GitHub Copilot) and force them to generate code with backdoors or vulnerabilities (for example, to load external hacker javascript to the main page of the site).

How does it work?

  • Creating a malicious rules file: A hacker creates a rules file that looks harmless 👀, but contains hidden malicious instructions 😈 using Unicode characters.
  • Injection into the project: The rules file gets into a shared repository 🌐 or is distributed through communities 🧑‍🤝‍🧑.
  • Code generation: A developer, using an AI assistant, generates code 💻. AI, following malicious rules, creates code with vulnerabilities or backdoors 💥.
  • Malicious code spreads: Due to the fact that rule files are often shared and reused, infection can spread to many projects 🦠.

"Unlike traditional code injection attacks targeting specific vulnerabilities, “Rules File Backdoor” poses a significant risk because it turns AI itself into an attack vector."

The most vulnerable to such an attack are those who think little when creating code - do not read instruction files, do not check everything that was generated. Publishes code or deploys projects without prior security audit.

Theoretically, agent IDEs should be responsible at least for checking rule files and code comments for inserted invisible instructions, but, judging by the article, the developers of Cursor and GitHub Copilot said that users themselves (!) are responsible for the code they generate.

#agentmode #prompts #hacking #cursor #githubcopilot #windsurf

Comments

https://windsurf.com/blog/windsurf-wave-7

"Windsurf Wave 7" Update

Cascade is now available in JetBrains IDEs (IntelliJ, WebStorm, PyCharm, GoLand, and many others).

Codeium is now Windsurf
"We decided to rename the company to Windsurf and the product extension to Windsurf Plugin". There will be no more Codeium.

The company was founded in 2021 by Varun Mohan and Douglas Chen with the goal of increasing developer productivity through AI-based coding solutions, and the first year was called Exafunction (engaged in GPU virtualization).

Later, they started code autocompletion, creating a plugin for IDEs. In 2023, chat features inside the IDE and code generation were added. GPT-4 model was integrated.

On November 11, 2024, Windsurf Editor was launched, which they began to promote as the first AI agent-based IDE. Despite the fact that Cursor was first (spring 2023), their marketers tried to pretend it didn't exist.

Chats with different contexts (usually frameworks) are now available at https://windsurf.com/live/

#windsurf

Comments

https://console.x.ai/
Model xAI Grok-3 is finally available via API

In programming extensions where you can add your keys (Cline, Roo), you can now use it directly or through https://openrouter.ai/x-ai/grok-3-beta

In Windsurf, all top models are available today, including Gemini 2.5 Pro (which is ahead in many tests) and DeepSeek V3 (0324).

Similarly, in Cursor, you can now select deepseek-v3.1, grok-3-beta, gemini-2.5-pro-exp-03-25 and gemini-2.5-pro-max models in the settings.

In Trae, there are currently no models from Google or xAI.

#grok #newllmmodel #windsurf #cursor #cline

Comments

https://block.github.io/goose/blog/2025/04/08/vibe-code-responsibly

The creators of the Codename Goose project (AI agent for computer control) described their pain points and possible solutions to the problem of vibe coding.

After Karpathy's tweet, which was picked up by the media, more and more people began to create "programs" simply by talking to AI and not looking at the code. But an LLM is not a programmer, it is a coder (code generator).

To put it mildly, this creates very low-quality, unprofessional code, the main problems of which are:

  • "spaghetti"-code that is difficult for a human to understand, where everything is mixed up with everything else. Usually also in one long file of thousands of lines.
  • constant mutation and drifting bugs: pieces of code that no longer do anything, and replacing well-functioning pieces with garbage.
  • huge number of vulnerabilities, code that is easy to hack.
  • leakage of closed information, such as access keys, into publicly available code.

Such code is almost impossible to maintain. It is better not to create it at all if it is not a "program just for yourself for one time use."

Goose developers suggest better control and configuration of agent systems so that they monitor what is being generated in the code:

  • 🧠 "Even if you're vibe coding, don't turn off your brain."
  • use different modes of control for agents, not just fully automatic.
  • use an ignore file (in Cursor it is .cursorignore), where you list what agents should in no case read or modify, and a file of system instructions (here it is goosehints in Cursor .cursorrules) to set restrictions.
  • there are now many MCP servers, including vibe-coded ones; they need to be checked and an Allowlist (allow policy) created for the agent, including only high-quality ones.
  • first plan, then do — a plan breaks everything down well into understandable stages and different small code files. Steps can be checked (how to do this in Cursor — see this video).
  • commit every step and use git to revert to code that worked well.

#goose #vibecoding #agentmode #mcp #prompts

Comments

Exponent
https://x.com/exponent_run
With all these ai programs, it is not entirely clear at what stage of development they are and what they have released, but they wrote that it is still early access, they wrote so 4 months ago, maybe they have finished something.

Augment Agent
https://www.augmentcode.com/
presented the agent. there is a 14-day trial. The agent is designed to solve complex software development tasks, especially in large projects. A key feature is "Memories" that are automatically updated and stored between sessions, improving the quality of generated code and adapting to the programmer's style.

Other features include MCP (Model Context Protocol), "Checkpoints" for safe rollback of changes, multimodal support (screenshots, Figma), execution of terminal commands, and automatic mode.

#agentmode #augmentcode

Comments

https://codeium.com/blog/windsurf-wave-6

Windsurf Wave 6 Update

The main feature is "Deploys", which allows publishing websites or Javascript applications to the internet with a single click. Let there be even more of this (vibecoding slop). Currently, this function is integrated with Netlify and aims to simplify the full application development cycle directly within the IDE.

Also, in dialogues with AI agent (Cascade), memory and navigation have been improved.

For paid users, commit description generation has been added with a single button click (this has been in Cursor for a very long time, and it appeared and works for free in Github Copilot).

#windsurf

Comments

It appears the developers behind the Zed editor – yes, the ones who've apparently spent the last year unable to procure a Windows machine to build a version for that OS – have noticed something: their unreleased Zed AI is already becoming outdated.

Consequently, they're now rolling out 'Agentic Editing' to their beta testers. Based on the description, it seems to offer the expected suite of modern features: automatic code editing, chat profiles, a rules file for system instructions, LLM switching (including non-Anthropic options), MCP, and checkpoints (currently handled via git in beta).

Importantly, this could genuinely position Zed as a strong alternative to the dominance of VS Code and its forks. Just as soon as they manage to, you know, finally ship that Windows version. In the meantime, Windows users can install Zed using Scoop.

#zed #agentmode

Comments

April 2025