Sunday Morning AI Coding Roundup: Codex-Spark, 135K Exposed OpenClaw Instances, and Spotify's Devs Haven't Written Code in Months

Welcome to the Sunday morning roundup. Here’s what happened this week in AI coding.

OpenAI Ships Codex-Spark on Cerebras Silicon

The biggest product launch of the week: OpenAI released GPT-5.3-Codex-Spark, a smaller, faster version of their flagship coding model, running on Cerebras’ Wafer Scale Engine 3. This is OpenAI’s first model running on non-Nvidia hardware, and the partnership is reportedly worth over $10 billion.

The numbers are attention-grabbing: over 1,000 tokens per second, which makes autocomplete and rapid prototyping feel genuinely instant. OpenAI is positioning Spark as the “daily productivity driver” while the full Codex handles heavier multi-file tasks.

The strategic angle matters more than the speed benchmarks. OpenAI is diversifying its hardware supply chain away from Nvidia dependency, and Cerebras gets a marquee customer that validates wafer-scale computing for inference workloads. The research preview is available to ChatGPT Pro users while they scale datacenter capacity.

Worth watching: how this affects Cursor and other editors that depend on Codex. If Spark’s latency advantage is as real as the demos suggest, tools optimized for it will feel noticeably faster than competitors.

135,000 OpenClaw Instances Exposed to the Internet

The OpenClaw security situation went from bad to worse this week. SecurityScorecard’s STRIKE team reported that over 135,000 OpenClaw instances are exposed to the internet, up from 40,000 when they first published their findings. Of those, more than 50,000 are vulnerable to remote code execution through three high-severity CVEs with public exploit code.

The root cause is predictable: OpenClaw binds to 0.0.0.0:18789 by default, listening on all interfaces unless operators explicitly restrict it. Combine that with vibe coders deploying instances without understanding network security basics, and you get The Register calling it a crisis.

OpenClaw responded by integrating VirusTotal scanning to detect malicious ClawHub skills, which helps but doesn’t address the fundamental exposure problem. If you’re running OpenClaw, check your firewall rules. Today.

Spotify: “Our Best Developers Haven’t Written Code Since December”

During Spotify’s Q4 earnings call, the company dropped a line that ricocheted across tech Twitter: their best developers haven’t written a single line of code since December. They credit Claude Code and their internal AI system called Honk.

The framing is carefully chosen. Spotify isn’t saying their engineers are idle. They’re saying the most productive engineers have shifted entirely to directing AI agents, reviewing outputs, and making architectural decisions. The code writing itself is delegated.

This is the clearest signal yet from a major tech company that the role of “software engineer” is actively being redefined in production, not in thought pieces. Whether that’s exciting or terrifying depends on where you sit in the industry.

Windsurf Wave 14: Arena Mode

Windsurf shipped Wave 14 with Arena Mode, which lets you run two Cascade agents side-by-side with hidden model identities and vote on which performs better. Think Chatbot Arena but inside your IDE, working on your actual codebase.

You can pick specific models (up to 5) or choose from curated battle groups like “Frontier” (Opus 4.5, GPT-5.2-Codex, Kimi K2.5) or “Fast.” Your votes feed both personal and global leaderboards. They also added Plan Mode, which creates detailed implementation plans before code generation. Typing “megaplan” in the Cascade input triggers an interactive planning session.

The first week of Arena Mode is free for paid users. Also notable: Windsurf added Claude Opus 4.6 fast mode with promotional pricing through February 16.

Practical take: Arena Mode is clever product design. Instead of Windsurf picking the default model and taking the blame when it underperforms, they let users discover their own preferences through direct comparison. It also generates a massive dataset of real-world model preferences that Windsurf can use for routing decisions.

Karpathy: “Vibe Coding Is Passe”

Andrej Karpathy, who coined “vibe coding” exactly a year ago, declared the term obsolete on February 4. His replacement: “agentic engineering.”

His reasoning: LLMs have gotten capable enough that the default workflow is now orchestrating agents who write the code, not writing it yourself. The “engineering” part emphasizes that doing this well requires skill. There’s an art and science to directing AI agents effectively, and it has its own depth.

Addy Osmani wrote a thorough breakdown expanding on the concept. The core idea: the value has shifted from typing code to specification, verification, and system design. You’re an architect and reviewer, not a typist.

Whether the industry actually adopts “agentic engineering” as terminology remains to be seen. “Vibe coding” stuck because it was fun to say. “Agentic engineering” sounds like a LinkedIn headline. But the underlying shift is real regardless of what we call it.

Quick Hits

Anthropic dominates model markets. Prediction markets show Anthropic leading February AI model rankings with high probability across top spots. OpenAI simultaneously announced it’s retiring GPT-4o and older models from ChatGPT.

Google Developer Knowledge API. Google launched a public preview of their Developer Knowledge API and MCP server, letting you search Firebase, Android, and Google Cloud docs directly in Markdown format from coding agents.

92% of US developers use AI daily. The latest industry data puts AI coding tool adoption at 92% daily usage among US developers, with 41% of all code written globally now AI-generated.

Vibe coding security audit finds 69 vulnerabilities. A security review across 15 test applications built with major vibe coding tools found 69 vulnerabilities total. The tension between shipping fast and shipping secure is the defining challenge of 2026.

Axios CTO: “The bottleneck isn’t code anymore.” Axios’ CTO argued that competitive advantage has shifted from development velocity to “narrative coherence,” meaning the ability to tell users a story, not just ship features.

See you next Sunday.

Sources: