HEYTOB

    AI and Developer News: Cursor 3, Gemma 4, and the Axios Supply Chain Attack

    A packed week for AI tooling: Cursor reimagines its interface around agents, Google drops Gemma 4 with vision and audio on-device, and the Axios team reveals how attackers socially engineered their way into a maintainer's machine.

    Tob

    Tob

    Backend Developer

    4 min readAI Engineering
    AI and Developer News: Cursor 3, Gemma 4, and the Axios Supply Chain Attack

    Software development tooling moved fast this week. Three stories stood out: a major Cursor redesign built around agents, Google's latest open model family, and a sobering postmortem on how the Axios supply chain attack actually went down.

    TL;DR: Cursor 3 ships an agent-first workspace with parallel agents, self-hosted cloud agents, and automations. Google releases Gemma 4 as Apache 2.0 with vision and audio running on-device. The Axios supply chain attack was not a simple phishing email — it was a multi-week social engineering campaign targeting a specific maintainer.

    Cursor 3 Pivots the Entire Interface Around Agents

    Cursor rolled out version 3 this week, and it is a significant shift. The team rebuilt their UI from scratch, centering it around an "Agents Window" where you can run multiple agents in parallel across repos, worktrees, cloud sandboxes, and remote SSH targets.

    Key additions:

    • Agents Window — run many agents simultaneously, with cloud agents producing demos and screenshots for you to review
    • Design Mode — annotate UI elements directly in the browser and hand them to an agent for precise fixes
    • Self-hosted Cloud Agents — keep your codebase, build outputs, and secrets inside your own network while still using Cursor's agent capabilities
    • Composer 2 — Cursor's frontier coding model with improved performance on hard coding tasks
    • Automations — build always-on agents triggered by Slack, Linear, GitHub, or webhooks
    • New Plugins — Atlassian, Datadog, GitLab, Glean, Hugging Face, and more via MCP integration

    The old IDE is still there if you want to switch back. The new interface is optional but ships by default.

    If you want to try it, upgrade Cursor and hit Cmd+Shift+P -> Agents Window.

    Gemma 4 Brings Multimodal Intelligence to Your Laptop

    Google DeepMind dropped Gemma 4 on April 2, and it is their most capable open model family yet. Four sizes are available: E2B, E4B, 26B Mixture-of-Experts, and 31B dense. All four are Apache 2.0 licensed, which means you can use them commercially without restrictions.

    The headline numbers: the 31B model ranks #3 on the Arena AI text leaderboard among open models. The 26B MoE model ranks #6 and reportedly outcompetes models 20 times its size on some benchmarks.

    What makes this practical for developers:

    • Vision and audio across the entire lineup — all models process images and video natively; the E2B and E4B also handle audio input for speech recognition
    • Long context windows — 128K for edge models, up to 256K for the larger ones
    • Runs on consumer hardware — quantized versions work on laptop GPUs; the 2B model is 4.4GB
    • 140+ languages — trained natively across a broad language set
    • Function calling and structured JSON output — built for agentic workflows out of the box

    Simon Willison already ran tests on his Mac Mini. The 2B, 4B, and 26B-A4B models worked smoothly. The 31B had a bug at launch, outputting "---" in a loop, but a fix is presumably incoming.

    The Gemma 4 weights are on Hugging Face. If you use LM Studio or Ollama, support is rolling out now.

    The Axios Supply Chain Attack Was a Professional Social Engineering Operation

    The Axios team published a full postmortem on the supply chain attack that shipped malware through a release a few days ago. The details are worth reading if you maintain any open source project.

    This was not a compromised build machine or a leaked credential. The attackers spent weeks running a targeted social engineering campaign against one specific maintainer.

    Here is how it worked, based on the maintainer's own account:

    1. The attacker cloned a real company's branding and LinkedIn presence, including the founder's likeness
    2. They invited the maintainer to a legitimate-looking Slack workspace with realistic channels and fake team member profiles
    3. They scheduled a Microsoft Teams meeting where, during the call, a prompt appeared saying something on the maintainer's system was out of date
    4. The maintainer installed the "update" — which was a Remote Access Trojan
    5. The RAT gave the attackers credentials to publish the malicious package

    The attacker was convincing enough to fool someone who should have known better. The fake company, the cloned profiles, the real Slack workspace, the scheduled meeting — all of it was orchestrated over weeks.

    If you maintain open source software, this is the threat model you need to think about. Two-factor authentication on your publishing pipeline matters. Being skeptical of meeting-related install prompts, even from people who seem legitimate, matters even more.

    The postmortem is worth reading in full on the Axios GitHub issue tracker.

    Sources: Cursor Blog, Google DeepMind Blog, Simon Willison, Hugging Face

    AI toolsCursorGemmaSupply chain securityLLMs

    Related Blog

    AI Sycophancy and the Rise of Vibe Coding: A Reality Check - HeyTobi

    AI Sycophancy and the Rise of Vibe Coding: A Reality Check

    AI Engineering · 4 min read

    Claude Hits 1M Context While Shopify CEO Uses AI Agents to 2x Performance - HeyTobi

    Claude Hits 1M Context While Shopify CEO Uses AI Agents to 2x Performance

    AI Engineering · 3 min read

    AI This Week: A Victorian Chatbot, a PyPI Supply Chain Attack, and Text Rendering Magic - HeyTobi

    AI This Week: A Victorian Chatbot, a PyPI Supply Chain Attack, and Text Rendering Magic

    AI Engineering · 5 min read

    AI and Developer News: Cursor 3, Gemma 4, and the Axios Supply Chain Attack | Tob