I’ll admit, this one got me. 😂😂😂 pic.twitter.com/ikt6sgthBr

— Steve 🇺🇸 (@SteveLovesAmmo) January 24, 2026

(via Nag on the Lake) 

Arguably, the first of many exciting chapters in MCP development this year - the ability to render user interfaces within the chat experience. Finally, we’re going beyond just text.

Starting April 28, 2026, apps and games uploaded to App Store Connect need to meet the following minimum requirements:

• iOS and iPadOS apps must be built with the iOS 26 & iPadOS 26 SDK or later
• tvOS apps must be built with the tvOS 26 SDK or later
• visionOS apps must be built with the visionOS 26 SDK or later
• watchOS apps must be built with the watchOS 26 SDK or later

Learn more about submitting

There’s a new report about two AI coding assistants, used by 1.5 million developers, that are surreptitiously sending a copy of everything they ingest to China.

Maybe avoid using them.

From an Anthropic blog post:

In a recent evaluation of AI models’ cyber capabilities, current Claude models can now succeed at multistage attacks on networks with dozens of hosts using only standard, open-source tools, instead of the custom tools needed by previous generations. This illustrates how barriers to the use of AI in relatively autonomous cyber workflows are rapidly coming down, and highlights the importance of security fundamentals like promptly patching known vulnerabilities.

[…]

A notable development during the testing of Claude Sonnet 4.5 is that the model can now succeed on a minority of the networks without the custom cyber toolkit needed by previous generations. In particular, Sonnet 4.5 can now exfiltrate all of the (simulated) personal information in a high-fidelity simulation of the Equifax data breach—one of the costliest cyber attacks in history­­using only a Bash shell on a widely-available Kali Linux host (standard, open-source tools for penetration testing; not a custom toolkit). Sonnet 4.5 accomplishes this by instantly recognizing a publicized CVE and writing code to exploit it without needing to look it up or iterate on it. Recalling that the original Equifax breach happened by exploiting a publicized CVE that had not yet been patched, the prospect of highly competent and fast AI agents leveraging this approach underscores the pressing need for security best practices like prompt updates and patches.

AI models are getting better at this faster than I expected. This will be a major power shift in cybersecurity.