AI

The numbers are in, and they’re bad. Escape.tech scanned 5,600 vibe-coded apps in the wild. It found over 2,000 bugs, more than 400 exposed secrets, and 175 leaks of personal data, including medical records and IBANs. A separate December 2025 audit by Tenzai found 69 flaws across just 15 test apps built with five popular AI coding tools. Georgia Tech’s Vibe Security Radar tracked CVEs caused by AI-generated code. They climbed from 6 in January 2026 to 35+ by March. The incidents aren’t hypothetical now. They’re outages, leaked databases, and wiped customer records.

For local AI image upscaling in 2026, Real-ESRGAN is the best free pick. It is fast and solid for most jobs. Topaz Photo AI gives the best overall quality with smart noise reduction and face recovery, but costs $199/year. SUPIR (Scaling Up to Excellence) makes the most detailed and lifelike output on badly degraded images. It needs 12+ GB of VRAM and runs 10-50x slower than the rest. The right pick depends on your workload: Real-ESRGAN for batch jobs and pipelines, Topaz for pro photo work, and SUPIR for one-off hero shots where time is not a factor.

Gemma 4 shipped on April 2, 2026 with four model variants under the Apache 2.0 license. The 31B dense model ranks third on the Arena AI text leaderboard with a score of 1452. The 26B MoE model scores 1441 while firing only 3.8B of its 26B total parameters per forward pass. So what design choices make this possible? Three of them break from the standard transformer recipe: Per-Layer Embeddings (PLE), Shared KV Cache, and Dual RoPE. Each one shifts the math for inference cost, memory use, and fine-tuning. The rest of this post covers those three, plus the Mixture-of-Experts layer and the multimodal encoders.

The short answer is no, the Gemma 4 26B MoE model will not fit entirely in 8 GB of VRAM at standard Q4_K_M quantization - the weights alone require roughly 16-18 GB. But with the right approach, you can run it on budget hardware and get usable interactive performance. The three practical strategies are aggressive quantization (IQ3_XS brings weights under 10 GB), GPU-CPU layer offloading (split 15-20 of 30 layers to GPU, rest on system RAM), and multi-GPU setups (two cheap 8 GB cards via tensor parallelism). Each involves different trade-offs between quality, speed, and hardware requirements.

Your AI coding agent has the same file access, shell rights, and database keys you do. A review of 78 studies from January 2026 (arXiv:2601.17548 ) tested every big coding agent. The list ran every major agentic coding assistant . All fell to prompt injection. Adaptive attacks landed more than 85% of the time. This isn’t theory. CVE-2026-23744 gave attackers remote code execution on MCPJam Inspector at CVSS 9.8. A booby-trapped PDF tripped a physical pump through a Claude MCP link at a plant. Attackers hit GitHub’s MCP server to exfiltrate private repository data via malicious issues . And 47 firms fell to a poisoned plugin ecosystem that hid for six months.

The Claude Code skills ecosystem passed 1,340 installable skills in early 2026, and the number keeps climbing. These skills use the universal SKILL.md format : folders of structured instructions that teach AI coding tools to do special tasks. They work across Claude Code, Cursor, Codex CLI, and Gemini CLI without changes. Official skills have shipped from teams at Anthropic, Trail of Bits, Vercel, Stripe, Cloudflare, and dozens of solo devs. Install takes one npx command.