Microsoft shipped MAI-Code-1-Flash, a small model tuned for Copilot's agent harness and trained without OpenAI data, and the menu of models that build the web keeps growing. A link-forward briefing.
The list-and-map search is the layout behind Zillow, Airbnb, and every "find a place near you" page: results scroll on one side while a sticky map holds them all on the other, and a pin on the map matches a card in the list. Today the issue is that page. Each thing that shipped is a listing with a marker and a spec strip, the right rail is the market map, and the new arrivals get a pin. The reusable move is the synced split itself, a pattern any search or browse product can borrow.
The market for the model that writes your code added a fast, cheap arrival this week, and the menu under the builders keeps filling up.
At Build, Microsoft put out a small coding model tuned directly on GitHub Copilot's agent harness and, it says, trained without OpenAI data. It rolls out first in the VS Code model picker and is billed as the first of a purpose-built wave. The pitch is quality for its size at a price that undercuts the small tier.
Alongside the model, GitHub shipped a cluster of Build releases: the Copilot SDK reached general availability, cloud and local sandboxes entered preview, agent apps arrived, and Gemini models landed in the CLI and cloud agent. The model is one unit in a much larger development.
In the same week, Vercel's AI Gateway added Qwen 3.7 Plus and MiniMax M3 to the roster a builder can route to. The point is less any single model than the shape of the market: the thing that writes your site is becoming a swappable line item.
While the model layer churns, the browser quietly took back work that used to need JavaScript, and the web's plumbing started changing under everyone.
A roundup of what newly reached the platform: Safari added an open-state selector that styles a disclosure, dialog, or picker when it is open, and Firefox made custom-property style queries work in container queries. Both replace small piles of state-tracking script with plain stylesheet rules.
Let's Encrypt began rolling out post-quantum certificates, the kind designed to resist a future quantum computer. Most sites will never touch the config, but the encryption layer under the whole web is being swapped while everyone keeps shipping pages on top of it.
If the model is a cheap commodity you swap on a whim, the risk moves to what you hand it. Three disclosures worth reading this week, in the order a careful buyer would check them.
A new write-up shows a one-click path to stealing a GitHub token through a bug in a popular code editor. The lesson for agent setups is blunt: the credential your assistant carries is the prize, so scope it tightly and keep it short-lived.
A project trending this week proposes pulling access control out of the prompt and into a real policy layer, so an agent can only touch what you explicitly allow. It is the same instinct as least-privilege for a service account, applied to the thing now writing your code.
Vercel describes catching a spike that would have run an AI endpoint at thousands of dollars a day, and argues for verifying each request rather than each session so an attacker cannot amortize one bypass across many calls. The same care you give a login now belongs on every model call.
Hand this to an AI design or build tool to rebuild today's list-and-map search idiom.
Design a real-estate style search results page, the list-and-map layout behind Zillow and Airbnb, not a marketing landing page. Layout: - A top wayfinding bar: left wordmark, a rounded faux search field with a location pin reading "search the market", and a small nav. - A row of filter chips below it, one chip active. - A market-report header: an eyebrow label, a large headline, a one or two sentence deck, and a results summary line. - The body is a two-column split: a scrollable LISTINGS RAIL on the left and a STICKY MAP PANEL on the right. On narrow screens the map moves above the rail and stops being sticky. - The map panel holds a printed-map image, a small legend of pin colors, and three readout stats. No big photo hero. - Content sections are listing groups with a pin-number marker. Each item is a listing card: a left marker column, a linked title, one or two sentences, a mono "spec strip" of small chips, and a footer with a "view listing" link and the source domain. One featured listing carries an accent left border and a "just listed" flag. Palette: warm map vellum (#E9E4D2), card paper (#F5F1E5), deep ink (#20251F), sage land and pale-teal water, one brick-red accent (#C8482E) for pins, rules, and the active chip; a deeper red (#A2381F) for small accent text. No gradients on type, no glow, no neon. Type: a highway-signage grotesque (Overpass) for headings and pins, a humanist sans (Mulish) for body and UI, a reading serif italic (Source Serif 4) for one editorial line, and a monospace (Overpass Mono) for chips, labels, and the legend. Readability: body at least 18px, line height 1.6 or more, no justified text, WCAG AA contrast, text never sitting on a border. In the map image use shapes, contours, roads, and colored pins only; no fake readable text.
Why it works: it names a real web archetype, fixes the wayfinding bar, the results header, and the sticky split, then translates listings, pins, and a legend into concrete components, palette, type, and accessibility rules, so a tool returns this issue's search-page look instead of a generic "make it look like a map app."
When the model that builds your site is a cheap, swappable line item, the choice of model stops being the interesting decision. What you ask it to build, and how carefully you read what comes back, is the part of the market that still has your name on it.
A field experiment from the team behind Beaver Builder.