AI Coding Assistants
Jul 17, 2026

The Gist
AI coding assistants are advancing rapidly with new techniques like self-distillation improving code generation, while security tools like Capital One's VulnHunter help identify vulnerabilities before attackers do. Major tech players are making strategic moves—Google delays its Gemini 3.5 Pro, Linus Torvalds endorses AI for Linux development, and Microsoft expands partnerships with 3M on AI infrastructure—signaling intense competition in the AI coding space.
Today's Stories
- 1
Simple Self-Distillation Boosts Code Generation in LLMs
Researchers demonstrated that large language models can improve at code generation by fine-tuning on their own raw outputs—without external verifiers, teacher models, or reinforcement learning. The method, called simple self-distillation (SSD), improved Qwen3-30B-Instruct from 42.4% to 55.3% pass@1 on LiveCodeBench v6, with the largest gains on harder problems. The technique generalizes across Qwen and Llama models at 4B, 8B, and 30B scale, including both instruct and thinking variants. Code generation is a practical tool programmers are already adopting from LLMs, but the outputs are often difficult to understand and work with. SSD offers a low-friction way to improve model performance without requiring expensive external components—just the model's own outputs and standard fine-tuning. This addresses a real friction point for developers relying on AI-generated code.
The paper reveals that SSD works by reshaping how the model distributes probability across tokens: it suppresses distracting alternatives where accuracy is critical while preserving useful diversity where exploration helps. This mechanism suggests SSD represents a new direction for post-training improvements in code generation, complementary to other enhancement methods.
- 2
Capital One open-sources VulnHunter, AI tool that maps code flaws like attackers would
Capital One released VulnHunter on Thursday, an open-source AI security tool available on GitHub under an Apache 2.0 license. The tool scans source code for exploitable vulnerabilities, maps how an attacker would reach them, and proposes targeted fixes before code ships to production. Capital One, still known for a 2019 data breach that compromised personal information of roughly 106 million people across the United States and Canada and cost the bank an $80 million(約130億円) federal fine, is now contributing offensive AI capabilities as a public defensive resource—a shift in how the company manages security risk.
VulnHunter uses what Capital One calls an 'attacker-first forward analysis' workflow, beginning at the points where a real adversary would enter the system, which represents an ambitious approach to vulnerability detection for a major financial institution.
- 3
Linus Torvalds backs AI in Linux, warns critics to fork or leave
Linus Torvalds, Linux kernel's top-level maintainer, issued a strong statement in favor of using AI tools in Linux development, saying he would "absolutely put my foot down" on the issue. Anyone who objects "can do the open-source thing and fork it. Or just walk away." The statement settles a live debate over Sashiko, an AI-powered code review system for the Linux kernel developed by the Linux Foundation. Some developers like Roman Gushchin had argued that anti-LLM sentiment was undermining the tool's goal of reducing maintainers' workload. Torvalds' endorsement signals that the kernel project prioritizes technical merit over ideological resistance to AI.
Sashiko uses tailored prompts and works with multiple LLM providers to automatically review code patches imported from mailing lists or Git repositories. A guide for kernel maintainers on using Sashiko is available on GitHub.
- 4
Google's Gemini 3.5 Pro delay signals weakness in AI coding race
Google has delayed the release of Gemini 3.5 Pro for months, according to the body. This slowdown is feeding investor and internal researcher concern that Google is falling behind Anthropic and OpenAI in frontier AI — specifically in the ability to write software code. The coding capability has become the central competitive arena in advanced AI. Google's delay suggests it may not be keeping pace with rivals on one of the most commercially important and strategically watched dimensions of AI performance.
The body does not provide a specific release date, availability details, or concrete next steps for Gemini 3.5 Pro's launch.
- 5
3M partners with Microsoft on AI infrastructure, stock tests undervaluation thesis
3M announced a partnership with Microsoft linking its Expanded Beam Optical technology to Azure data centers and integrating Microsoft AI tools into 3M's operations. The stock has moved to $161.77, up 4.14% over 7 days and 4.67% over 90 days. The partnership highlights 3M as a potential beneficiary of AI and data center infrastructure demand. However, 3M shares currently trade below both internal fair value estimates (about $170.97) and analyst targets—raising the question of whether the market is underpricing the stock or correctly discounting litigation and transformation risks.
The market's dominant view frames 3M as 5.4% undervalued, hinging on execution in operational efficiency gains (on-time delivery, equipment effectiveness, quality cost reductions) and legal cleanup around PFAS litigation. Questions about reigniting revenue growth remain a key risk to that undervalued narrative.
- 6
PocketVeto: Bluetooth AI agent control from your phone
A developer released PocketVeto, a v1 tool that lets you approve or deny risky actions (shell commands, file writes) from AI coding agents running on your PC, directly from your phone via Bluetooth, with a live dashboard showing agent activity. It works on Windows and Linux, hooks into Cursor and Claude Code, and requires no internet or WiFi routing. If you rely on AI coding agents to write code unsupervised, you now have a way to stay in control from away from your desk — approving or blocking dangerous operations in real time without watching a terminal. The Bluetooth-only design means it works even when WiFi access points block local network communication.
The tool is open source (MIT license) and available now via GitHub; macOS Bluetooth support is deferred post-v1. Installation is a one-line shell command, plus Android app sideload and Bluetooth pairing. Full setup details are in docs/setup.md.
What to Watch
Watch for Speculative Sampling Decoding (SSD) and similar post-training techniques to reshape how AI coding assistants generate more reliable code by intelligently managing which suggestions they explore versus suppress. Additionally, keep an eye on adoption patterns of security-first tools like VulnHunter and Sashiko as enterprises and open-source communities work to embed vulnerability detection deeper into their development workflows.
Sources
- Embarrassingly Simple Self-Distillation Improves Code Generation
- Capital One releases VulnHunter, an open-source AI tool that finds software flaws before hackers do
- Linus Torvalds tells AI critics in the Linux kernel community to fork off
- Google's Gemini 3.5 Pro delay deepens doubts over its standing in AI coding race
- 3M (MMM) Teams Up With Microsoft As Its Undervalued Narrative Faces A Valuation Test
- Show HN: PocketVeto is a Bluetooth-only AI agent remote control
- Aurora Group expands enterprise AI services with 12 workplace use cases
- 強気値上げで自爆か ClaudeやGeminiに押され「M365 Copilot」は一人負け?:888th Lap
- Linus Torvalds to critics of AI coding in Linux: "Fork it. Or just walk away."
- Embarrassingly Simple Self-Distillation Improves Code Generation
Share this with a friend
Send today's roundup to anyone who wants to keep up.
Get daily AI news free with AIToday
200+ AI sources, summarized in 1 minute. Email / LINE / Slack.
Sign up free