AI Coding Tools Weekly: SpaceX buys Cursor, Copilot goes four-wide

SpaceX agreed to buy Cursor for $60 billion in an all-stock deal announced June 16 — the largest acquisition in AI coding tool history and a signal that the platform layer is consolidating fast. The same week, GitHub Copilot shipped four changes at once, Claude Code released six versions and launched a new artifact-sharing feature for enterprises, Gemini CLI executed its planned shutdown, and open-source CLI agents pushed through dense version cycles. Here's what matters and what engineering teams need to act on.

SpaceX announced it will acquire Anysphere (parent company of Cursor) in an all-stock deal valued at $60 billion on June 16. 1 The transaction is expected to close in Q3 2026 pending regulatory approval. The $60 billion in Class A shares represents a 3.4% dilution at SpaceX's IPO valuation; if the deal falls through, SpaceX owes Cursor a $1.5 billion termination fee plus $8.5 billion in compute resources. 1

SpaceX's stock rose roughly 16% on the day of the announcement, pushing it past Amazon and Microsoft by market cap to become the fourth-largest US company. 1 Cursor CEO Michael Truell stated: "Excited to partner with the SpaceX team to scale up Composer. A meaningful step on our path to build the best place to code with AI." 1

The acquisition context: Cursor's market share in the AI coding tool space slid from roughly 41% in June 2025 to about 26% by May 2026 (based on Ramp spending data), while Anthropic's Claude Code now holds approximately 50% share in the same period. 1 Musk had previously merged SpaceX with xAI; Cursor provides the coding tool layer that xAI's Grok models currently lack.

For engineering teams: The deal is pending — Cursor's product and pricing are unchanged until Q3 at the earliest. Enterprise customers on Cursor Business or Max plans have no immediate action items; watch for compute and infrastructure changes if and when xAI models get added to Cursor's model picker post-close.

Cursor released v3.7 on June 17 and v3.8 the following day, continuing a biweekly cadence.

v3.7 — Cloud agents in the Agents window. The headline capability: cloud environment setup that completes in roughly 10 minutes and captures the environment as a reusable snapshot stored in .cursor/environment.json, shareable across a team. 2 The /in-cloud command launches a Cloud Subagent on an isolated VM for background work — such as investigating a CI failure or exploring an unfamiliar codebase — without consuming the user's local session. Subagents can /babysit PRs remotely and hand off to the local session when ready. The model displayed in the interface is Opus 4.8 1M Max. 2

v3.8 — /automate skill and automation improvements. The new /automate skill lets users describe a repeated workflow in natural language; Cursor configures the trigger, instructions, and toolset automatically. 3 New triggers added this release: a Slack emoji reaction trigger (react to a message to fire the automation) and five new GitHub event triggers — issue comment, PR review comment, PR review submitted, review thread updated, and workflow run completed. 3 Cloud agents can now use Computer Use to produce demos and outputs. Automations can be saved in draft state mid-configuration, and automations now open a PR by default. Two Marketplace templates ship with this release: triage failed GitHub Actions runs, and auto-fix PR review comments. 3

Copilot pushed four distinct changelog entries on June 17–18 — individual plan re-openings, Desktop App GA, a model deprecation, and a new small model rollout.

Individual plan sign-ups reopen (Jun 17). Copilot Student, Pro, Pro+, and Max individual plans reopened for registration, rolling out over the following weeks. 4 Two new usage-overrun options are available: upgrade to the next tier (paying only the difference) or enable pay-as-you-go at the current plan's model rates. 4

Copilot Desktop App GA (Jun 17). The standalone Copilot app for macOS, Windows, and Linux graduated from technical preview to general availability. 5 Sessions can start from an issue, a PR, or a plain prompt, with parallel sessions each running in isolated branches and worktrees. Features added since the preview: Canvases (a bi-directional collaborative editing interface), Cloud automations (scheduled cloud tasks), BYO model support, and MCP tool integration. 5 Copilot Business and Enterprise customers need an admin to enable the CLI via policy settings before their developers can access it.

Opus 4.6 (fast) deprecation (Jun 18). Opus 4.6 (fast) will be removed from all Copilot surfaces on June 29. 6 Enterprise admins managing model policy need to enable Opus 4.8 (fast) as a replacement before that date; the deprecation applies to every Copilot experience.

MAI-Code-1-Flash expands to 8 surfaces (Jun 18). Microsoft's purpose-built small coding model extended its rollout to: Copilot CLI, GitHub Copilot app, Copilot Chat on GitHub, Visual Studio, GitHub Mobile, JetBrains IDEs, Eclipse, and Xcode. 7 MAI-Code-1-Flash is currently available for Free, Student, Pro, Pro+, and Max plans; Business and Enterprise availability is listed as coming soon. GitHub describes it as delivering best-in-class quality for its size and benchmark class, outperforming comparable small models in early internal testing. 7

Also this week: Copilot code review gained AGENTS.md support and UI improvements (Jun 18); 5 Copilot-authored PRs now appear in author-based search; an Agent Finder surface went live on June 17; and Auto mode in Copilot Chat opened to all users. On the billing side, the June 19 API update added an ai_credits_used field to the usage metrics endpoint — per-user, per-day credit consumption visible to org owners and enterprise admins — giving teams a first-party signal for budgeting against Copilot's AI Credits model. 8

Artifacts beta, Team/Enterprise only (Jun 18). Claude Code can now publish session work — PR walkthroughs, system diagrams, dashboards, release checklists — as self-contained interactive HTML pages shared inside an organization. 9 Each artifact is a single HTML page capped at 16 MiB, protected by a strict CSP that blocks all external network requests. Artifacts are private to the author by default and shareable only with authenticated org members; admins control org-level access and retention policy. 9 Pages update in real time as the session progresses and maintain version history at the same URL. Boris Cherny, the Claude Code lead, described the feature: "I've been using Artifacts in Claude Code for everything: visual explanations of tricky code, system diagrams, quick previews of a few animation options, data analyses and dashboards I share with the team. They are a game changer for how I work with Claude." 10

VentureBeat noted a design contrast: Anthropic chose a stateless canvas approach (no backend persistence) while OpenAI's Codex Sites builds a full-stack platform-as-a-service. Both reach the "share what the agent built" end state through different architectural philosophies. 10

Six releases, v2.1.176–v2.1.183 (Jun 12–19). The most operationally significant change: v2.1.183 blocks destructive git commands in auto mode — git reset --hard, git checkout -- ., git clean -fd, git stash drop — plus terraform/pulumi/cdk destroy. 11 v2.1.181 added a /config key=value syntax for inline config updates and bumped the Bun runtime to 1.4. v2.1.178 introduced a Tool(param:value) permission rule syntax for more precise allow/block grants on specific tool parameter values, alongside nested .claude/ directory skill loading. 11 The repository reached 133K GitHub stars by June 19 (up from 132K the previous week).

Claude Code GitHub Action v1.0 GA (Jun 17). The action moved to v1.0 with a unified prompt input, automatic mode detection, and full claude_args passthrough for any CLI flag. 12 There are breaking changes: the mode, direct_prompt, and override_prompt fields are removed. Teams running the action need to migrate; the release includes a migration guide and six example workflows.

Security advisory. CVE-2026-35603 was disclosed this week — a privilege escalation vulnerability affecting Claude Code, Cursor, Codex CLI, and Gemini CLI via misconfigured ProgramData paths. Teams running any of these tools on shared Windows environments should check vendor advisories. 12

Gemini CLI stopped serving Google AI Pro/Ultra and free individual accounts on June 18, as announced in May. 13 The Apache 2.0 repository (105K stars) remains intact, and enterprise license and paid API key users are unaffected. What changed: the hosted backend and consumer quota — 1,000 requests/day free, 1,500 Pro, 2,000 Ultra — are gone. Replacement tool Antigravity CLI uses an opaque credit-billing model with no published rate table. 13

Future Stack Reviews summarized the lesson plainly: "The accurate and more useful finding is that the open license never guaranteed continued access, because the part that made the tool useful — Google's hosted backend and quota — was always Google's to switch off." 13 FSR flagged a specific operational risk: CI jobs, cron tasks, Git hooks, or deployment scripts calling gemini as of June 18 fail silently — no error thrown, the command simply stops responding. Any automation invoking gemini that hasn't been migrated needs a replacement before the next run. 13

Devin — Security in Devin Review (Jun 18). Cognition added automated security scanning to Devin Review, analyzing every PR for authentication bypasses and business logic flaws — not just pattern-matched CVEs. 14 Each finding comes with a CWE ID, the full exploit path, a fix recommendation, and Devin generates a merge-ready fix PR automatically. No manual routing or assignment required.

Cognition's framing: AI-generated code expands the attack surface faster than human reviewers can keep up, and code review is the last gate before production. The feature targets the gap between automated scanners (which miss logic-level vulnerabilities) and the bandwidth required for thorough human review.

Windsurf/Devin Desktop — three patch releases (Jun 16–18). v3.2.16 shipped a local plugin system (devin plugin, enterprise preview), direct MCP tool calls from subagents, terminal allow/deny list enforcement at the CLI scope, and a Cmd+. mode switcher. 15 v3.2.19 fixed a skill file loading bug for skills using alternative fields. v3.2.23 made the MCP registry parser tolerant of legacy and non-standard schemas. 15

Replit — Claude integration (Jun 17). Replit launched as an official Claude Connector, allowing users to design an application in Claude's UI and send it directly to Replit Agent for build and deployment with no copy-paste step. 16 The integration adds a "Send to Replit" option to Claude's export interface. 16

JetBrains Junie CLI (JetBrains' LLM-agnostic terminal coding agent) exited beta on June 17. 12 Atlassian shipped a Jira-to-local-agent bridge the day before (June 16) that can hand off Jira issues directly to a local coding agent.

Moonshot AI published Kimi K2.7-Code on June 12 — 1T parameter MoE (32B active, 384 experts), 256K context, Modified MIT license. 24 API pricing is $0.95/$4.00 per million input/output tokens — roughly one-fifth the cost of Claude Opus 4.8.

Moonshot self-reports: MCPMark Verified 81.1% (vs. Opus 4.8's 76.4%); Kimi Code Bench v2 62.0 (vs. GPT-5.5 69.0, Opus 4.8 67.4); 30% fewer reasoning tokens versus K2.6. 24 As of June 19, no independent SWE-bench Verified or Terminal-Bench scores have been published. Flowtivity's review found the token efficiency improvement the most practically useful change; Totalum summarized the uncertainty: "In the absence of an independent SWE-bench Verified run, the honest answer is: likely competitive on tool-use tasks, unverified on end-to-end repo-level work." 25 VentureBeat reported practitioners finding the benchmark numbers hard to reproduce on real codebases. 26

Zhipu AI (Z.AI) released GLM 5.2 on June 13 — 744B MoE (roughly 40B active parameters), 1M token context, MIT license, no geographic restrictions. 27 Benchmark scores vs. its predecessor GLM 5.1: SWE-bench Pro 62.1 (+3.7), Terminal-Bench 2.1 81.0 (+17.5), FrontierSWE 74.4 (+43.9 — 1% behind Opus 4.8). 27 The model uses an IndexShare technique (shared indexer every 4 layers) that reduces per-token FLOPs by 2.9× on 1M-token contexts. 27 GLM Coding Plan tiers (Lite/Pro/Max/Team) integrate with Claude Code, OpenCode, and ZCode.

The US government issued an export control directive on June 12 suspending access to Claude Fable 5 and Mythos 5 for all users globally, citing national security. 28 Anthropic complied the same day. All other Anthropic models, including Opus 4.8, remain available. 28 Anthropic's response: "We disagree that the finding of a narrow potential jailbreak should be cause for recalling a commercial model deployed to hundreds of millions of people. We believe this is a misunderstanding and are working to restore access as soon as possible." 28 Anthropic submitted a proposal to lift the restriction on June 18. The government provided only verbal evidence of a narrow jailbreak — Anthropic noted the same vulnerability class exists in GPT-5.5 and other frontier models.

Two practical notes: The Fable 5 free trial period expires June 22 regardless of whether access is restored; any credits used during the suspension period are being refunded. 29 The effect on benchmark leaderboards: Fable 5 held the top slot on SWE-bench Verified (95.0%) and SWE-bench Pro (80.3%) before suspension; those positions remain technically valid but the model is currently inaccessible. 30

Fable 5 access status. Anthropic's June 18 proposal to the government is the key variable. If granted, Fable 5 returns to an available state but the free trial period will have ended — users would be on usage credits. If denied or stalled, the benchmark leaderboard picture changes significantly.

Cursor/SpaceX regulatory review. The deal clock started June 16. No regulatory body has publicly opened an inquiry, but a $60 billion tech acquisition involving a defense-adjacent acquirer will draw scrutiny. First signals likely in Q3.

Continue.dev v2 details. The release notes for v2.0.0 and v2.1.0 contain almost no detail. Whether this is a breaking architectural change or a housekeeping release will determine whether teams on v1.x need to plan a migration.

Copilot individual plans rollout pace. The sign-up reopening is being phased in over "the next few weeks" — no published schedule.

GitHub Copilot AI Credits model (billing reference). The switch from PRU (Premium Request Units) to AI Credits occurred June 1. As a pricing reference for new users evaluating plans: Pro ($10/month) = 1,500 credits; Pro+ ($39/month) = 7,000 credits; Max ($100/month) = 20,000 credits. Model selection creates up to a 40× difference in per-step credit consumption (cheapest vs. most expensive model). 31