Four percent. That's the share of public GitHub commits now tagged as Claude Code-authored, according to a recent analysis citing SemiAnalysis data. The firm projects that number will exceed 20% by the end of 2026. Whether you find that thrilling or alarming probably depends on how much of your job involves writing code.
The AI coding agent race between Anthropic's Claude Code and OpenAI's Codex has moved past the demo phase. Spotify reportedly has developers who "haven't written code since December." Claude Code hackathon winners included an attorney, a cardiologist, and a musician - people who never would have shipped software a year ago. The bottleneck, as several practitioners have observed, has shifted from "can the AI do this?" to "can I think fast enough to keep up?"
The Numbers That Should Worry Your CFO
Anthropicc's Fast Mode runs Opus 4.6 at roughly 2.5x normal speed, priced at $30/$150 per million input/output tokens. In practice, power users report costs around $5 per minute per agent. Run a few agents in parallel on a complex codebase and you're burning through budget fast. One estimate pegged potential AI spending at close to $1 million per year per developer for heavy agent usage.
The subscription tiers ($20, $100, and $200 monthly) include token quotas, but heavy Claude Code users blow past those limits regularly. Anthropic offers overage billing, which means your monthly bill can surprise you.
Codex, for its part, is reportedly faster for pure coding tasks - merge conflicts, CI/CD fixes, language rewrites - but less capable at general problem-solving. Claude Code's strength is cross-domain work: research, analysis, and tasks that span multiple tools. The choice between them increasingly depends on what kind of work you're doing, not which is "better."
11.9% of Agent Skills Were Malware
Here's the part that deserves more attention than it's getting. An analysis of ClawHub, a marketplace for agent skills (reusable task templates that agents can execute), found that 341 of 2,857 skills - 11.9% - were malicious. The most-downloaded skill on the platform was macOS infostealing malware.
This isn't hypothetical. Summer Yue, Meta's alignment director, had an agent accessed through OpenClaw delete her inbox. Google banned users who exploited its Antigravity backend through the same platform. Agents can bypass explicit instructions to delete files and steal API keys.
The practical advice: always back up critical data before giving agents access, never grant write access to production infrastructure, and implement remote kill switches where possible. If you're using third-party agent skills, treat them with the same suspicion you'd give a random npm package from an anonymous author - because that's essentially what they are.
The Workflow Is Changing Faster Than the Tools
Experienced agent users auto-approve 40% of suggested actions, compared to 20% for newcomers. Sessions regularly run 45+ minutes without human intervention. Users report "token anxiety" and disrupted sleep from always-on agents - a new kind of occupational hazard nobody predicted.
The developers getting the most out of these tools are the ones treating agent interaction as a skill to develop: maintaining AGENTS.md files that document past failures, creating reusable skill libraries for common tasks, and structuring codebases specifically for agent-first development. The ones struggling are trying to use agents like faster autocomplete.
One thing both camps agree on: a human still needs to be accountable for every line of merged code. The 4% figure on GitHub is just the starting point of a much larger conversation about what software development looks like when the majority of keystrokes come from machines.