This Week in AI Dev: GPT-5.4, Cursor Hits $2B, and a Supply Chain Attack on Cline
What Happened
The first week of March 2026 packed more news into seven days than most months. Here are the stories that actually matter for people building with AI tools.
OpenAI shipped GPT-5.4 with a 1 million token context window and native computer use capability, scoring 75% on desktop navigation benchmarks. They also released GPT-5.3 Instant, a faster conversation model with 26.8% fewer hallucinations than its predecessor. The new Codex Windows app is open-source with a sandboxed environment, and Codex Security claims 84% noise reduction in security alerts. OpenAI is also giving open-source maintainers six months of free ChatGPT Pro through Codex for OSS.
Cursor crossed $2 billion in annualized revenue and launched Automations, a feature for always-on coding agents that work in the background. For a company that barely existed three years ago, that revenue number is staggering.
Anthropic made waves on multiple fronts. Claude signups surged to one million daily after the Pentagon contract controversy, where Anthropic refused a military deal that OpenAI signed hours later. The "QuitGPT" boycott hit 2.5 million participants. Anthropic launched Import Memory, letting users migrate ChatGPT conversation memories to Claude. And Claude Opus 4.6 discovered 22 Firefox vulnerabilities (14 high-severity) in a two-week security audit.
Google released Android Bench, an LLM leaderboard for Android tasks, where Gemini 3.1 Pro leads at 72.4%.
Apple dropped seven products in three days, including the MacBook Pro M5 Pro/Max with 4x faster LLM processing and 128GB unified memory, and the $599 MacBook Neo.
On the security front, a supply chain attack dubbed "Clinejection" compromised 4,000 developer machines through GitHub issue prompt injection targeting the Cline VS Code extension. The compromised package had an 8-hour distribution window before detection.
Why It Matters
Three threads stand out. First, the context window race has reached a practical ceiling for most workflows. One million tokens in GPT-5.4 means you can load entire codebases into a single prompt. The question is no longer "can the model handle it" but "should you pay for it."
Second, Cursor's $2B number confirms that AI-native code editors aren't a feature - they're a category. The always-on Automations feature signals where this is heading: agents that work continuously, not just when you prompt them.
Third, the Clinejection attack is a wake-up call. Prompt injection through GitHub issues targeting coding assistants is exactly the attack vector security researchers warned about.
Our Take
The Anthropic vs. OpenAI dynamic is now shaping tool choices beyond technical capability. A million daily Claude signups driven by ethics, not features, is new territory. The Import Memory feature shows Anthropic is ready to capitalize on switchers.
Cursor at $2B validates every bet on AI-assisted development. The Automations launch is particularly interesting - background agents that handle routine tasks without explicit prompting could change daily workflows more than chat-based coding assistance ever did.
But the Clinejection attack deserves the most attention. AI coding tools that process external content - GitHub issues, PR descriptions, documentation - are attack surfaces. This won't be the last supply chain attack targeting developer AI tools. Check what extensions you're running and what content they have access to.