Developer Weekly Briefing — July 18, 2026

Developer Weekly Briefing — July 18, 2026

BackerLeader 42 221 368
calendar_today agoschedule3 min read

A focused week — two deep enterprise stories and a security piece with numbers worth paying attention to. Here's what mattered.


GitHub's new PR inbox is a direct response to the review bottleneck AI created

Teams using AI coding tools are merging 98% more pull requests. PR review time is up 91%. Average PR size has grown 154%. End-to-end cycle time is actually about 19% slower once review queues are factored in. AI made writing code faster. It made reviewing code harder.

GitHub's redesigned pull requests dashboard is now generally available, and it's clearly built with that math in mind. The centerpiece is Inbox — a single, actionable view at github.com/pulls that surfaces what actually needs your attention: review requests, PRs blocked by CI failures or new comments, and PRs ready to merge. Saved views let you create and organize custom filters without relying on browser bookmarks. AND/OR logic and nested queries now work in advanced search, so you can pull results across multiple organizations in one shot.

One detail worth noting: the author filter now recognizes agent-created pull requests — searching author:@me surfaces PRs that GitHub Copilot opened on your behalf. Small change, big signal about where things are heading.

A better inbox won't shorten the queue. But making it visible — and sortable by urgency instead of buried in a flat list — is a reasonable place to start.

Read more


IBM Bob adds multi-agent coordination, spend tracking, and legacy modernization workflows

IBM's agentic coding platform got a significant update this week. Bob now supports multi-agent, parallel tool calling — instead of a single model working step by step, agents can request multiple tools in the same turn and run them concurrently. Subagents handle exploratory work in isolated context windows, which keeps routine investigation from quietly inflating the bill. Speaking of which: Bobalytics is a new usage-and-spend dashboard built directly into Bob, giving engineering leaders visibility into consumption, model allocation, and where the budget is actually going.

The other half of the announcement targets legacy modernization — three Premium Packages for IBM Z (COBOL, PL/I, assembler, JCL, CICS, IMS, Db2), IBM i (RPG, CL, SQL, DDS), and large Java codebases. These are structured, repeatable workflows rather than open-ended prompting, aimed at the systems most AI coding tools were never built to touch.

Mitch Ashley, VP and Practice Lead for Software Lifecycle Engineering and AI-Native Software Engineering at The Futurum Group, put it clearly: "Multi-agent coordination paired with a spend dashboard signals platforms competing to own the control plane where model routing, cost, and accountability decisions are made. The operative metric for engineering leaders is now cost per completed, verified task — and platforms must generate the evidence to measure it."

If you're responsible for legacy modernization or evaluating enterprise coding platforms, this one is worth a full read.

Read more


Sophos: 79% of ransomware attacks now start with compromised identities

For the first time in four years, exploited software vulnerabilities aren't even the top ransomware entry point anymore. Sophos's 2026 State of Ransomware report puts identity compromise at 79% of attacks. MFA was in place for 97% of the incidents where stolen credentials were the root cause — which says a lot about how far MFA alone carries an organization at this point. Encryption success rebounded to 56% of attacks, reversing a two-year decline. Average recovery cost per incident: $1.7 million.

Sophos launched Fusion alongside the report — a unified defense architecture built on one shared data layer, so a detection at any control point triggers coordinated response across all others in real time. Across more than 40,000 MDR customers, the company says 52% of cases are now resolved entirely by AI, with an average 89 seconds between alert and automated response. That's the same window an attacker needs to move from a stolen session token to lateral movement. The defense system has to move on the same clock.

Read more


The through-line this week: the bottleneck in AI-assisted engineering has shifted downstream — to review, to governance, and to the identity layer that attackers are now targeting first.

See you next Friday.


Developer Weekly Briefing is published every Friday on Coder Legion. Written by Tom Smith.

🔥 Join developers growing publicly
Share your knowledge, build in public, and grow your developer presence with a global community.

More Posts

Developer Weekly Briefing — July 11, 2026

Tom Smithverified - Jul 10

Developer Weekly Briefing — June 27, 2026

Tom Smithverified - Jun 26

Developer Weekly Briefing — June 20, 2026

Tom Smithverified - Jun 19

Developer Weekly Briefing — July 4, 2026

Tom Smithverified - Jul 3

Developer Weekly Briefing — June 13, 2026

Tom Smithverified - Jun 12
chevron_left
15.1k Points631 Badges
183Posts
115Comments
73Connections
LLM Training & Evaluation Specialist with hands-on experience building major AI models. As one of th... Show more

Related Jobs

Commenters (This Week)

3 comments
1 comment
1 comment

Contribute meaningful comments to climb the leaderboard and earn badges!