ACP Reaches Its LSP Moment: Every Major IDE and Agent on One Protocol
The Agent Client Protocol (ACP) cleared a significant adoption threshold this week. With Windsurf's rebranding to Devin Desktop on June 2 — the largest single adoption event in ACP's history given Windsurf's install base — the protocol is now first-class in JetBrains IDEs, Zed, Devin Desktop, and has backing from GitHub and Google. The ACP Agent Registry lists over 28 agents including Claude Code, Codex CLI, GitHub Copilot CLI, Gemini CLI, and OpenCode.
The analogy to the Language Server Protocol is apt and increasingly heard among developers. LSP decoupled language intelligence from editors, allowing any editor to speak to any language server without a bespoke plugin for each pair. ACP makes the same bet for AI coding agents: any ACP-compatible agent should work in any ACP-supporting editor, eliminating the current situation where choosing an AI tool often means committing to a specific editor ecosystem. JetBrains' ACP Registry enables one-click installation of any registered agent inside IntelliJ IDEA, PyCharm, and WebStorm; Devin Desktop ships five agents at launch and routes tasks to whichever agent a developer selects.
The protocol is developed openly by JetBrains and Zed Industries and sits at a different layer than MCP. Where MCP defines how agents talk to tools (file systems, APIs, databases), ACP defines how agents talk to editors (receiving context, proposing edits, reading the current file tree, streaming output into panels). The two are designed to be complementary — an ACP agent in IntelliJ can use MCP-registered tools to query a database or call an API mid-session. This two-protocol stack is rapidly becoming the baseline assumption for new AI coding agent development.
For teams evaluating AI tooling, ACP's critical-mass adoption changes the decision calculus: agent selection and editor selection are increasingly independent choices, which is good for teams with heterogeneous editor preferences and reduces the risk of being locked into a vendor's full stack.
Read more — JetBrains
The AI Productivity Paradox: 93% Adoption, 10% Organisational Gain
Multiple 2026 surveys have converged on a finding that should concern AI tool advocates: individual developers report productivity gains of 25–55% from AI coding tools, yet organisational-level productivity metrics have risen roughly 10% in teams that have adopted AI broadly. The gap is not small, and it is prompting a reassessment of how AI developer tooling is actually working.
The explanation emerging from the data is a verification bottleneck. Sonar's State of Code survey found 96% of developers do not fully trust AI-generated code, and only 48% always verify it before committing — meaning more than half sometimes commit AI-generated code without review. Separately, research from METR found a median 1.4–2x self-reported productivity improvement among technical workers using AI, but controlled experiments consistently show the gains shrink or disappear for experienced engineers on complex, unfamiliar codebases. The JetBrains developer workflow study found that AI redistributes work rather than eliminating it: tasks like initial code generation become faster, but review, debugging of AI-introduced regressions, and integration testing consume time that offsets the generation speedup. One study found that projects with high AI-generated code ratios experienced a 41% rise in bug rates.
The pattern surfacing from these studies points to a tool-maturity mismatch. AI coding tools are optimised for generation, but the bottleneck in experienced-engineer workflows is rarely generation — it is understanding, debugging, and maintaining code written by others (or by AI). Until evaluation, testing, and debugging tooling catches up to generation speed, the individual experience of productivity will continue to diverge from the team-level reality of reviewing a larger volume of harder-to-maintain code. Several teams are now deliberately limiting AI generation to bounded, test-covered functions while investing more in AI-assisted test writing and static analysis as the more productive constraint to address.
Read more — JetBrains Research Blog
Anthropic's $65B Raise and S-1 Filing: What It Signals for the AI Ecosystem
Anthropic closed a $65 billion Series H round on May 28, led by Altimeter Capital, Dragoneer, Greenoaks, and Sequoia Capital at a $965 billion post-money valuation — the largest private AI funding round to date. Run-rate revenue had crossed $47 billion earlier in May. Four days later, on June 1, Anthropic filed a confidential draft S-1 registration statement with the SEC, the formal first step toward a public offering, timing contingent on market conditions and SEC review.
For developers and teams building on Claude, the financial trajectory matters in two practical ways. First, the continued capital inflow reinforces Anthropic's ability to invest in model capability, API infrastructure, and the rate-limit increases the company has been rolling out throughout 2026. Second, an eventual IPO creates transparency obligations that will give enterprise buyers more visibility into Anthropic's cost structure and roadmap — a factor in multi-year infrastructure commitments.
The broader signal is that the frontier AI lab funding cycle is transitioning from venture growth rounds to public-market readiness. OpenAI, Anthropic, and xAI have all pursued or signalled IPO paths within the same 12-month window, suggesting the private market for frontier labs is reaching the valuation levels where public-market liquidity becomes the natural next step. For developers choosing which AI platform to build on, this transition generally correlates with more stable API contracts, stronger SLA commitments, and longer deprecation windows — the infrastructure predictability that production AI applications require.
Read more — Anthropic
Safe & Secure AI Agent Practices
The OWASP Agent Top 10 and the MCP Security Gap
The convergence of ACP, MCP, and a growing registry of AI coding agents raises a question that the OWASP Top 10 for Agentic Applications (2026) addresses directly: every integration point between an editor, an agent, and a tool is a potential attack surface. OWASP ranks agent goal hijacking and tool misuse as the top risks in agentic systems, and the MCP ecosystem's rapid growth is now being matched by a corresponding growth in security scrutiny.
Security researchers have identified several recurring vulnerabilities across open MCP server implementations: plaintext credentials in transport headers, unrestricted network access from tool handlers, and tool poisoning — where attackers tamper with tool metadata to redirect an agent's intent. The recently proposed SAFE-MCP standard, adopted by the Linux Foundation and OpenID Foundation, establishes a security baseline for MCP-enabled systems including DPoP token binding, workload identity federation for multi-tenant deployments, and mandatory audit logging of all tool invocations.
For teams deploying AI coding agents in enterprise environments, the practical steps that address the highest-risk scenarios are: constraining each agent to the minimum file system and network scope it needs for its specific task, never configuring agents with production credentials when a staging credential will do, requiring human approval before any agent-initiated infrastructure change, and routing all agent tool calls through a centralised logging layer before they reach the tool itself. Docker AI Governance and GitHub Copilot's new sandbox infrastructure both implement these principles at the platform level, but teams using self-hosted or third-party agents need to enforce the same pattern manually in their orchestration layer.
Read more — OWASP
