We share dozens of articles, tools, hot takes, and rabbit holes across our internal Slack channels and group chats every day, and most of it just disappears into the scroll. So I thought, why not pick the things, add some context and opinions, and put it out there? Consider this a first experiment. If it turns into something worth repeating, I'll keep going.
AI Is Everywhere (And We Have Opinions)
2026 is the year, when AI stopped being something you try out and started being something you have to have a strategy for. The sheer volume of things that happened is hard to keep up with. So here's what actually caught Omedians' attention in March.
Long Reads
If you only find time for two articles, make it these.
Both of these were shared by our very own Giorgi Gagoshidze, Head of Back-end and the person at Omedia who has embraced AI and agentic development the hardest. He's been deep in it daily, sharing what he finds and how he works almost in real time.
Colin Breck's Adapting to AI: Reflections on Productivity is the a honest piece, about what's actually happening to us as engineers. There is no doubt anymore that we are undergoing an absolute revolution in how digital products get built. I have no idea when or how this will settle, or what the new balance will look like. But reading Colin's reflections, I found myself agreeing with almost every paragraph. The part about how AI lets you try so many more of your ideas, often in parallel, and then those ideas compound into even more ideas until your mind is racing with possibilities and it becomes hard to stop? That's a special kind of drug, and I bet everyone reading this has felt it. You start with some very regular task and end up building a generic tool that could be shared with others — because why not, AI makes it possible in theory, and suddenly your afternoon is gone.
Then there's the flip side. Mario Zechner wrote a wonderfully titled piece — "Thoughts on Slowing Down" — that hit just as hard. What stuck with me most the idea to write the important things by hand — architecture, interfaces, contracts of APIs, the stuff that defines the gestalt of your system. Not because it's efficient when it comes to speed (its not), but because the friction is how you understand what you're building. It's where your experience and taste actually matter.
These two articles are two sides of the same coin: the thrill of keeping up and then, wisdom of slowing down. Trying to stay on top of the wave is both hard and exciting, and reading people who are thinking about it honestly helps.
Supply Chain Attacks Had a Month
March wasn't great for supply chain security.
First, Trivy. One of the most widely used security scanners in the container ecosystem, got hit through its GitHub Actions workflow. This wasn't theoretical for us, we were running the affected version. Our Temo reverse-engineered the full payload and published a detailed malware analysis on our blog. If you use Trivy or any third-party GitHub Actions, it's worth 15 minutes of your time.
On March 24, Daniel Hnyk broke the news that LiteLLM, a widely used Python proxy for calling multiple LLM providers, had been compromised on PyPI. Version 1.82.8 contained base64-encoded instructions to exfiltrate every credential it could find and self-replicate. A simple pip install litellm was enough. Karpathy's thread added the scary context: LiteLLM has 97 million downloads per month, and the contagion spreads to any project that depends on it. The poisoned version was up for only about an hour and was caught because the attacker's code had a bug. If the attacker hadn't vibe-coded their malware, this could have gone undetected for weeks :))
Karpathy's takeaway is worth repeating: every time you install any dependency, you could be pulling in a poisoned package from deep inside its dependency tree. Classical software engineering taught us that dependencies are good, we're building pyramids from bricks. That assumption is being re-evaluated, and fast.
The tools are evolving fast. Claude Marketplace, Cowork mode, "use my computer," openclaw, OpenCode. There's a new one every week and keeping up is a job in itself. What's also interesting, is what's happening in the infrastructure layer. Cloudflare made two moves worth noting. Their new /crawl endpoint lets you crawl an entire website with a single API call (no scripts, no browser management, just content back in HTML, Markdown, or JSON). Great for RAG, training models, and research. And their Code Mode is a clever rethink of how AI should interact with APIs: instead of calling tools one by one through MCP, the AI writes code against a typed SDK. They claim 81% less token usage on complex tasks.
Meanwhile, an Agent Community is working on a .agent top-level domain and open standards for agent discovery, authentication, and capability exchange. We may or may not have already reserved our names :))
And then there's the stuff that makes you stop and stare. Cortical Labs grew 200,000 living human neurons on a silicon chip. They taught the neurons to play Pong. Then Doom. And now someone has wired them into an LLM — real brain cells firing electrical impulses to choose tokens. I don't know what to do with this information except share it :)
Drupal
Drupal is our core stack. We actively contribute to the ecosystem, maintain modules, speak at events, and care deeply about where the project is heading. So naturally, a lot of Drupal content flows through our internal channels, and March was especially packed: it was DrupalCon month, this time in Chicago.
If you missed the Driesnote, it's worth catching up on. Dries articulated something that resonated with all of us: AI is disrupting all three pillars of Drupal. Open source, CMSs, and the agency business model itself. That's not a side effect, that's the foundation shaking. It's scary, and it's an opportunity.
What we especially loved was how he framed Drupal's position: almost every startup or company that begins with a lovable site builder or a WordPress setup moves away the moment they hit real scale. You can't outgrow Drupal's foundation. And the team made an absolutely right call in rethinking when it comes to AI, what belongs inside Drupal and what doesn't. AI for content creators (drafting, translations, alt-text, search) stays inside Drupal, but everything developer-facing (building modules, creating themes, migrations, components) should live outside. Don't try to turn Drupal into an AI platform. Use Claude Code, use agents, manage Drupal from the outside. That's exactly the vision behind our own investment into MCP and similar initiative in Drupal, from 2025 till now.
Drupal AI Module 1.3 dropped this month. If you're interested in where AI and Drupal intersect, the release walkthrough is worth watching by Marcus, tech lead of Drupal AI. Short video, but covers some genuinely useful new capabilities. And on our end, I published on our blog Drupal Gemini Provider 1.0 is Here. The story of taking our Drupal Gemini Provider module from alpha to a stable release, bringing Google's multimodal AI capabilities into Drupal through the AI module ecosystem.
Also worth a look: Mateu Aguiló Bosch from Lullabot has been researching LLM training data for Drupal, which is such a mess (D7 patterns mixed with modern Drupal, deprecated APIs everywhere). Anyone who's used Copilot or Claude for Drupal development knows this pain. He published a new product: Dalia, an agentic code generation app, that uses RAG to inject correct, version-specific Drupal knowledge into Claude Code. It's in private beta now, and we're keeping a close eye on it.
For those keeping an eye on what's next: there's a Drupal AI Summit coming up on May 14 in New York as part of apidays. A full day of sessions on moving AI from pilot to production in Drupal.
Also on Our Radar
These are some of the other things, we shared and discussed across various channels in March. No deep commentary.
Pretext: The Future of Text Layout Is Not CSS — This one broke the internet at the very end of March. Cheng Lou (the creator of React Motion, who's worked on React, Messenger, ReasonML, and is now at Midjourney) released Pretext, a pure TypeScript library that measures and lays out text without touching the DOM, without CSS, without asking the browser anything at all. Hacker News discussion is worth reading.
Rob Pike's 5 Rules of Programming — These are from 1989 and they're still right.
Big Data on the Cheapest MacBook — DuckDB processing serious analytical workloads on a base-model MacBook. If you're still spinning up cloud instances for one-off data analysis, this might change your mind.
Kagi Small Web — A curated index of the independent, human-written web. No SEO farms, no AI slop. The internet we all miss.
Personal Encyclopedias — If you've ever spent a weekend organizing notes into Obsidian or Notion and felt slightly embarrassed about how much you enjoyed it, this article will make you feel seen.
Bucketsquatting Is Finally Dead — One of cloud security's oldest and dumbest problems is finally getting fixed. Good riddance.
Claude Code's binary reveals silent A/B tests — Should developer tools silently experiment on your workflow? Worth reading even if you don't use Claude Code.
Helio AI enters the Armenian market — Georgian-founded AI startup expanding regionally. Always good to see.
Sid Sijbrandij's cancer update — GitLab's co-founder shared a personal update on his health journey. No commentary needed, just respect and well-wishes.
This is what Omedians actually read, watched, shared and discussed this month. Not everything that happened, just what made it through our prism.