Morning Brief
2026-04-11 · 16 sources
Three new drops today: Nate turns Claude Code into a luxury web agency with Seedance 2.0, Chris Koerner pitches vibe-coded calculator sites as the last gold rush, and Matt Wolfe keeps poking at whether Claude Mythos is real or just Anthropic flexing.
What Creators Are Saying
Nate Herk | AI Automation
Nate shows you how to fake a $100k agency video shoot with AI and ship it as a live website in one Claude Code session — this is the tutorial you actually want.
1 videos
Seedance 2.0 + Claude Code Creates $10k Websites in Minutes
Generate cinematic AI video, then ship a website around it.
Watch this if you want Nate's exact recipe for producing luxury-brand websites end-to-end using Claude Code as the orchestrator — no video crew, no Figma, no frontend team.
details
What it is: A full pipeline where Claude Code writes video prompts, a generative-video tool (Higgsfield / Seedance 2.0) produces the footage, and Claude Code then builds the marketing site around those clips — all inside VS Code.
How it works:
- Open VS Code with Claude Code attached as the chat interface in the middle pane
- Ask Claude Code to draft cinematic video prompts for your product (example builds: AirPod Max site, a car-in-the-desert site, "Herk Advisory Group" dashboard site)
- Paste the prompts into Higgsfield / Seedance 2.0 to generate the hero shots (car rotating, engine close-ups, canyon drone shots)
- Pull the clips back into the project folder
- Tell Claude Code "build me a website for this" — it wires up the scroll-triggered backgrounds, animated word transitions, tilt effects, and embedded mini-dashboards
- Deploy as a live site
Tools & links:
- Claude Code — the orchestrator for both prompt generation and site build
- Visual Studio Code — Nate's preferred harness for Claude Code
- Seedance 2.0 — generative video model referenced in the title
- Higgsfield — video generator Nate actually demos on screen
- Nate's Skool community: AI Automation Society Plus and the free community
- Nate's agency: uppitai.com
Why it matters for you: This is exactly the instructional-heavy Nate content you care about — a named stack (Claude Code + Higgsfield/Seedance + VS Code), three reference builds to clone, and a reproducible loop. The trick worth stealing: using Claude Code as the *prompt author* for another AI tool before it ever writes code, a pattern that transfers directly to any multi-model workflow you're building.
7 previously covered
NetworkChuck
Nothing new.
Cole Medin
Nothing new.
Chris Koerner on The Koerner Office Podcast
Chris says the vibe-coded calculator site window is closing fast — a paycheck calculator clone is pulling 700k visits/month and six figures in AdSense for zero maintenance.
1 videos
The Most Passive Online Side Hustle I've Ever Seen
Vibe-code dumb calculator sites, farm AdSense, retire.
Watch this if you want a concrete side-hustle idea where the moat is distribution-through-SEO, the build is one afternoon of Replit/Claude prompting, and the monetization is literally just pasting an ad tag.
details
The idea: Build single-purpose utility sites — calculators, quizzes, generators — that rank on Google for high-intent keywords, then monetize with display ads. Low maintenance, no employees, no support load.
The proof points Chris drops:
- A single paycheck calculator site: ~700k unique visitors/month, valued ~$1.1M on ad revenue alone
- A calorie calculator site: 456k organic visits/month, six figures in ad revenue
- Ahrefs shows ~36,000 distinct keyword clusters containing the word "calculator" — mortgage, compound interest, ovulation, pregnancy, VA loan, 15-year mortgage, etc.
- This is NOT winner-take-all — multiple mortgage-calculator sites each pull hundreds of thousands to millions of visits
How he builds one in the video:
- Pick a niche keyword cluster with search volume but weak incumbents
- Vibe-code the calculator logic + landing page (tool of choice in this episode is Hostinger's stack, but Replit / Claude / Cursor all work)
- Slap on AdSense (or a higher-RPM network like Mediavine/Ezoic once traffic hits thresholds)
- Ship and ignore
Tools & links:
- Hostinger — sponsor, used for hosting (code KOERNEROFFICE for 10% off)
- Ahrefs — keyword research, the "36k calculator clusters" stat
- Google AdSense — the monetization layer
- TKOPOD.com — Chris's newsletter
- TKOwners.com — his paid community
The window: Chris explicitly says 2–5 years from now this won't work — incumbents will have saturated every keyword and Google will have absorbed more queries into AI Overviews. Right now is the gap where non-coders can still ship fast enough to grab ranking before the pros do.
Why it matters for you: This hits your side-hustle interest cleanly — the idea is a single-utility site, the execution is literally "prompt an AI, deploy to a host, add an ad tag," and the time-to-first-dollar is weekend-scale. The instructional secret: pick the calculator *nobody has built yet* in a niche with proven search volume, not the tenth mortgage calculator.
Codie Sanchez
Nothing new.
A Life Engineered
Nothing new.
1 previously covered
Alex Ziskind
Nothing new.
Matt Wolfe
Matt thinks Claude Mythos is half marketing flex, half legitimately terrifying — and he's fine with Anthropic hoarding it until defenders patch up.
2 videos
Is Claude Mythos A Marketing Ploy?
Matt's 90-second take: kind of, but also warranted.
Skip unless you want Matt's gut-check one-liner on whether Anthropic's "too dangerous to release" narrative is hype — he lands on "little bit of marketing, but actually the right call."
details
What it is: A short riff where Matt questions whether Anthropic's Mythos "too powerful to release" framing is a capital-raising / positioning move, the way OpenAI once claimed GPT-2 was too dangerous.
His take:
- Yes, there's a marketing tailwind — calling your model "too dangerous" makes you look like the frontier lab and helps raise money
- But unlike the GPT-2 moment, this one is actually warranted — a model that can chain vulnerabilities in OpenBSD/FFmpeg at the level Mythos reportedly can would let bad actors field-day every consumer product
- He'd rather Apple, Microsoft, Nvidia, Cisco, CrowdStrike get locked down *before* this class of model hits the open market
Tools & links:
- Anthropic — the lab behind Mythos
- No repos, no demos — this is a pure opinion clip
Why it matters for you: As someone shipping web apps, the relevant signal is: the next 6–12 months will have a stealth security race where defenders get early access to offensive-grade models before attackers. Plan patch cycles accordingly, and assume any dependency with a long CVE tail (image/video libs, auth middleware, OS primitives) is about to get audited hard.
Claude Mythos Explained
Anthropic's unreleased model and the Project Glass Wing rollout.
Watch this if you want the actual details on Claude Mythos and Project Glass Wing — which security-focused companies got early access and why Anthropic is gating it.
details
What it is: An explainer on Claude Mythos, Anthropic's unreleased frontier model, and Project Glass Wing — the private-access program giving select cybersecurity teams early access so they can patch vulnerabilities before a model of this class hits general availability.
The headline capabilities:
- Mythos Preview reportedly found a 27-year-old vulnerability in OpenBSD, one of the most security-hardened OSes
- Found thousands of high-severity bugs across major operating systems and browsers
- Found bugs in FFmpeg that 5M+ automated tests missed (a 16-year-old bug)
- Can *chain* multiple small vulns into full exploit paths — elite-human-hacker behavior
Benchmarks vs Opus 4.6 (per Anthropic's paper):
- SWE-bench: Opus 80.8% → Mythos 93.9%
- Cybersecurity vulnerability reproduction: Opus 66.6% → Mythos 83.1%
- SWE-bench Pro: +24 percentage points over Opus 4.6
- Terminal Bench: +17 percentage points
- SWE-bench Multimodal: roughly double
Project Glass Wing: Not "anyone in the partner company" — access is gated to cybersecurity specialists at a handful of named partners. Goal: get defenders ahead of attackers before a similarly capable model leaks or gets released elsewhere.
Tools & links:
- Anthropic — the lab
- Anthropic's Mythos system card / announcement — the 245-page paper Matt references
- FutureTools.io — Matt's newsletter and tool directory
Why it matters for you: For your web apps specifically, the practical implication is: audit your dependency tree *now*. Any library older than a few years that handles parsing, media, auth, or network I/O is a candidate for the kind of vulns Mythos is surfacing. Pin versions, turn on automated CVE scanning (Dependabot, Snyk, or GitHub Advanced Security), and assume "battle-tested" no longer means "safe from AI-assisted auditing."
What Shipped
claude-code
New team onboarding command, enterprise TLS, many resume fixes.
Critical bug fixes for --resume context loss and a command injection CVE mean upgrading is non-optional if you rely on Claude Code daily.
details
What changed:
- New `/team-onboarding` command generates teammate ramp-up guides from your local Claude Code usage
- OS CA certificate store now trusted by default — enterprise TLS proxies work out of the box (opt out with `CLAUDE_CODE_CERT_STORE=bundled`)
- `/ultraplan` and remote-session features auto-create a default cloud environment instead of requiring web setup
- Brief mode retries once when Claude returns plain text instead of structured output
- Focus mode now writes more self-contained summaries
- Rate-limit retry messages show which limit was hit and when it resets
- `claude -p --resume <name>` accepts session titles from `/rename` or `--name`
- Unrecognized hook event names no longer nuke the entire `settings.json`
- SDK `query()` properly cleans up subprocess/temp files on `break` or `await using`
Critical fixes:
- Command injection vulnerability patched in POSIX `which` fallback used by LSP binary detection
- Memory leak where long sessions retained dozens of historical message-list copies
- `--resume`/`--continue` losing context on large sessions by anchoring on dead-end branches
- `--resume` bridging into unrelated subagent conversations
- Crash on `--resume` when persisted Edit/Write tool results missing `file_path`
- Hardcoded 5-minute request timeout that ignored `API_TIMEOUT_MS` (killed local LLMs, extended thinking, slow gateways)
- `permissions.deny` rules not overriding PreToolUse hook `permissionDecision: "ask"` — hooks could downgrade a deny into a prompt
- `--setting-sources` without `user` ignoring `cleanupPeriodDays` and deleting old conversation history
Breaking changes:
- None explicitly called out, but behavior changes worth noting: OS CA store is now trusted by default (set `CLAUDE_CODE_CERT_STORE=bundled` to revert), and sensitive OTEL span attributes now require explicit opt-in via `OTEL_LOG_USER_PROMPTS` / `OTEL_LOG_TOOL_DETAILS` / `OTEL_LOG_TOOL_CONTENT`
Links:
Why it matters for you: If you're building apps with Claude Code in the loop, the `--resume` context-loss and command-injection fixes alone justify upgrading today — plus the hardcoded 5-min timeout fix unblocks extended thinking and local LLM workflows.
