Next.js 16.2 adds an AI-ready create-next-app template, dev-server lockfile handling, browser log forwarding, and an experimental Agent DevTools panel. Turbopack updates in the same release include Fast Refresh refinements, WASM Workers, Subresource Integrity support, dynamic import tree-shaking, server-side Fast Refresh for fine-grained HMR, and Web Worker origin handling for WASM libraries. The release is additive for most apps — no required migrations — but teams using experimental streaming or server actions should retest after upgrade. The security backport (CVE-2026-27979, CVE-2026-29057) ships in the same train, so the bump doubles as a security update.