archimydes

@MohapatraHemant This is exactly right - AI ROI is mostly an integration problem. You get it by embedding forward-facing engineers into business functions to redesign workflows and deploy agents across sales, marketing, CS. The ‘AI replaces engineers’ take misses how adoption actually happens.

From Microsoft Frontpage to @Lovable – we have been talking about not needing engineers anymore, and only one thing has ever happened: we have needed more engineers! Every time we “simplify” software creation, we don’t eliminate engineering – we expand the surface area of what’s possible. The same thing is happening with AI.

Biggest open question: Productivity is up, but what happens to mentorship and deep engineering craft? For those building with AI every day: how are you preserving real apprenticeship while tools like @claudeai or @cursor_ai explode across your teams?

A few takeaways that mirror what we’re seeing at Archimydes: 1) AI as collaborator, not replacement 2) Only 0–20% of tasks can be fully delegated 3) Devs becoming more “full-stack”, crossing infra / frontend / new codebases 4) ~25% of AI-assisted work is truly “net new”

AI isn’t “coming for engineering jobs” as much as it’s rewiring how engineers work. @AnthropicAI studied 132 of their own engineers using Claude day-to-day. Rough headline: AI is in ~60% of their work, ~2x 2024, with ~50% reported productivity gains. anthropic.com/research/how-a…

Before your AI writes a single line of Python, it takes 15 hidden mental steps. Researchers just mapped the entire "thought process"—and it's wild. Here's the complete breakdown 🧠👇 🗂️ PHASE 1: REQUIREMENTS GATHERING The AI isn't just reading your prompt. It's: TSK - Identifying the core task CTX - Understanding code context (variables, functions, types) CST - Spotting constraints (performance, recursion, input limits) 🧩 PHASE 2: SOLUTION PLANNING Now it strategizes: KRL - Recalls libraries/patterns from training data CFL - Constructs control flow (loops, branches, logic) CMP - Compares alternative approaches AMB - Flags ambiguous/missing info This is where smart prompts = better code. ⚙️ PHASE 3: IMPLEMENTATION Two substeps: SCG - Scaffold Code Generation (rough draft/pseudocode) CCG - Complete Code Generation (final output) Fun fact: 30% of AI responses skip this phase entirely in the reasoning trace. 🔍 PHASE 4: REFLECTION The AI reviews its work: UTC - Creates unit tests ALT - Explores post-hoc alternatives EGC - Identifies edge cases FLW - Spots logical flaws STY - Checks code style SFA - Self-asserts "this is correct" Here's the kicker: Not all 15 steps happen every time. The study found 5 common "reasoning patterns" (combos of steps). The MOST successful pattern (FP1)? TSK→CTX→CST→KRL→CFL→CMP→AMB→SCG→CCG→ALT→EGC→SFA It's a complete human-like workflow. But simpler tasks use simpler patterns. Example: Self-contained functions skip: ❌ Ambiguity recognition (AMB) ❌ Alternative exploration (ALT) ❌ Edge case checks (EGC) The AI adapts its reasoning depth based on task complexity. Which step matters MOST for correct code? 📊 Analysis of 1,150 traces shows: 🥇 UTC (Unit Test Creation) - Strongest positive correlation 🥈 CCG (Complete Code) - Necessary for success 🥉 SCG (Scaffold) - Helps catch logic errors early Which steps HURT performance? 🔻 CST (Constraint ID) - Negative correlation 🔻 AMB (Ambiguity Recognition) - Negative correlation 🔻 CMP (Solution Comparison) - Negative correlation Why? They signal unclear prompts → bad assumptions → wrong code. Real-world example: When tasked with validating IP addresses, Qwen3-14B: Identified task (TSK) Recalled regex patterns (KRL) Planned validation logic (CFL) Generated test cases (UTC) Wrote final code (CCG) Self-asserted correctness (SFA) Result? ✅ Passed all tests. Understanding these 15 steps lets you: ✅ Write prompts that trigger the RIGHT reasoning ✅ Spot when AI is stuck in bad patterns ✅ Improve code quality by 10-15% Bookmark this thread 🔖

Good Products are Opinionated. “Every great founder I’ve seen up close, or even from afar, is highly opinionated and they’re almost dictatorial in how they run things. Also, early-stage teams are opinionated. And the products they build are opinionated. Opinionated means they have a strong vision for what it should and should not do. If you don’t have a strong vision of what it should and should not do, then you end up with a giant mess of competing features. @Jack Dorsey has a great phrase: “Limit the number of details and make every detail perfect.” And that’s especially important in consumer products. You have to be extremely opinionated. All the best products in consumer-land get there through simplicity. You could argue the recent success of ChatGPT and similar AI chatbots is because they’re even simpler than Google. Google looked like the simplest product you could possibly build. It was just a box. But even that box had limitations in what you could do. You were trained not to talk to it conversationally. You would enter keywords and you had to be careful with those keywords. You couldn’t just ask a question outright and get a sensible answer. It wouldn’t do proper synonym matching, and then it would spit you back a whole bunch of results. That was complicated. You’d have to sift through and figure out which ones were ads, which ones were real, were they sorted correctly, and then you’d have to click through and read it. ChatGPT and the chatbot simplified that even further. You just talk to it like a human—use your voice or you type and it gives you back a straight answer. It might not always be right, but it’s good enough, and it gives you back a straight answer in text or voice or images or whatever you prefer. So it simplifies what we looked at as the simplest product on the Internet, which was formerly Google, and makes it even simpler. And you just cannot make a product that’s simple enough. To be simple, you have to be extremely opinionated. You have to remove everything that doesn’t match your opinion of what the product should be doing. You have to meticulously remove every single click, every single extra button, every single setting. In fact, things in the settings menu are an indication that you’ve abdicated your responsibility to the user. Choices for the user are an abdication of your responsibility. Maybe for legal or important reasons, you can have a few of these, but you should struggle and resist against every single choice the user has to make. In the age of TikTok and ChatGPT, that’s more obvious than ever. People don’t want to make choices. They don’t want the cognitive load. They want you to figure out what the right defaults are and what they should be doing and looking at, and they want you to present it to them.”

just created an MCP server to get some silly stats from your Apple Photos library about last year ✨ link in next tweet, would love to add more features, open to PRs and suggestions!

With or without AGI/ASI - we are moving towards a quadrillion dollar world…

@signulll Published an essay on a similar topic on Sunday: "Computational Thinking is the New Literacy" unknownarts.co/p/computationa…

Worth a read for anyone hiring for AI/ML roles in India

1/ A few months old, but a great keynote to come back to every now and then by @rao2z dissecting LLMs like GPT-4 . In particular can they reason or plan? Here’s a breakdown 🧵👇 youtube.com/watch?v=0E9BbA…

(7/7) Over this week we have gone through example scenarios and mitigations for each code related OWASP vulnerability, which we hope has been helpful. Find the full article here, which includes a second example of a broken access contol vulnerability - archimydes.substack.com/p/secure-code-…

(6/7) Mitigations 3: - For longer-lived tokens, it's imperative to implement token revoke functionality to invalidate them anytime they get compromised or are not needed anymore, and also before their expiration time

(1/7) Broken Access Control occurs when a malicious actor bypasses access control and gains access to admin screens, databases, or business critical components. Let’s break this down further into an example scenario with possible mitigations for this vulnerability: 👇

(8/8) In tomorrow's tweet we will examine Broken Access Control examples and mitigations. Find the full article here, where we explore examples of code related OWASP vulnerabilities!! archimydes.substack.com/p/secure-code-…

(7/8) Mitigations 2: - Implement shorter session timeouts - Implement multi-factor authentication for admin accounts - Always use secure credentials (use password managers to generate one) and avoid default values, particularly for admin users

(4/8) Scenario 2: Login API of an app returns whether the credentials are valid. There are no penalties implemented when wrong credentials are tried out (eg. accounts are not locked after x attempts).