Vladislav Umnov

I’ve spent 19 years in production engineering. The last 3 building AI systems that actually ship. Not demos. Real systems. Real failures. Real numbers. Going to share what I actually learned.

Guys pls help me to understand how to grow linked in for an engineer?

“Why hire you when we have Claude?” Wrong question to ask in an interview. Right signal for the market. Companies that actually think this way will soon learn the difference between generated code and a system that holds under load.

@sachinyadav699 It could exist, but I should be sold somehow. Here’s where the main problem.

Every idea feels taken. Every API already exists. Every SaaS has 12 competitors. So what do we even build now?

@MbarkCherguia on the cat

We are doing a scientific research right now and we need your honest answer (for males only): which coordinates do you piss in?

The real cost of a "smart" monolithic prompt: 1. State lives in the model's head (unreliable) 2. Business logic mixes with language understanding (undebuggable) 3. Every fix creates a new failure mode. It was treating symptoms with prompt patches. The root cause: wrong layer for the wrong job.

What I'd do differently building an AI sales agent: Build the eval system before the agent. Test with AI buyer personas from day one. Know your failure modes before your clients find them. The eval system is not a testing tool. It's a competitive moat

@AiCamila_ @IamAroke Also a documentation

@IamAroke they design the contract 🤝 endpoints, request/response formats, auth, versioning… basically making sure backend ↔ frontend speak the same language

Who is suppose to connect an API to the frontend? 1. Backend Developer 2. API Developer 3. Frontend Developer

@javilopen Sometimes I do that when learning a new technology or language. I also solve LeetCode problems to keep my mind sharp.

Serious question: Is there any programmer left in the room still coding the traditional way, character by character, without using AI? If so, why? Explain your reasoning.

@NoahKingJr Send him d-pick?

If Elon Musk followed you, what's your next move?

@Govindtwtt What’s wrong if it works?

99% of vibe coded websites look like this

@byteHumi @claudeai @jhaochenz @TrentonBricken Received it today.

new achievement unlocked !! can I atleast get a clarification why I am banned from claude code

@eatliverbro The trick is treating it like a mid dev who never gets tired and works in 5 parallel threads. I run multiple Claude Code sessions simultaneously on different parts of the codebase. You don't need it to have taste. You need it to execute within boundaries you set.

Giving a coding task to an LLM is like delegating to a mid dev. You know they might misunderstand. You know they lack engineering taste. You know you are forfeiting your own understanding. But you do it anyway, because you need to scale. Just manage the tradeoff well.

@rocklambros Built an AI agent handling 3,000+ daily conversations. The first thing we learned: never let the model decide what URLs to visit or what tools to call without a whitelist. Sandboxing LLM outputs is the real engineering work nobody talks about.

Prompt injection vulnerabilities surged 540% year-over-year. HackerOne's data shows real researchers finding real exploitable conditions in production AI systems—not theoretical edge cases. The uncomfortable truth: Your AI agents read the web. The web is the attack surface.

@rishikeshbiz This is why I use a finite state machine to control every LLM call in production. Each state has a token budget, a timeout, and a fallback. No open-ended "chat with the AI" loops. Boring? Yes. But my bill stays predictable.

@karpathy run AI agents that auto-install packages from LLM suggestions. Had to build a whitelist after one tried to pip install a typosquatted package at 3am. Supply chain security is the unsexy problem that will define AI tooling.

New supply chain attack this time for npm axios, the most popular HTTP client library with 300M weekly downloads. Scanning my system I found a use imported from googleworkspace/cli from a few days ago when I was experimenting with gmail/gcal cli. The installed version (luckily) resolved to an unaffected 1.13.5, but the project dependency is not pinned, meaning that if I did this earlier today the code would have resolved to latest and I'd be pwned. It's possible to personally defend against these to some extent with local settings e.g. release-age constraints, or containers or etc, but I think ultimately the defaults of package management projects (pip, npm etc) have to change so that a single infection (usually luckily fairly temporary in nature due to security scanning) does not spread through users at random and at scale via unpinned dependencies. More comprehensive article: stepsecurity.io/blog/axios-com…

@Yuchenj_UW I run 4-5 Claude Code terminals in parallel daily. Open sourcing it is the right call. The best AI tools win by ecosystem, not secrecy.

Breaking: Theo bullied Anthropic into open-sourcing Claude Code.

Most AI startups will die not because their models are bad, but because they never built an eval pipeline. Getting a demo to work takes a weekend. Knowing when your AI is wrong at scale takes months.

The biggest lie in AI: "just use better prompts." I built an agent handling 3,000+ daily conversations. The fix was never the prompt. It was a finite state machine controlling LLM outputs. Boring engineering solving exciting problems.

React or vue? And why?

@TTrimoreau Ideally it should be covered by tests as it’s a critical functionality and we always must be sure that it works 😁

@umnovation Sometimes we forgot about the checkout works and it happened to me one time 😅

You just launched your SaaS. You’re getting traffic… but no one is buying. You can only choose one move: -Lower pricing -Improve landing page -Talk to users -Add features What are you doing? 👇