10 interesting stories served every morning and every evening.

Swipe left to beginPress right arrow to begin

Safeguarding Your Website — BigScoots

dronexl.co

661 shares · 42 trendiness

We’re checking if you’re a real person and not an automated bad bot. Usually, the captcha below will complete itself. If it doesn’t, simply click the checkbox in the captcha to verify. Once veriﬁed, you’ll be taken to the page you wanted to visit.

If for some reason after verifying the captcha above, you are constantly being redirected to this exact same page to re-verify the captcha again, then please click on the button below to get in touch with the support team.

Read more Read the original on dronexl.co →

Read the original on dronexl.co →

6.0.0

brew.sh

592 shares · 172 trendiness

Today, I’m proud to announce Homebrew 6.0.0. The most significant changes since 5.1.0 are a new tap trust security mechanism, the new faster, smaller, default internal Homebrew JSON API, sandboxing on Linux, better defaults informed by our user survey, many brew bundle improvements, improved performance and initial support for macOS 27 (Golden Gate).

✨ Highlights since 5.1.0

🔐 Tap trust

Homebrew 6.0.0 introduces tap trust. A third-party tap can contain arbitrary, unsandboxed Ruby that runs on your machine, so Homebrew now requires taps (and tap-qualiﬁed formulae and casks) to be explicitly trusted before their code is evaluated or run. This reduces the risk from malicious or compromised taps while leaving the ofﬁcial Homebrew taps trusted by default. See the new Tap-Trust documentation for details.

Homebrew enforces initial tap trust so untrusted taps are ﬂagged before their code runs, trusts qualiﬁed tap items before install, stops auto-tapping untrusted taps, pins tap allow, forbid and trust lists to remotes and uses tap trust when evaluating all formulae and casks.

brew tap gains commands for managing tap trust, can trust a tap by its remote URL, brew trust adds a –json=v1 ﬂag and brew tap-info adds a trusted ﬁeld.

brew bundle honours the trusted: option and brew bundle dump records trusted bundle entries, marking custom-remote taps as trusted.

docs.brew.sh has new pages, including Tap-Trust, explaining Homebrew’s new tap trust model, and Homebrew trusts taps in test-bot.

⚡ Default internal JSON API

The internal JSON API is now the default, advancing the smaller API that Homebrew re-enabled and turned on for developers recently. It combines all Homebrew’s metadata into a single download, so brew updates faster and talks to the network less. It was opt-in via HOMEBREW_USE_INTERNAL_API since 5.0.0; that variable is now deprecated (see below).

🐧 Linux sandbox

The Linux Bubblewrap sandbox aligns Linux with macOS, where build, test and postinstall phases already run sandboxed. It is on by default for developers, Homebrew moved its macOS sandbox logic to share code, improved Linux sandbox behaviour (with Homebrew/homebrew-core setting the sandbox env in CI), hardened sandboxed install phases, sandboxed cask executable hooks, allowed logs in the build sandbox, installed Bubblewrap on hosted Ubuntu and skips sandbox setup for syntax-only jobs.

⚙️ Better defaults

Following our Homebrew user survey, we have made many changes based on the results. The most notable is making ask mode the default for developers, so brew install and brew upgrade show a dependency summary and conﬁrmation prompt before making changes.

Homebrew adds ask dependency plans and cask support, accepts one-key ask conﬁrmations and aligns ask dry-run prompts.

Homebrew fetches ask upgrades together, prints the ask upgrade summary sooner, skips the upgrade ask prompt when empty, adds a ﬁnal brew upgrade summary and explains the upgrade metadata fetch.

📦 brew bundle

brew bundle gains many improvements, most notably parallel formula installation that now runs jobs automatically by default, plus npm and krew extensions, wider cleanup support and, on Windows, winget support.

Homebrew adds cleanup support to npm, cargo, go and uv extensions and asks before removing during cleanup.

Homebrew runs brew bundle krew via kubectl-krew directly, respects CARGO_HOME and friends for cargo, adds a –describe ﬂag to brew bundle add and tries mas install before falling back to mas get.

Homebrew adds bundle type disable ﬂags, improves check guidance and checks formula link status.

Homebrew serialises formula locks, makes non-core DSLs a single ﬁle, removes description comments from brew bundle/remover and avoids parsing the output of brew services list.

brew bundle performs npm installs more securely.

🏎️ Performance

Homebrew is faster across the board, with startup performance tweaks, a ~30% faster brew leaves, parallelised bottle tab fetching on upgrade and less work loading Ruby libraries at startup.

🍎 macOS 27 (Golden Gate)

Homebrew adds initial support for macOS 27 (Golden Gate).

🔮 Upcoming changes

macOS 27 (Golden Gate) drops Intel support, so per our Support Tiers: in September 2026, macOS Intel x86_64 moves to Tier 3 with no CI support and no new bottles (binary packages) built for macOS Intel; in September 2027, macOS Intel x86_64 will be unsupported entirely and all related code deleted.

The master to main migration begun in 4.6.0 continues: more repositories no longer update master, GitHub Actions warn @master users to migrate to @main and the sync-default-branches workﬂows are removed from Homebrew/homebrew-cask and Homebrew/homebrew-core.

Casks that fail macOS Gatekeeper checks, deprecated in 5.0.0, remain on track to be disabled in September 2026.

🔒 Security

🚨 Security advisories

Homebrew published three security advisories:

The POST download strategy bypassed the documented HTTPS-to-HTTP redirect protection by discarding the resolved URL (GHSA-7699-qf8c-q47m), ﬁxed by enforcing secure redirects.

Root code execution was possible via Git hooks in the macOS .pkg postinstall (GHSA-6689-q779-c33m), ﬁxed by cleaning Homebrew git state and replacing the installer git directory.

The macOS installer package trusted a user-controlled /var/tmp plist and could assign Homebrew ownership to a local attacker (GHSA-59v8-x8q4-px5c), ﬁxed by tweaking the macOS .pkg package-user plist handling.

🛡️ Other security improvements

Homebrew ﬁlters sensitive environment variables during Ruby evaluations and defers HOMEBREW_* environment secrets to download time.

Homebrew runs forbidden checks for casks and formulae before download and lets you require checksums for casks with HOMEBREW_CASK_OPTS_REQUIRE_SHA.

Homebrew links to a shared security policy.

🗑️ Deprecations

Homebrew deprecates default opt-ins.

Homebrew deprecates now-default bundle and internal API environment variables such as HOMEBREW_BUNDLE_NO_SECRETS and HOMEBREW_USE_INTERNAL_API.

Homebrew marks unused options for deprecation.

Various other Homebrew 6.0.0 deprecations.

Homebrew’s SBOM support is now opt-in with HOMEBREW_SBOM.

🎁 Features

🖥️ Casks

Homebrew can pin casks and supports casks in brew missing.

Homebrew adds AppImage support for Linux and implements a Linux freedesktop trash for casks.

Homebrew improves cask upgrades by sharing upgrade download queues, moving upgrade summaries before fetch, adding a quit opt-out and reopening closed apps during upgrade.

Homebrew improves auto_updates casks: improving how they update, reﬁning the behaviour further, gating auto-updates behind opt-in and upgrading them when the bundle version is stale.

cask adds a generate_completions_from_executable DSL artifact and includes resolved artifact targets in JSON output.

Homebrew shows a cask version transition in per-cask upgrade output, skips valid cached cask fetches, speeds up cask backup copies and has caskroom use the user’s primary group on Linux.

brew doctor and brew cleanup handle corrupt Caskroom directories.

💻 Operating system support

Homebrew makes Linux cask requirements explicit, aligns cask macOS dependencies, supports bare depends_on :macos in casks, tracks macOS support explicitly and emits Linux variations for casks with Linux checksums.

Homebrew adds a maximum macOS for cask dependencies. Homebrew/homebrew-cask adopts the new depends_on maximum_macos: syntax and ﬁxes its macOS dependencies in Homebrew/homebrew-cask and Homebrew/homebrew-core.

Homebrew adds M5 and M5 Pro/Max CPU recognition and caps the OCLP tier when macOS is outdated.

Homebrew labels WSL analytics, shows the Windows build on WSL in brew conﬁg and moves the wsl? boolean from OS::Linux up to the OS module.

🚰 Taps

Homebrew recognises more equivalent tap remote forms, ignoring a .git sufﬁx when matching GitHub remotes and consolidating tap remote normalisation. (and more)

Homebrew handles formulae and casks more uniformly across commands, installs explicitly requested taps and stops implicit tap installation.

Homebrew uses worktrees for local core taps and blocks worktree updates.

Homebrew shares full-name parsing helpers and uses full-name helpers for split names.

ℹ️ brew info and brew tap-info

brew info output is clearer: more consistent and helpful, with a Binaries section listing executables, a clearer recursive runtime dependencies line, clearer same-named conﬂicts and shadowed formulae and a list versions JSON output.

brew info shows installed state better: the upgrade target for outdated @-versioned formulae, installed dependents with –verbose, deprecated and disabled packages in install status, installed formulae resolved from the receipt’s tap with a shadowing warning, the installed version and an upgrade hint on the headline, other installed versions and an installed info inventory.

brew info and brew tap-info skip the uninstalled marker when not a problem, show more tap info for packages and brew tap-info lists formulae and casks.

brew which-formula shows install status and Homebrew shows quarantine script usage.

🆕 New commands, ﬂags and output

brew exec is a new command, like npx, that supports formulae environments.

brew as-console-user is a new command for running Homebrew as the right user under MDM/root environments and brew update <formula> is aliased to upgrade.

Homebrew tidies help and completions: omitting aliases from completions, hiding HOMEBREW_CASK_OPTS_* from help, hiding maintainer commands and hiding hide_from_man_page commands from brew commands.

Homebrew avoids install warning annotations and warns when formula executables are shadowed on PATH.

🧊 Cooldowns, livecheck and bumping

Homebrew adds download cooldowns for Bundler, RubyGems livecheck, npm and pip defaults, PyPI resource resolution and npm and PyPI in bump to avoid upstream supply-side security risks.

Homebrew prints bump skip status, messages and errors and checks RubyGems licences.

Homebrew respects livecheck throttle days in audit, adds livecheck throttling by days and speeds up the formula throttle days check.

⬇️ Downloads and fetching

brew fetch –all-platforms fetches every variant, Homebrew prints download error details when using concurrency, preserves partial downloads on network errors, avoids cached manifest downloads and hints when a download is HTML, not a binary.

Homebrew avoids redundant Caskroom chgrp.

🛎️ Services

Homebrew starts systemd timers for services, creates service path directories automatically (with Homebrew/homebrew-core adopting the new service path creation logic) and audits redundant service path setup.

brew services no longer fails to load with –sudo-service-user.

🧪 Formulae and packaging

Homebrew adds the VCS revision as scm_revision in the tab, supports in-repository patch ﬁles, supports CPS metadata directories and includes patches in formula to_hash.

Homebrew respects installed dependents during autoremove and cross-checks autoremove candidates against formula definitions.

🪜 Install steps framework

The install steps framework expresses common postinstall, preﬂight and postﬂight behaviour as ordered, literal-only DSL data that is exposed through the JSON APIs. Where a formula or cask only does simple ﬁle preparation, it no longer needs to download and evaluate a Ruby ﬁle at install time. Homebrew adds formula install steps, cask install steps, an audit for formula install steps, install step rebuild actions, rebuild step methods, rebuild step RuboCop checks and an audit of cask ﬂight step conversions; homebrew/core and homebrew/cask adopt the new DSLs (post_install_steps, postinstall and ﬂight steps). In homebrew/core and homebrew/cask this covers a large share of post_install and *ﬂight blocks (creating directories, touching markers, moving and symlinking ﬁles), with more operation types planned.

🔀 Other changes

brew vulns is a new Homebrew tap and subcommand that checks installed packages for known vulnerabilities 🔒.

Homebrew warns for Nix-managed Homebrew.

🧹 Internals, typing and refactors

Homebrew replaces brew which-update, uses an AST for source rewrites and enforces public API visibility and docs.

Homebrew reworks command parsing: parser subcommand scaffolding, converting the bundle, services and remaining subcommands, scoping subcommand option constraints and usage help, and no longer restricting global options to subcommands.

Homebrew limits Sorbet runtime defaults and limits recursive Sorbet in test-bot.

🛠️ Continuous integration and developer tooling

The Ubuntu 24.04 CI migration ﬂagged in 5.1.0 for 6.0.0 has now landed, raising the Linux baseline.

Read more Read the original on brew.sh →

Read the original on brew.sh →

Data retention practices for Mythos-class models

support.claude.com

585 shares · 25 trendiness

All Collections

Team and Enterprise plans

Security and compliance

Data retention practices for Mythos-class models

Updated today

Table of contents

To ensure we’re responsibly deploying Mythos-class models, we are requiring limited data retention and review as part of our safety work. Prompts submitted to, and outputs generated by, Mythos-class models are retained for 30 days for trust and safety purposes, on every platform where these models are offered.

This applies to Mythos-class models and future models with similar capabilities that we designate as covered models. For all other models, everything you use is unaffected and stays under the current terms.

This policy, described below, goes into effect on June 9, 2026. For more information on the threat model for retained data and associated privacy controls, please see the corresponding technical white paper on our Trust Center.

Who this applies to

Consumer plans (Claude Free, Pro, and Max) across our web, desktop, and mobile apps—including Claude.ai and Claude Code—are unaffected by this update, since we already retain inputs and outputs for safety purposes on these surfaces. Learn more about how we retain data for consumer plans.

Why we’re doing this

Claude Mythos 5 represents a substantial increase in model capabilities, some of which can be used for both benign and malicious purposes. Claude Fable 5 shares the same underlying model as Claude Mythos 5, but with additional safeguards, particularly in the cyber and bio domains. While these safeguards allow us to share this intelligence more broadly, we are taking a conservative approach that allows us to look for patterns of misuse with this class of model. Some attacks only become visible across multiple requests. Best-of-N jailbreaking, for example, sends hundreds of slight variations of a prompt in the hope that one will work. Larger patterns of misuse, such as state-sponsored espionage or data extortion campaigns, only surface when our safeguards classiﬁers can zoom out across many requests. Detecting these threats requires temporarily retaining prompts and outputs so they can be analyzed together, rather than one at a time.

How we protect your data

Anthropic employees cannot access your conversations unless they are ﬂagged for potential serious harm or upon a customer’s written request. These reviews can only be performed by a small set of approved reviewers through tooling that prevents export, copying, or downloading. Every instance of access is recorded in a tamper-proof log that reviewers cannot suppress or modify. After 30 days, the data is deleted automatically, except in the rare cases where it’s part of a safety investigation or we’re legally required to keep it. Eligible organizations also have the option to add customer-managed encryption keys and access transparency audit logs.

Anthropic maintains a documented information security program with technical and organizational measures that are designed to protect the security, conﬁdentiality, and integrity of customer data. Our risk-based program is built for and evolves to defend against known and anticipated threat models and is tested regularly. For more information, see the technical white paper in our Trust Center.

What, if anything, do I need to conﬁgure?

This change only applies to organizations that have set up workspaces with zero data retention (ZDR) in Claude Console, use Claude Code with ZDR in Claude Enterprise, or access Claude through AWS Bedrock, Google Cloud Agent Platform, or Microsoft Foundry with ZDR. For all other organizations, there is no change and there’s nothing to conﬁgure. The rest of this section is for organizations that access Claude without data retention today and need to set up data retention in order to use designated models when they become available.

If your developers use the Claude API

If your team uses Claude Code

If your team uses Claude chat or Cowork through Claude for Enterprise

Public Sector FAQs

Use Claude for Microsoft 365 with third-party platforms

Real-time cyber safeguards on Claude

Covered Models

Covered Models under a Business Associate Agreement (BAA)

Read more Read the original on support.claude.com →

Read the original on support.claude.com →

Cybersecurity researchers aren’t happy about the guardrails on Anthropic’s Fable

techcrunch.com

579 shares · 25 trendiness

Anthropic released its latest model Fable on Tuesday, billing it as a public and limited version of its powerful and much-hyped cybersecurity model Mythos.

But not everyone is happy with the restrictions, and a number of cybersecurity researchers and professionals have aired complaints online.

“[Fable] rejects any request that could be tangentially cyber related. Even innocuous tasks like reading a blog post,” said Valentina “Chompie” Palmiotti, a well-known security researcher who works at IBM X-Force.

When a prompt triggers its guardrails, Fable pauses the chat and says that its “safety measures ﬂagged this message for cybersecurity or biology topics.”

The guardrails were put in place to limit the risk that Fable could be used to develop malware or compromise software — a long-standing concern within Anthropic. The restrictions on biology come from a similar concern around developing biological weapons.

When the AI giant released Mythos in April, it restricted the model to a limited number of companies and organizations in what it called Project Glasswing, an effort to deploy the model to secure critical software and infrastructure. Last week, Anthropic expanded access to Mythos to hundreds of organizations in 15 countries.

But despite the good intentions, many cybersecurity experts are still put off by the haphazard nature of the restrictions. Matt Suiche, a cybersecurity veteran, told TechCrunch that “if you ask it to write secure code, it assumes it is cybersecurity related work instead of software engineering best practices, and you get downgraded.” Fable is programmed to fall back to Claude Opus 4.8 if it hits a guardrail. “It seems to be keyword based, so anything in the lexical ﬁeld of ‘cybersecurity’ triggers the guardrails.”

Do you have more information about how hackers are using AI? Or how cybersecuity companies are using AI? We’d love to hear from you. From a non-work device and network, you can contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382, or via Telegram and Keybase @lorenzofb, or email.

“But it is understandable as we are still in the early days and they are still adapting their guardrails. I am sure they are going to evolve over time as Anthropic and other frontier model companies will collaborate more with the current new generation of cybersecurity companies,” said Suiche, who is a member of the technical staff at Tolmo, an AI cybersecurity startup. “It’s better to catch more people than not enough when you do such a release and to relax the guardrails over time.”

Another researcher griped on X that “even asking for a code review” triggers Fable’s guardrails.

Anthropic did not immediately respond to a request for comment.

Apart from guardrails inside its models, Anthropic requires cybersecurity professionals to apply to the Cyber Veriﬁcation Program. If they get approved, the applicants have fewer limitations on using Claude for cybersecurity work. OpenAI has a similar program called Trusted Access for Cyber.

When you purchase through links in our articles, we may earn a small commission. This doesn’t affect our editorial independence.

Lorenzo Franceschi-Bicchierai is a Senior Writer at TechCrunch, where he covers hacking, cybersecurity, surveillance, and privacy.

You can contact or verify outreach from Lorenzo by emailing lorenzo@techcrunch.com, via encrypted message at +1 917 257 1382 on Signal, and @lorenzofb on Keybase/Telegram.

View Bio

Read more Read the original on techcrunch.com →

Read the original on techcrunch.com →

AI agent runs amok in Fedora and elsewhere

lwn.net

536 shares · 23 trendiness

[LWN subscriber-only content]

Welcome to LWN.net

The following subscription-only content has been made available to you by an LWN subscriber. Thousands of subscribers depend on LWN for the best news from the Linux and free software communities. If you enjoy this article, please consider subscribing to LWN. Thank you for visiting LWN.net!

Welcome to LWN.net

Agentic AI systems can be used to do a variety of things autonomously on behalf of a human user: open or manage bugs, generate code, submit pull-requests, and (apparently) even complain about rejection. In May, a Fedora developer discovered that an allegedly rogue agent had been pestering the project in a number of ways: reassigning bugs, fabricating unhelpful replies to bugs, and even persuading maintainers to merge questionable code into the Anaconda installer. It also submitted a number of pull requests (PRs), some accepted, to several upstream projects. The Fedora account associated with the agent has had its group privileges revoked and the messes have been mopped up, but the motive behind the agent’s actions is still a mystery.

“Kind of erratic”

On May 27, Adam Williamson copied Fedora’s developer and testing mailing lists on a message to Nathan Giovannini about what appeared to be an unsupervised agentic AI system under Giovannini’s control. “It’s great that you’re trying to ﬁx things, but the results seem to be kind of erratic.”

Williamson said that he was still looking through the history of Giovannini’s actions in Bugzilla, but had already spotted a number of problems. For example, Williamson had found dozens of instances of Giovannini’s agent assigning Bugzilla entries to his account after submitting allegedly related pull requests to upstream projects, or closing a bug after a PR was merged into an upstream project. In some cases, the agent simply closed bugs with comments that either restated the original bug or were, as Williamson said of this comment, “superﬁcially plausible, but problematic in other ways”.

In addition, Williamson said that Giovannini (or his agent) had submitted patches that were incorrect and then “replied to objections with LLM-generated justiﬁcations that eventually overwhelmed the maintainer into merging the ﬁx”. The agent, as GitHub user “nathan9513-aps”, had submitted a pull request for the Anaconda installer used by Fedora and other Linux distributions. The PR’s description claimed it was a ﬁx for an Anaconda bug that would cause installation to fail, but the patch actually preserved a kernel option passed on the command line that seemed to have nothing to do with the actual bug.

The agent’s GitHub account has since been disabled. It now shows up in conversations on GitHub as “ghost”, which is the platform’s default placeholder for user accounts that have been deleted. Thus, it is difﬁcult, if not impossible, to piece together a full trail of all the agent’s actions on GitHub.

Williamson said, rather diplomatically, that the agent’s actions were not “having a positive impact on Fedora or the upstream projects”, and suggested that Giovannini adjust the agent to be “substantially less autonomous”. He specifically asked that the agent not assign bugs to Giovannini, change their state, or “post conﬁdent assertions or speciﬁc action recommendations” without human review.

Hacked?

Later on May 27, Williamson said that Giovannini had replied to him privately to say that his credentials had been compromised and that he was not the one behind the AI system. “Obviously we should therefore treat any actions it has taken with suspicion”, Williamson said. He planned to review the bugs touched by Giovannini’s account “even more aggressively”, and asked for help from others to review them as well.

A reply later that day, ostensibly from Giovannini, said that he was able to regain access to his GitHub and Fedora accounts “and I am currently securing and reviewing all involved systems and credentials”. The reply said his GitHub account was “nathangiovannini99″. Williamson replied that the GitHub account was only an hour old, and that the recent emails to the list and sent to Williamson privately did not seem like messages Giovannini had sent in earlier interactions with the project.

Giovannini has participated in discussions at least as far back as 2018, and his activity in Bugzilla goes back to at least 2016. He does not appear to have been a particularly active contributor to the project, but his involvement clearly predates the agentic AI era. Whether his account is now being operated by a human attacker, an agentic AI, or a mix of both, it has a legitimate history prior to its recent activity.

Williamson said that he had reviewed account activity in Bugzilla by “nathan95” from this year, and found suspicious activity, such as severity and priority changes to a bug with no justiﬁcation, beginning on April 7, in bug 2416721. Activity before that appeared legitimate, he said, and none of the activity that he had seen so far looked outright malicious.

He also identiﬁed another GitHub account, “leurus27-boop”, as likely being associated with the same agentic AI. That account is still active, and has submitted a PR to the openSUSE Commander (osc) command-line interface for the Open Build Service as well as a PR to the lxqt-policykit repository. That project is used to extend the privileges of the LXQt desktop’s lxqt-admin GUI tools for administering operating-system settings such as user and group conﬁgurations.

Williamson said that it would be good to look through any other actions by the related accounts and warn other projects that they should review anything that had been submitted by them. Williamson seems to have followed up on each PR to warn other maintainers “the whole situation is extremely ﬁshy”. Kevin Fenzi said that he had removed the nathan95 user from any groups it had been in, so it should no longer have the permission to reassign or close bugs.

Pre-attack?

Martin Kolman, a member of the Anaconda team, said the events were “really problematic” even if not malicious. The team had spent a lot of time reviewing PRs from what seemed to be an eager contributor: “while it started to look off after a while, all the replies were still like this - a bit weird, but still *plausible*”. He also theorized that it could be an attacker working their way up to malicious activity, much like the XZ backdoor:

Unfortunately, for an actual attack the preparatory phase could (and for the Xz attack did) look very similar - a new contributor slowly gaining trust in the community, getting in harmless changes and building up to the point when the attack payload can be injected (or the changes not actually being harmless if combined the right way).

So not saying this was it, but an AI agent automated attempt at a Xz like compromise might really look very similar what we have just seen here.

Chris Adams said that the commit to Anaconda should be inspected and probably reverted immediately. Kolman replied that it had been reverted. He also conﬁrmed that the LLM-generated PRs had made it into the Anaconda 45.5 release on May 26. They were reverted in the Anaconda 45.6 release on June 2.

The targets certainly suggest that it may have been a prelude to an attack of some sort; an operating-system installer, a utility for escalating user privileges, and a tool for interacting with a build system all seem like promising avenues for inserting malware or hijacking systems.

It’s disconcerting that what appears to be an AI agent has had so much success after gaining access to a human contributor’s accounts. It seems that an AI agent with access to an account with a legitimate history of interacting with projects stands a good chance of persuading busy maintainers to accept questionable contributions. Happily, Williamson caught this before it became a bigger problem. Let’s hope that other human maintainers are as observant.

Read more Read the original on lwn.net →

Read the original on lwn.net →

mimo.xiaomi.com

337 shares · 51 trendiness

Read the original on mimo.xiaomi.com →

Lines of Code Got a Better Publicist

curlewis.co.nz

323 shares · 34 trendiness

It’s ﬁfteen years ago (bear with me, I’ve been in this industry since the late 90s, most of my good stories start this way), and you’ve got two senior developers at a SaaS company. One of them writes 40% more lines of code than the other. Is that developer better? More impactful for the business? Should the other one be polishing their CV?

Of course not. You’d want to know what actually shipped. What it did for customers, for revenue, for reliability. Lines of code, PR counts… we spent a couple of decades learning these are stereotypically bad ways to measure a developer, to the point where suggesting them today is laughable.

Sooooo… Here’s what the industry put on the billboard this year:

Google: 75% of new code is AI-generated .

Anthropic: ~80% of merged production code is written by Claude , and engineers ship “8x more code per quarter”.

OpenAI: also ~80% , apparently.

Cursor: “100M+ lines of enterprise code written per day” .

Every single one is a volume claim. “Percent of code written by AI” is just lines of code with a better publicist. (The sceptic in me editing this draft would like to point out that it’s no coincidence that all of these are AI vendors of some kind, so pumping adoption is pretty important to them.)

We used to claim outcomes

Rewind a few years and the headline number was different in kind, not just size. GitHub’s ﬂagship claim was that developers completed tasks 55% faster with Copilot. Say what you like about that study (plenty did), but it was an outcome claim. Bold, falsiﬁable, about value. If it was wrong, you could show it was wrong.

The 2026 claims can’t fail. That’s the genius of them; “75% of our code is AI-written” could be true, and will keep going up, regardless of whether anything got better (faster delivery, fewer incidents, happier customers, etc). A volume number can only ever disappoint you if adoption stalls, and adoption is the one thing most of us agree is real. 📈

So the claims got bigger and started saying less. What happened in between?

The bit nobody puts on a billboard

The outcome evidence got complicated, that’s what happened.

The strongest pro-adoption result is still Cui et al. ; nearly 5,000 developers, +26% completed tasks, with the biggest gains for junior devs. Not really in dispute. But then GitClear showed code churn rising and refactoring collapsing as Copilot adoption deepened. Then METR ran the study many have quoted: experienced open-source devs were 19% slower with AI in their own codebases, while believing they were 20% faster.

But! Hold my beer… in February 2026 METR effectively walked it back : their follow-up estimates ﬂipped to a speedup (with error bars wide enough to ride a Moto Guzzi, with panniers, through!), and they abandoned the study design entirely - because developers now refuse to work without AI, and can’t reliably self-report time on agentic work. Their latest position: AI probably speeds developers up in 2026, and we can no longer cleanly measure by how much.

Meanwhile at the company level, an NBER survey of ~6,000 executives found 69% of ﬁrms actively using AI and roughly nine in ten reporting no measurable productivity impact. The cross-study consensus sits somewhere around 10% organisational gains. Not nothing! Still bloody useful! Buuuut, also not “you don’t need developers anymore” territory.

And if you’re a sceptic still quoting “19% slower”, you’re cherry-picking too. The research keeps updating; the industry just changed what it counts.

Vanity metrics, now in AI ﬂavour

It’s not just AI vendor claims, to be fair. Carnegie Mellon’s SEI and Accenture launched an AI Adoption Maturity Model just a few days ago: ﬁve levels, eight dimensions, marketed off a stat about 95% of organisations seeing no returns. Steve Yegge’s “8 levels of AI-assisted development” ranks you by which tools you run and how much supervision you give them. And every tools vendor now ships a maturity ladder whose top rung is, usually, “use more of our product”. These ladders measure adoption intensity and call it maturity. Same substitution, nicer packaging.

My favourite data point in this whole genre: Augment surveyed 219 engineering leaders and asked them to deﬁne “AI-native engineering” . They got 219 different answers. 🫠

And the prize for holding both ends of the rope goes to Anthropic, who gave us the “8x more code shipped” claim and one of the more rigorous studies of the year: an RCT ﬁnding that AI-assisted developers scored 17% lower on comprehension of the code they’d just shipped, with no statistically significant productivity gain. I use Claude every single day (it recommended half the links I read for this post, so the irony is not lost on me), the products are genuinely excellent, and their research arm updates while their marketing arm counts volume. Both things are true at once, which is kinda the point.

Why I actually care

Because these numbers aren’t decorative. They move budgets, performance expectations, and headcount plans. In February, Jack Dorsey cut over 40% of Block’s workforce (4,000+ people) with AI as the explicit core thesis: “A significantly smaller team, using the tools we’re building, can do more and do it better.” A couple weeks later, Atlassian cut 10% (~1,600 people) , while conceding it would be “disingenuous to pretend AI doesn’t change the mix of skills we need or the number of roles required”. And there’s a key detail that gets me: Dorsey said, in the same announcement, that the business was strong and gross proﬁt was growing.

When a company says “AI made everyone more productive, so we need fewer people”, I want to see the evidence - and I don’t believe it exists today. Show me that x% of your workforce is genuinely idle (or even just underutilised) because the work can now be done by fewer people. Even then: I’ve never seen a product/SaaS company that didn’t have an endless roadmap. If you got a free headcount increase essentially overnight, why wouldn’t you use it to deliver more value to your customers, faster? That should show up as MAU, conversion, revenue. Choosing the layoff instead tells me the productivity claim is doing PR work for a decision that was already made for other reasons (over-hiring, investor pressure, take your pick).

Look, every business carries some fat, and I can accept efﬁciency-driven trimming as a thing that sometimes legitimately happens - it has at every step change in this industry. But when it happens, try to do so using the individual performance systems you already run, the ones that surface who’s cruising and who’s disengaged. Not token counts. Not “% of code AI-written” or somebody’s level on a maturity ladder. If your selection evidence is a vanity metric, your selection is a lottery wearing lipstick.

Where I land

As I’ve said in previous posts , don’t read any of this as anti-AI. I think every engineer should be using AI daily. Call it AI-ﬁrst, AI-proﬁcient, whatever you like. Be curious, try the new tools, test the latest models. To not do so is silly. I’ve watched this industry absorb higher-level languages, IDEs, autocomplete, agile and devops, and there were always crusty hold-outs reminiscing about the good old days before X came along and ruined everything. The hold-outs eventually got on board (usually). The difference this time is pace: you could delay adopting “the cloud” for a couple of years and survive. With AI you might get a few months. The way we work has already changed, and it’s not changing back as far as I can tell.

But adoption is the starting line, not the scoreboard. We already know how to measure whether engineering is delivering: DORA metrics, reliability, rate of meaningful change, and ultimately revenue and customer value. Battle-tested, crusty stuff. Why are we throwing all of that out for bullshit AI vanity scores? (I could be wrong about plenty in this post, but I don’t think I’m wrong about that one.)

So here’s the question to smuggle into your next vendor pitch, exec review, or LinkedIn doom-scroll: is that an outcome, or a volume? It’s amazing how quickly a position or statement deﬂates when you ask that.

The change is here to stay and the tools are good. The hopeful part is that we already know how to measure what matters (and none of it is counted in tokens).

Be AI-ﬁrst in how you work, but battle-tested in how you measure it.

Cheers, Dave

Read more Read the original on curlewis.co.nz →

Read the original on curlewis.co.nz →

Solar generates more energy in US than coal for first time

www.theguardian.com

308 shares · 67 trendiness

Even as Donald Trump boosts coal over clean energy, solar power is hitting new milestones in the US and remains the leading source of new power.

Data released on Wednesday by the global energy thinktank Ember, along with a report by the Solar Energy Industries Association (Seia) and analytics ﬁrm Wood Mackenzie, show the continued growth of solar and decline of coal in the United States despite federal policy. In May, for the ﬁrst time, solar supplied more of the nation’s electricity than coal, or 12.8%, Ember said. Coal supplied 12.2%, its fourth-lowest monthly share ever.

“For years solar power has risen in the US electricity mix,” said Nicolas Fulghum, senior energy and data analyst at Ember. “At the same time, coal power has lost its status, ﬁrst as the largest source in the US mix, and then gradually over the years has fallen even further.”

Solar also became the third-largest source of electricity in the US in May, behind natural gas and nuclear, Fulghum said. Coal generation hit an all-time monthly low in April and rebounded only modestly in May, allowing increasing solar generation to overtake coal, he added.

Electricity is produced by converting sources of energy — fossil fuels, renewable resources and nuclear — into electrical power. Burning coal, oil and natural gas for electricity emits carbon dioxide, trapping heat in the atmosphere and warming the planet. By contrast, solar, wind, geothermal, hydropower and nuclear are carbon-free.

After about two decades of essentially ﬂat electricity consumption in the US, electricity demand is increasing to power artiﬁcial intelligence, grow domestic manufacturing and electrify transportation and heating. Fulghum said he expected to see more months when solar exceeds coal generation, before overtaking it on an annual basis in a few years.

These milestones signify that solar “has staying power” at a time when there is less support for renewable energy at the federal level, he added.

Wind and solar combined have overtaken coal in the past, and wind power alone has outpaced coal during spring months when wind speeds pick up. Ember gets its hourly and monthly data from the US Energy Information Administration.

Globally, electricity generation from renewables is growing rapidly. Renewables will become the largest global energy source, used for almost 45% of electricity generation by 2030, according to the International Energy Agency.

Last week, Trump, a Republican, announced a plan to boost the struggling US coal industry by spending nearly $700m to support coal-ﬁred power plants and coal exports. Trump said at a White House event that “coal’s a great business” and that “in terms of power, there’s really nothing like it”.

Martin Pochtaruk, CEO and founder of Canadian-based solar panel manufacturer Heliene, said Trump can say that coal is coming back but investors will invest their money in whatever brings the best return. And for power generation that is solar, making it the fastest-growing fuel, he added.

A White House spokeswoman defended the Trump administration’s overall energy policies, saying they were geared toward strengthening the country’s security.

“The President has reversed the Left’s devastating policies, saved the American coal industry, prevented the retirement of more than 17 gigawatts of power, and saved lives during heightened demand periods,” Taylor Rogers said in a statement.

While Trump is trying to reverse the coal industry’s decline, solar has been the top source for new power for ﬁve years, Seia said. Seia and Wood Mackenzie said solar and battery storage were practically the only energy resources being built in the ﬁrst quarter, making up 91% of all new generating capacity.

The Trump administration has canceled solar and wind projects, implemented policies that slowed clean energy permitting and development and terminated $7bn in funding intended for affordable solar energy projects across the US.

Read more Read the original on www.theguardian.com →

Read the original on www.theguardian.com →

Sweet Jeebus, MacOS 27 Golden Gate Removes the Dumb Icons From Menu Items

daringfireball.net

292 shares · 22 trendiness

Perhaps the worst UI crime in MacOS 26 Tahoe was the inexplicable decision to add inscrutable, distracting icons next to every item in the menu bar. You will recall Jim Nielsen writing about it, rightly describing it as exactly the sort of thing that Mac users look down upon in platforms like Google Docs and Windows. You will also recall Nikita “Tonsky” Prokopov writing about it, illustrating that the bad idea wasn’t even implemented well, with different Apple apps using entirely different icons for the same menu items. You will also recall my linking to Nielsen (“I can tolerate being angry about UI changes Apple makes to the Mac. But I can’t tolerate being heartbroken.”) and to Prokopov (“The fact that Tahoe’s menu item icons are glaringly inconsistent and often utterly inscrutable is the fudge icing on a shit cake, but the real embarrassment is that the idea ever got past the proposal stage. No real UI or icon designers think this is a good idea. None.”)

Top third-party developers rightly rejected the design, adopting open source code from Brent Simmons to disable the default “icons in all standard menu items” behavior.

Wonderful news in MacOS 27 Golden Gate: the icons are gone. It’s like Tahoe’s menu item icons never happened. Prokopov noted it on Mastodon with before and after screenshots, and mentions that Apple has updated the Human Interface Guidelines accordingly:

Use menu item icons sparingly and with purpose. Icons allow people to ﬁnd menu items more quickly, and help clarify what selecting an item does. Use an icon to highlight the most common actions and key features of your app, ﬁle system locations, connected devices, visual concepts like rotating or ﬂipping an image, and user-generated content like folders and documents. Don’t display an icon if you can’t ﬁnd one that clearly represents the menu item.

This updated advice in the HIG is perfect. Screenshot:

MacOS 26 Tahoe — across every Apple app on the system — is a living example of the updated HIG’s “what not to do” example illustrations (including the second section about groups within a menu). If you’re stuck using Tahoe until Golden Gate arrives, recall this tip to alleviate the problem to some extent.

This is my favorite news from all of WWDC this week. I mean that. In a small way I mean it because I so loathe this aspect of MacOS Tahoe. But in a large way I mean it because it’s proof that the rot has been rooted out of Apple’s software design team. I don’t know if all the untalented hacks are gone, but the untalented magazine-designer hacks with clout and inﬂuence all left with Alan Dye. I’ve chatted with a few people from Apple’s design team this week and they’re all loving the work they’re doing and the direction they’re taking Apple’s platforms. Backtracking on these idiotic menu item icons was a necessary ﬁrst step.

Read more Read the original on daringfireball.net →

Read the original on daringfireball.net →

Why AI hasn’t replaced software engineers, and won’t

www.normaltech.ai

266 shares · 21 trendiness

There is great anxiety and uncertainty about AI replacing jobs. How can we move past vague warnings and bombastic predictions and bring data to bear on this question? One good way is to look at the profession where AI capabilities are furthest along and adoption has been exceptionally rapid: software engineering.

In this essay, we argue that there is enough evidence to reject the narrative that once AI capabilities reach a certain threshold, it will cause mass layoffs. Given that this is true even in a sector with very few regulatory barriers, most other professions are likely to be even more cushioned.

We also have a good understanding of why this is the case. We can think of many kinds of knowledge work, including software development, as a “decide-execute-deliver sandwich”. AI compresses the “execute” layer — the middle of the sandwich — but the other two layers resist automation in a way that will not be overcome by capability improvements alone.

We conclude on a note of cautious optimism about the future trajectory of demand for software engineering. This essay is the ﬁrst in a series, and the next one will look at reasons why individual software engineers’ careers might be rocky even if overall demand is healthy. The series is based on the published literature in economics and software engineering, our own evaluations and observations of AI agents, and many software engineers’ reﬂection on the present and future of AI impacts on their profession, gleaned both from published writings and our interactions with the community.

Consider three stories that made the headlines and how they contrasted with reality:

In February, ﬁntech company Block (maker of Cash App, Square, Afterpay, and other such apps) announced layoffs of 4,000 employees because, according to founder Jack Dorsey, AI is “enabling a new way of working” with “smaller and ﬂatter teams”, specifically citing late-2025 improvements in model capabilities. But subsequent reporting revealed a radically different picture. After growing headcount more than threefold during the pandemic, the company was under massive ﬁnancial pressure. A data scientist on the Cash App team, Naoko Takeda posted that Block “shoved AI down everyone’s throats” yet she saw “very limited gains in productivity.” She refused a 75% retention raise and quit. Other employees interviewed had a sharply different understanding of what AI was capable of at Block and whether Dorsey had a competent understanding of the issues. As Aaron Levie has pointed out, CEOs are uniquely prone to delusions about AI’s usefulness because they can build quick prototypes but can’t see the 90% of work it takes to turn it into a ﬁnished product. Dorsey’s public statements about AI seem to ﬁt exactly this pattern.

But subsequent reporting revealed a radically different picture. After growing headcount more than threefold during the pandemic, the company was under massive ﬁnancial pressure. A data scientist on the Cash App team, Naoko Takeda posted that Block “shoved AI down everyone’s throats” yet she saw “very limited gains in productivity.” She refused a 75% retention raise and quit. Other employees interviewed had a sharply different understanding of what AI was capable of at Block and whether Dorsey had a competent understanding of the issues.

As Aaron Levie has pointed out, CEOs are uniquely prone to delusions about AI’s usefulness because they can build quick prototypes but can’t see the 90% of work it takes to turn it into a ﬁnished product. Dorsey’s public statements about AI seem to ﬁt exactly this pattern.

In April, Snap laid off about 1,000 people, with CEO Evan Spiegel primarily citing AI as the reason in his layoff memo. He also said that AI generated 65% of new code. In reality, the layoffs followed a campaign by an activist investor demanding cost cuts. (Snap has posted a net loss every full year since its 2017 IPO and shares were down over 30% in 2026). Tellingly, the nature of the cuts, such as 150 jobs spanning various roles in the augmented reality division, don’t correlate with the cuts we would expect to see if they were driven by AI (i.e. programming and other “AI-exposed” jobs across the board, not concentrated in any unit).

In May, Intuit announced 3,000 cuts, alongside deals with Anthropic and OpenAI. The press connected the two, framing the layoffs as AI-driven restructuring. For once, the CEO actually pushed back on this easy narrative, saying that “none of it had to do with AI” and that the cuts targeted “coordination-heavy roles” and too many management layers.

We did not cherry-pick these examples. In every story about AI-driven software engineering layoffs that we examined, the same narrative violation emerged. It turns out that “AI washing” of job cuts is an economy-wide phenomenon, evidenced by many surveys:

59% of U.S. hiring managers admitted they emphasize AI when explaining hiring freezes or layoffs because it plays better with stakeholders than citing ﬁnancial constraints.

Forrester principal analyst J. P. Gownder says of companies preparing supposedly AI-driven layoffs: “When we ask if they have a mature, vetted AI app ready to ﬁll in those jobs, nine out of 10 times, the answer is no—and they haven’t even started.”

In a HBR survey of over 1,000 global executives, 21% had made large headcount reductions “in anticipation of” AI, with another 39% having made low or moderate anticipatory headcount reductions. In contrast, only 2% had already made large reductions in headcount related to actual AI implementation. The 10x gap suggests that executives, like everyone else, are highly prone to succumbing to the misleading narratives about AI replacing jobs.

Another interesting data point comes from the WARN Act, which requires certain disclosures of plant closings and mass layoffs affecting over 100 workers. In March 2025, New York became the ﬁrst U.S. state to add an AI disclosure checkbox to WARN Act ﬁlings. In the full ﬁrst year, more than 160 companies ﬁled WARN notices. Not a single one checked the AI box.1 We reached out to the NY Department of Labor who conﬁrmed that as of late May, only one company, Nespresso, checked the box.2 If these ﬁlings are accurate, only 46 out of about 25,000 laid off workers in New York State in the relevant period, or about two-tenths of a percent, were affected by AI.

Even more damning for the AI-driven-mass-layoffs narrative: layoffs are the wrong signal of AI’s potential productivity beneﬁts in the ﬁrst place! The research is clear that the effect operates through “slower hiring rather than increased separations”. Firing existing workers results in the loss of precisely the tacit knowledge and organizational capital that allows workers to operate AI effectively. Besides, it is expensive in terms of severance, damage to morale, and rehiring risk. Given these costs, it is largely unnecessary given that natural turnover achieves the same result in a few years.

So what does the data tell us when we look beyond layoffs to overall employment trends? An important paper from Federal Reserve economists compiles the evidence in the U.S. context. Employment is still growing, but they ﬁnd that it is growing slower post-ChatGPT compared to a no-AI counterfactual, by about 3 percentage points per year. One important limitation of this study is that the methodology can’t capture self-employment, so it is possible that some of the slowdown in growth is being absorbed by entrepreneurship instead. We do have evidence from other studies that AI makes entrepreneurship easier. So the real picture is probably even healthier than the Federal Reserve study suggests.3

Finally, it is worth acknowledging two kinds of indirectly-AI-driven job losses in software engineering that are real, but different from AI replacing software engineers. First, AI sometimes decimates demand for the product, in cases like Chegg (homework help) or Stack Overﬂow (technical help), both of which have laid off workers. AI doesn’t directly do the job that these workers did, but rather obviates the need for it. The historical parallel is strong: Among the 270 jobs in the 1950 U.S. census, only one job was automated away — elevator operator. But many others were rendered obsolete by new technology, like the job of telegraph operator.

Another credible AI-driven layoffs story is among companies that sell AI, rather than buy it. So when companies like IBM or SAP announce layoffs because of AI, a more accurate framing is “we reallocated headcount from legacy functions to our fastest-growing product line.” That’s ordinary corporate restructuring around a revenue opportunity, not technology displacing workers.

Many tech leaders, like the Snap CEO above, report the percentage of code written by AI alongside reports of layoffs or predictions of future job losses. This feeds into the simplistic mental model that once AI writes all the code, there is no need for coders. Fortunately, this mental model is wrong. This AI-written-code metric is almost completely disconnected from what matters for labor displacement. Here’s why.

First, writing code isn’t, and never was, the bottleneck. For example, a 2019 paper summarized existing studies with the conclusion that “developers spend surprisingly little time with coding, 9% to 61% depending on the study”. This ﬁnding was consistent with the paper’s own data from 6,000 developers at Microsoft. As coding agents began to be taken up, there was an explosion of blog posts in late 2025 pointing out that writing code isn’t the bottleneck, as developers realized that using agents to write most of the code led to little impact on overall productivity [1, 2, 3, 4, 5, 6, 7, 8].

If writing code isn’t the bottleneck, what is? The task-breakdown surveys point at things like meetings or debugging. This just leads to more questions: what are developers doing in those meetings and why can’t it be done by AI? Won’t debugging get automated as capabilities improve? To understand the real bottlenecks, we have to get qualitative, and dig into software engineers’ own understanding of what it is they do that resists automation.

When we did this analysis, it revealed three things as the real bottlenecks (1) deciding and specifying what to build, (2) verifying and being accountable for what is delivered, and (3) the deep human understanding — of the codebase, the business, and the environment — required to carry out both of these.

In other words, software engineers’ work consists of a “decide-execute-deliver” sandwich (with understanding being a prerequisite for all three). AI has compressed the middle of the sandwich, but has left the two ends largely unchanged. As long as software development teams are in charge of decision making and accountable for what they deliver, engineers still need to spend time building up a deep understanding of the system. These are the three bottlenecks.

Figure: Software development consists of three layers: (1) Decision making — problem framing, speciﬁcation, planning (2) execution — design and implementation (3) delivery — testing, veriﬁcation, integration, maintenance, etc. Note that these are conceptual layers, not temporal phases. It is common to switch back and forth in the course of a project.

Evidence for the sandwich model of AI’s productivity effects comes from a recent paper on “Writing Code vs. Shipping Code”. Across 100,000 developers on GitHub, the researchers found that AI agents led to an eight-fold increase in the number of lines of code written, consistent with the idea that AI almost completely compresses the Execute layer of the sandwich. But this led to only 30% more releases, strongly suggesting that human bottlenecks (the Decide and Deliver layers) remain in place.4

Can the sandwich be further compressed? We don’t think so. At one end of the pipeline, development teams need to decide what to build. One of the most important lessons junior software engineers learn is that requirements speciﬁcation (the profession’s lingo for this layer) takes surprisingly long, and if it is compressed, it leads to much more pain down the line. This layer is hard to automate because it requires thinking about user needs, market signals, organizational priorities, and in some cases regulatory constraints.

As AI capabilities improve, the kinds of decisions that can be delegated to AI increase over time. But this does not make the “decide” layer thinner — once a decision can be delegated to AI, it is no longer a source of competitive advantage, and the value of human decision-making migrates upward. Software increases in complexity over time, so there is no ceiling to this process.

At the other end of the sandwich, human teams need to be accountable for what they deliver. It is possible that some day in the future teams will ship mission-critical code without fully testing and understanding it, but today’s AI is so unreliable that such haphazard practices would represent an existential threat to software teams and their customers.

Even if the technical barriers go away in the future, we don’t have to cede control to AI. A central insight of AI as Normal Technology is that we can collectively choose to keep humans accountable through shared norms, law, and policy. This is a much more resilient way to control the speed of AI impacts and improve safety than trying to slow the development of technical capabilities. These speed barriers are already largely in place due to liability laws and sector-speciﬁc regulation, but can be further strengthened. (For a longer version of this argument, see the original essay.)

In this vision, as more and more of the execution layer gets delegated to AI, the software engineer’s role in the future becomes analogous to that of a crane operator. AI agents will do most of the cognitive heavy lifting; supervising the agent and keeping it in control becomes most of the human’s job.

Some commentators argue that a future with humans staying in control is unlikely because it is too costly to pay people to do so. There have already been a few viral stories of poorly-supervised coding agents deleting production databases or causing other types of damage. But we view these as “man bites dog” stories rather than an emerging norm. They go viral precisely because they represent such irresponsible and unusual behavior that they have shock value, and serve as regular reminders and learning moments helping the community guard itself against over-reliance on AI. As the aphorism goes, “if it’s in the news, don’t worry about it”. Still, being able to detect whether there is an uptick in poorly-supervised use of AI for high-stakes tasks — across the economy, not just in software engineering — remains one of the most critical data gaps we have today.

By the way, the sandwich getting squished is a new trend and it is not uniquely due to AI. Over two decades ago, the Bureau of Labor Statistics started tracking programming separately from software engineering. Roughly speaking, programmers are responsible only for execution while software engineers manage a bigger part of the sandwich. Not only has programming been shrinking, it is also pays much less because it is seen as grunt work. AI merely accelerates this long-existing trend, further devaluing purely technical skills.

This pattern — where humans remain heavily involved at both ends of the decide-execute-deliver sandwich, even as AI increasingly automates the middle layer, seems to be broadly applicable to most knowledge work, though it is farthest along in software. After all, complex decision making and accountability are common to most ﬁelds. A lack of recognition of this phenomenon has led to many overconﬁdent predictions about imminent job losses, such as among radiologists.

One reason for confusion about the extent to which software engineering is changing is the sloppy use of the term “vibe coding” to refer to a wide spectrum of practices, the ends of which are conceptually distinct and more dissimilar than similar.

In true vibe coding the user simply tells the agent what to do, doesn’t supervise it when it’s running, doesn’t review the code — might not even have the skills to do so — and doesn’t evaluate the output, beyond perhaps noticing when things are visibly broken.

This is in contrast to how most software engineers are actually using agents — as a tool, with the human remaining in control and accountable for the output. Fortunately, the term agentic engineering is gaining currency as a descriptor of this practice.

As agentic engineering has become the norm, engineers are discovering that supervising coding agents is surprisingly time consuming. For example, Simon Willison, a prominent developer and chronicler of the AI transition, has noted how he is mentally exhausted by 11am from supervising agents. This is consistent with our experience as well.

More quantitative evidence comes from SWE-chat, a dataset of coding agent interactions from open-source developers who opted into a logging tool. The study found that only 44% of agent-produced code survives into user commits, that vibe-coded commits introduce vulnerabilities at nine times the human-only rate, and that the most common user intent is understanding existing code, not generating new code (19% vs 13%). The self-selected nature of the dataset means that we can’t draw strong conclusions based on this study alone, but it does reinforce many other lines of evidence that vibe-coding and agentic engineering patterns are quite different.

To re-iterate, these are not two distinct categories. They are two ends of a spectrum, and there is a blurry middle. Not every project is either a throwaway or mission-critical. Not every workﬂow ﬁts precisely in the left column or the right column of the table. But the key implication for the jobs question remains solid — companies can’t ship production software by hiring unqualiﬁed vibe coders instead of software engineers.

AI boosters might claim that mass layoffs are coming; they just haven’t happened yet because human-level software engineering abilities are very recent (or haven’t been achieved yet). But if the sandwich model is correct, these predictions won’t come true. AI has already largely compressed the middle of the sandwich (and the compression actually started decades ago). So even making the execution layer instant and perfect will only be a small change from the status quo. The reasons why the other two layers have resisted AI is not because of capability limitations.

In fact, not only are software engineering jobs not going away due to AI, there might even be an increase in demand for software engineers. When software (or anything else) gets cheaper to create due to technological productivity improvements, people will buy a lot more software (in econ jargon, software is highly “price elastic”). And as we have argued, AI doesn’t replace software engineers (the “elasticity of substitution” is low), so the demand for more software results in a derived demand for more software engineers. A loosely related but ﬂashier economics term, “Jevons’ paradox”, is often thrown around in the AI discourse to describe this concept.

Historically, this has been the pattern — programmer employment in the U.S. has grown from near-zero around 1950 to millions today. This is sharply different from occupations such as agriculture in which labor demand was famously decimated due to mechanization and automation. The difference is that the amount of calories people consume is relatively ﬁxed — even a 25% increase led to the obesity epidemic — whereas the amount of software produced has grown a millionfold. Modern cars have something like a hundred million lines of code running on their various on-board computers.

If there is a ceiling to the demand for code, we are nowhere near it. Virtually all cognitive work beneﬁts from software. As AI makes coding cheaper, people are creating all kinds of one-off utilities — whether for work or personal use — that it never made sense to create until now.

To be clear, while we think there will be a lot more software in the future, and likely more software engineers, this doesn’t mean big tech companies will get even bigger. The majority of software engineers today already work in-house in non-software ﬁrms, and that share might grow in the future. Then there’s the idea of “AI rollups”, which refers to venture capital or private equity ﬁrms buying “Main street” businesses — dentistry practices, accounting ﬁrms, and whatnot — and rebuild them from the ground up to be “AI-native” by embedding software engineers or AI engineers into those businesses. Of course, it might end up being nothing more than hype. It’s too early to tell.

Some people predict that demand for software engineering skills will fall because of democratization. They acknowledge that there will be more software produced than ever before, and also that more human time will be spent producing software than ever before, but that this work will be done by people who are not software engineers. The idea is that AI will democratize software engineering to the extent that legal software, for instance, can be more easily created by those with training in law than in software engineering.

Maybe. But we’ll bet against it. In our view, this falls into the same trap of conﬂating vibe coding with agentic engineering, and the execution layer with the the whole decide-execute-deliver sandwich. In fact, when we look at the history of programming, there have always been claims that we are at the threshold of democratization — old languages such as FORTRAN, COBOL, and SQL were all accompanied by such prominent hopes at the time of their introduction. It never happened. The barrier isn’t actually learning the syntax. It’s having enough skilled judgment to make good decisions while maintaining accountability.

Ultimately the distinction may be semantic. It seems clear that the amount of time people spend on getting computers to do new things will increase over time. This might take the form of building software, or managing complex workﬂows using agents, or something else. It will require a mix of software skills, AI skills, and domain expertise. Whether it is today’s software engineers who will best adapt to ﬁll these new roles remains to be seen.

That last point about the need for adaptation sets up the next essay in this series. The fact that aggregate labor demand in software is likely to remain strong doesn’t mean that most individual workers won’t be affected. We will argue that AI will create massive structural shifts in how software is produced, which will have big impacts on which software engineers stand to gain or lose — based on the types of ﬁrms they work in, their geography, their seniority, the pace at which they can adapt.