10 interesting stories served every morning and every evening.
Maintained by Epic Games, Lore is designed for unprecedented scalability of both data and teams. It’s optimized for projects—including games and entertainment—that combine code with large binary assets, and caters for the needs of developers and artists alike.
Key findings
74%
consumers say the internet feels less human than 10 years ago
40 min
average time before consumers experience “bot fatigue”
61%
consumers can’t name a brand using AI well in its messaging
16.6
average weekly hours enterprise teams spend improving AI visibility
Brands have been chasing AI visibility for two years. You’ve spent time and budget on it, yet your audience can’t name a single company they think is doing it well. The brands building for the next phase treat their website as the place where AI gets clean data and humans get something worth their time.
A less human web costs you readers.
Your audience can sense when a machine is talking to them. Most are checking out before they’ve decided whether they care. Bot fatigue sets in when the internet stops feeling honest. The small moments that used to make the web worth visiting are disappearing.
The AI web
7/10
consumers say the internet feels less human than it did 10 years ago
Feels less human
Still human
40 min
the average time to “bot fatigue,” when interactions start to feel synthetic
Can your content infrastructure measure this shift and respond to it? We’ll cover how enterprise teams restructure content for AI discovery without losing what feels human in our upcoming webinar.
What is AI brand visibility?
AI brand visibility is how often a brand appears in answers generated by AI engines like ChatGPT, Perplexity, Claude, and Gemini. It’s a different problem from search engine visibility, which measures rankings on result pages. A brand can rank at the top of Google and not appear inside ChatGPT at all. As of 2026, no single dashboard tracks AI brand visibility across every engine, and the category has no established leader.
Nobody has won AI brand visibility yet.
Every answer in our consumer survey pointed the same way: Nobody has done it well yet. Brands have spent the past year funding AI strategy, but consumers can’t point to a single company they think is getting it right.
The category has no incumbent, and no template to copy. The brand that builds that recognition first gets to define the standard.
Brand visibility
61%
of consumers can’t name a brand that uses AI well in its messaging
16%
say no brand is using AI well at all
60%
say AI in a brand’s messaging is a turnoff, not a feature
“No customer or user wakes up and says, ‘I hope I get to talk to a chat bot or an AI agent today.’ Human-centered design is truer today with artificial intelligence. Ironically, the answer is using AI to be more human.”— Brian Solis, Head of Global Innovation, ServiceNow
“No customer or user wakes up and says, ‘I hope I get to talk to a chat bot or an AI agent today.’ Human-centered design is truer today with artificial intelligence. Ironically, the answer is using AI to be more human.”
Build for both audiences at once.
AI needs to find the content and a person needs a reason to stay once they arrive. The second part is harder, and most enterprises are still guessing at it. The brands worth watching are betting that “staying” comes from giving people something to do: interactive content, dynamic experiences, the small moments a flat AI summary can’t deliver.
The website is the only place where both jobs run together. AI gets structured content it can cite, and the reader gets something worth their time. That’s the foundation you get on WordPress VIP.
The guide for building that dual-purpose site is in Future-Proof Your Brand for the AI-Native Web, a framework for preparing your web platform.
How enterprises are measuring AI brand visibility
The category is barely two years old and the toolset is still settling. No single dashboard tracks every AI surface. No shared definition of “good” exists yet. Pricing across the category swings from free to six figures depending on coverage and customization. What enterprises are using right now sorts into five categories, with real tools inside each.
This is a snapshot since the specific products will shift in the next 12 months. The categories will outlast them, which is why the section is organized around what the tools do.
This is the newest category, built specifically to track how often a brand appears in ChatGPT, Perplexity, Claude, and Gemini answers. These tools simulate queries at scale and surface citation frequency and sentiment over time.
Tools in this category: Profound, BrightEdge, brandvisibility.ai, Tryevergreen, and a handful of smaller competitors that emerged in late 2025.
Best for: Teams that need to connect AI visibility to business outcomes. AI citations are top-of-funnel. This category measures what those citations turn into. The brands that figure out which AI-referred visitors convert can defend their AI strategy spend.
Watch for: Pricing models are still settling. Most platforms require four to six weeks of data collection before benchmarks are meaningful. Sample-based query simulation has gaps, and tools that promise “complete coverage” of every AI answer are overstating their methodology.
These are the established SEO platforms that extended into AI tracking starting in 2024. These tools layer AI citation data on top of traditional search metrics, which makes them useful for teams already running SEO workflows.
Tools in this category: Similarweb (AI Intelligence), Semrush (AI Toolkit), Ahrefs (Brand Radar).
Best for: SEO teams that want AI visibility data without a new vendor relationship. The integration with existing search reporting is the main value; it lets a team see organic and AI traffic in the same view.
Watch for: AI coverage in this category is generally narrower than in dedicated AI citation platforms. The tools were built for search and are still catching up on the AI side. AI numbers here have to be treated as directional.
In this category: the analytics platforms that detect and segment traffic arriving from AI engines. These are the citation monitoring tools that tell a brand it’s being mentioned. This category tells a brand what happens after.
Tools in this category: Parse.ly (part of the WordPress VIP product family), Plausible, Fathom Analytics, and most enterprise analytics platforms (Google Analytics 4) with custom segmentation.
Best for: Teams that need to connect AI visibility to business outcomes. AI citations are top-of-funnel. This category measures what those citations turn into. The brands that figure out which AI-referred visitors convert can defend their AI strategy spend.
Watch for: AI referrer detection still varies by platform. Some AI engines pass clean referrer headers, others rely on UTM tagging. Coordination between content and analytics teams is usually required to get clean data.
Broader brand monitoring platforms that added AI surface tracking to existing social listening and PR monitoring capabilities. These cover AI engines as one input alongside social and traditional media mentions.
Tools in this category: Brandwatch, Talkwalker, Meltwater.
Best for: Communications and PR teams that already use these platforms for crisis monitoring and share-of-voice tracking. The AI coverage is an extension of an existing workflow.
Watch for: AI coverage in this category tends to be lighter than in dedicated AI citation tools. Useful for a 30,000-foot view, less useful for granular citation analysis.
This is what enterprises with engineering capacity are building themselves. These solutions use LLM APIs to query AI engines on a schedule and surface results in a dashboard the team controls. Pew Research Center’s work with WordPress VIP, covered in Chapter 2, is one example of this approach.
Best for: Enterprises with engineering resources who want to define their own queries and control their own data. Ideal when the brand’s AI visibility strategy depends on niche or industry-specific queries that off-the-shelf tools don’t cover well.
Watch for: Maintenance burden. LLM API access is now stable, though pricing and rate limits change frequently. Custom dashboards require ongoing engineering attention to keep current.
AI brand visibility tools at a glance
How to choose
Match the tool category to the question the team needs to answer:
“Are we being cited?” Use an AI citation monitoring platform.
“Are we being cited relative to our search performance?” Use search analytics with AI overlays.
“What happens after we’re cited?” Use web analytics with AI referral tracking.
“How does AI fit into our broader brand sentiment?” Use a brand intelligence platform.
“We need to track something none of the above can answer.” Build a custom solution.
Most enterprises use two categories together. The most common combination is a tool from the AI citation monitoring category to know whether the brand shows up, and a tool from the web analytics category to know what that visibility is worth. The brands that figured this out first are the ones whose 2027 AI visibility budgets won’t be re-litigated in budget meetings.
Continue reading
Chapter 2
Brands chase AI visibility. Consumers chase the source.
Chapter 3
Consumers are wary of gatekeeping. More than marketers are.
Chapter 4
The website is still the default trust layer.
Chapter 5
The next website doesn’t look like a website.
FAQs about AI brand visibility
Bot fatigue is the point at which online interactions start to feel synthetic. WordPress VIP’s 2026 survey of 1,200 U.S. consumers found the average person hits bot fatigue in about 40 minutes. The broader pattern: 74% of consumers say the internet feels less human than it did 10 years ago, which is the consumer-mood shift driving most of what brands are now trying to solve in their AI strategy.
Not yet. The category is too new and the measurement tools are too immature. Platforms cite different sources for different queries, the citations change as models update, and the metrics enterprise teams use to track AI visibility aren’t standardized across vendors. What’s clear is that no brand has built a durable AI presence. The brand that defines what “AI brand visibility done well” looks like will be the one that figures out the measurement layer before the rest of the market does.
The website has two jobs now and they have to run on the same foundation. AI engines need structured content they can find and cite accurately. Human visitors need a reason to stay once they click through from an AI summary. The brands solving for both are treating the website as the place where AI extracts data and a person has an experience worth their time. This is the central argument of WordPress VIP’s 2026 State of the Open Web report.
GrapheneOS Discussion Forum
We’re in the era of trillion-dollar companies, but that doesn’t mean you should leave $5 on the table!
Take, for example, Photobucket. In case you’ve never heard of it, it is the Imgur-equivalent of ages ago. I was using it as a kid to upload images there and link them on various forums. A nice, simple website that just did its job.
So what’s my old pal Photobucket doing now?
Well, recently, I was going through my old accounts and started cleaning them up. Deleting what needs to be deleted, restoring passwords to what was no longer working, things like that1…
And that’s how I remembered about Photobucket!
Now, mind you, that was after I’d already found my old Imgur account with hundreds of old (and nostalgic!) screenshots that I then backed up safely. So I was really excited! This Photobucket account must have been… damn… even older! Who knows what remnants of my childhood I’ll find there?
And so, I logged in expectantly. Ready to be amazed! Prepared to drop a nostalgia tear! Excited to finally…
Wait, WHAT?!!
You shared them. We protected them.
…
AGAINST WHAT?!! Because it sure as hell isn’t against corporate greed! More like:
You shared them. We paywalled them. (And you should thank us!)
You shared them. We paywalled them. (And you should thank us!)
So I now have to pay for the images I uploaded on a (previously) free service?!! No way, I’m not doing that! Take my images and keep them on your servers until you go bankrupt! I won’t endorse such behavior by giving you money.
I’m no fool!
…
But… I mean it’s just $5… Surely my childhood memories must be worth more than that, right? And I guess it’s kinda nice they didn’t delete them… So, okay, I’ll give this some thought and…
$5… PER MONTH?!!
So this unassuming claim:
It’s time to relive them for just $5.
It’s time to relive them for just $5.
from the sweet-sweet Photobucket Inc. was missing just a tiny little detail… a footnote… some legalese, as you might say… That it’s a MONTHLY SUBSCRIPTION, MAYBE?!!
THE. BLATANT. GREED!
So they’re hoping that I’m curious, I pay for this crap, and then forget about my MONTHLY SUBSCRIPTION? Oh no, no, no. That’s almost evil. Paywalling my childhood memories in order to trap me into accidentally subscribing to your useless service? Hoping I’d then cancel it after maybe a few years, when I finally notice an odd expense on my card?
NO.
Just no. I won’t stand for this. Childhood memories be damned!
Aw man… I really wonder what’s in there… I mean it’s just a subscription… I pay the $5, I download my images, I cancel the subscription, and I’m outta there. May God be my witness that it wasn’t an easy call, that I fought for my dignity!
Ok, let’s do this quickly. I want to minimize the pain.
Enter the card details… click on Pay by Card… wait a bit…
And I’m in!
Finally! Really wondering what’s in here! Let’s take a… look……
Oh… No…
IS IT FREAKING EMPTY?!!
…
I think I hate myself now. I’m such a fool!!! That’s what I get for going along with these predatory tactics… Should’ve known this would happen. I guess I was using a different, even older Photobucket account as a kid, or something.
…
Wait.
Photobucket. You must have known I don’t have any images on my account. AND YOU STILL MADE ME PAY?!! Reclaim your memories my ass.
That’s it, I’m done.
I knew I forgot something!
Okay. Now I’m done.
Editor’s note
As I was writing and reliving this beautiful experience, I noticed a little footnote on the payments page:
Did I notice this in time to request the refund? Of course I didn’t. Those 5 beautiful dollars are forever gone.
But maybe this helps someone… Yay to the movement against corporate greed!… 🍻
Update
This post ended up being pretty popular on Hacker News with lots of fun discussions. Two things worth mentioning:
Just to be extra clear, I don’t believe Photobucket intentionally deleted all the images I uploaded and then asked for $5/mo just because they hate me. While I do remember uploading things there as a kid, I bet I was using an even older account.
Just to be extra clear, I don’t believe Photobucket intentionally deleted all the images I uploaded and then asked for $5/mo just because they hate me. While I do remember uploading things there as a kid, I bet I was using an even older account.
It was suggested that I request a chargeback from my card. Apparently debit cards also allow them, didn’t know this! I might give it a shot, who knows, maybe I’ll end up paying $0 for this story!
It was suggested that I request a chargeback from my card. Apparently debit cards also allow them, didn’t know this! I might give it a shot, who knows, maybe I’ll end up paying $0 for this story!
…
Ok, no, paying $0 won’t happen. Apparently using Vercel to host a personal blog might not be the best idea (even though it’s a static site!). I’m nearly reaching the limit of Edge Requests in just 2 hours after the post. According to trustworthy Claude, the site will go down if I surpass it?…
So I’ll probably end up doing this2:
No mention of any refunds though, I checked! :P
I was bored. Also, going through a finite list of things and completing them one at a time feels satisfying… even productive! However, feels is the correct verb here. ↩
I was bored. Also, going through a finite list of things and completing them one at a time feels satisfying… even productive! However, feels is the correct verb here. ↩
And migrate to Cloudflare Pages or something, when I have some time to spare. ↩
And migrate to Cloudflare Pages or something, when I have some time to spare. ↩
Please enable JS and disable any ad blocker
A few days back I wrote a piece called “AI enthusiasts are in a race against time, AI skeptics are in a race against entropy.”
I have notes on a whole pile of AI-related topics that I’d like to cover in depth: AI mandates, communication norms, code review, AI art, and more. Unfortunately, I got too many interesting responses to my last piece, and now I have to address those before I can move on to other topics. 😉
There were two types of interesting responses: the first on the technical merits, the second on ethical grounds. I will respond to each of these separately. Let’s take the technical side first, because it’s easier.
Somehow, a subset of readers came away believing I was telling everyone to ditch code review and push their shittiest code straight into production without reading it, right now, tout suite.1
That is not what I am doing. That is not what I think you should do. But I did not pick that example at random, and I will tell you why.
It’s easy to forget, but for most of 2025, the idea that AI-generated code was slop and might always be slop was not only a reasonable position to hold, it was the default, mainstream position.2
That question was answered decisively last November. Ever since Opus 4.5 came out, AI has been able to generate code that is approximately as good as that of the median software engineer, at least for common patterns, and much faster and more cheaply. I came out of a book hole and realized this in January, and over the first few months of 2026, it seemed like everyone around me was having a similar realization.
But many saw it coming much sooner.
The popular narrative holds that Opus 4.5 was what changed. But Opus 4.5 was more like the tipping point. Agentic harnesses (the code that wraps the LLM in a loop with tools) became a real thing in mid 2025, with precursors building back to late 2024. Tool use, function calling, MCPs…all of this wave was building over the course of 2025, and crested into real general purpose usability at the end of the year.
That’s what the enthusiasts were trying to tell us last year. Not only “this is coming”, but “this is coming faster than you think.”
As it turns out, they were right.
As you may know, I come from the reliability side of the house. The compliment I will pay to myself and my people is that we do not struggle to adapt to new realities. As soon as a problem is real and in front of us, we adjust smoothly, even eagerly, thanks to an unwholesome zest for lapping up disgusting technical messes (and the campfire tales we get to tell later).
The un-compliment I will pay myself and my people is that we sometimes struggle to accept that progress is real, that the continued existence of bugs and edge cases does not diminish the fact that huge swaths of problem space do get more-or-less solved over time, to the point they can be taken for granted by most people.3
The speed at which code went from total crap to “ah damn, that’s not bad” is what I have in the back of my mind, as enthusiasts are telling us that harness engineering and AI validation is real, it’s already here, and it’s getting better astonishingly fast.
Holding out for “I’ll believe it when I see it” was forgivable the first time, but much less so the second time. This is what it feels like to be on the inside of an exponential change curve, turns out.4
I want to pause here and be very clear about what I think is happening. Then I’m going to tell you what specifically I am excited about, and why.
You are under no obligation to join me there. But there are way too many sweeping statements out there right now about “it was never X” — “it was always Y” — “the future belongs to xyzzy” 🤮 — and I want to be crystal clear how conditional and specific and contextual my claims are.
What happened in 2025 was this: the economics of code production were turned upside down. Instead of being very hard, time-consuming, and expensive to generate code, it became effectively free and instant. Lines of code went from being treasured, reused, cared for and carefully curated, to being disposable and regenerable, practically overnight.
For most of computing history, the primary way people have learned to understand software is by writing the code. Once you’ve achieved some mastery, reading and discussing code gets you most of the way there. (I might argue that software engineers have always relied far too heavily on the code instead of sensemaking the system through observability.)
Many great software engineers hold that true product of every (good) software engineering team has always been a shared understanding of the software we own. That it gets stored as cache state in our fragile little meat brains, frequently flushed to disk, deployed to production, committed to github, but our minds are where meaning has always lived.
Is it any wonder that software has always been such a fiercely collectivist endeavor, exquisitely sensitive to relationship dynamics and manners and questions of fairness and emotional valence? It’s exactly what you’d expect when part of your brain lives in other people’s brains, and your collective interdependence is sky high.
It’s something that I love about this industry. But there’s no denying that minds have been a poor container for certain aspects of the software development model. We are forgetful, distractible, impatient. We are bad at spotting small details, we grow habituated to repetition. Worst of all, the model in our heads diverges massively and perpetually from the world our users interact with.
Anyway, SREs have never quite bought that explanation. To us, it’s clear that the true product of every (good) software engineering team is production.
Only prod is prod. Test in prod, or live a lie.
(This is all backstory. I am getting to the point, I promise.)
We issued our AI mandate last August.5 I had seen enough to know that this was happening, and it was time to do the responsible thing. Honeycomb is a devtools company, and people come to us to help with hard problems on the forefront of technology. I was all in on AI, but I can’t say I was super excited about it, in my heart of hearts.6
Then I found Chad Fowler’s writings on Phoenix Architectures.
If you don’t know what I’m talking about, you should honestly stop reading my shit right now and go read his. Chad is the guy who coined the term “immutable infrastructure” in 2013. His best-known essay is “Relocating Rigor”, because Martin Fowler7 mentioned it recapping a Thoughtworks meetup on the future of software. I replied with “Production Is Where the Rigor Goes”, complaining that they didn’t talk about production enough.
When I wrote that, I think “Relocating Rigor” was the only piece I had read. But soon I found the rest of it, and after reading two or three essays, it just clicked. I knew exactly what he was talking about. I could predict the rest of what he was going to say. And then, reader…then I got excited.
I am going to give you a small sample of Chad quotes, just enough to get the gist. Here’s one from “The Death and Rebirth of Programming”.
Immutable infrastructure. Stateless services. Containers. Blue-green deployments. Infrastructure as code.These ideas all share a common premise: never fix a running thing. Replace it.AI pushes this premise beyond infrastructure and into application code itself. When rewriting is cheap, editing in place becomes risky. Mutation accumulates entropy. Replacement resets it.
Immutable infrastructure. Stateless services. Containers. Blue-green deployments. Infrastructure as code.
These ideas all share a common premise: never fix a running thing. Replace it.
AI pushes this premise beyond infrastructure and into application code itself. When rewriting is cheap, editing in place becomes risky. Mutation accumulates entropy. Replacement resets it.
Another favorite: “The Deletion Test”.
Here’s a simple test you can apply to any software system you work on:Imagine deleting the entire implementation.Most engineers experience deletion as existential. Code feels like the thing. It’s what we write, review, version, deploy, and debug. Losing it feels like losing the system itself.When people say, “We can’t just throw the code away,” what they usually mean is something more precise:We don’t know exactly what behavior is required.We don’t know which failures are unacceptable.We don’t know what invariants must always hold.We don’t know how to tell if a new version is correct.We don’t know which bugs are intentional fixes for forgotten edge cases.Those are not code problems. They are evaluation problems.Code becomes precious when it is the only place knowledge lives.
Here’s a simple test you can apply to any software system you work on:
Imagine deleting the entire implementation.
Most engineers experience deletion as existential. Code feels like the thing. It’s what we write, review, version, deploy, and debug. Losing it feels like losing the system itself.
When people say, “We can’t just throw the code away,” what they usually mean is something more precise:
We don’t know exactly what behavior is required.
We don’t know exactly what behavior is required.
We don’t know which failures are unacceptable.
We don’t know which failures are unacceptable.
We don’t know what invariants must always hold.
We don’t know what invariants must always hold.
We don’t know how to tell if a new version is correct.
We don’t know how to tell if a new version is correct.
We don’t know which bugs are intentional fixes for forgotten edge cases.
We don’t know which bugs are intentional fixes for forgotten edge cases.
Those are not code problems. They are evaluation problems.
Code becomes precious when it is the only place knowledge lives.
and,
For most of software history, treating code as durable was reasonable.We treated code as permanent because the labor to produce it was the bottleneck. Rewriting was expensive. Re-validation was risky. Implementations accumulated meaning over time. Structure, tests, comments, bug fixes, and tribal knowledge fused into something you learned not to disturb.That made sense when production was the constraint.When regeneration is easy, code stops being an asset and starts acting as a cache: a materialized view of understanding that is useful while current, disposable when stale.
For most of software history, treating code as durable was reasonable.
We treated code as permanent because the labor to produce it was the bottleneck. Rewriting was expensive. Re-validation was risky. Implementations accumulated meaning over time. Structure, tests, comments, bug fixes, and tribal knowledge fused into something you learned not to disturb.
That made sense when production was the constraint.
When regeneration is easy, code stops being an asset and starts acting as a cache: a materialized view of understanding that is useful while current, disposable when stale.
“A materialized view of understanding that is useful while current, disposable when stale.” I think that might have been the exact line that made it click in my head.
I am just barely old enough that my first job title was “System Administrator”. I was a teenager, working at the university, with root on every machine in the days before they learned they should definitely not do that.8
I lived through the shift from handcrafted server pets to immutable infrastructure cattle. I didn’t really understand what was happening at the time, but I’ve contemplated it a lot in recent years. I wrote this in the final chapter of “Observability Engineering”, 2nd edition (available for download as of Wednesday, June 17th!):
The shift from handcrafted servers to immutable infrastructure taught us that mutability is the sworn enemy of understanding. Any artifact that is edited in place creates drift. Drift is what makes systems impossible to maintain.Our ability to kill and regenerate infrastructure components is the reason we trust it. At Honeycomb, we kill the oldest Kafka node off via cron every Tuesday. That’s why we are confident in our bootstrapping and balancing processes: everything is repeatable, the data can be regenerated, the commitments live elsewhere.The fact that we cannot regenerate our code in the same way is a sign that we do not understand it. We do not know which commitments we have made, we do not know which dependencies will break. We find them by breaking them, mostly.
The shift from handcrafted servers to immutable infrastructure taught us that mutability is the sworn enemy of understanding. Any artifact that is edited in place creates drift. Drift is what makes systems impossible to maintain.
Our ability to kill and regenerate infrastructure components is the reason we trust it. At Honeycomb, we kill the oldest Kafka node off via cron every Tuesday. That’s why we are confident in our bootstrapping and balancing processes: everything is repeatable, the data can be regenerated, the commitments live elsewhere.
The fact that we cannot regenerate our code in the same way is a sign that we do not understand it. We do not know which commitments we have made, we do not know which dependencies will break. We find them by breaking them, mostly.
Think of all the years of your working life you have wasted on painful migrations and rewrites. Think of replacing load-bearing legacy code. Think of all the strangler figs.
Lines of code have been doing too much. The code has been the bundled up repository of developer intent, user expectations, implicit and explicit behaviors, the only fossilized composite record we have of bugs gone by. It’s too much!
And look at all the domains that have been neglected due to the towering, all-consuming expense of maintaining and mutating lines of code. Where are the artifacts I can review and discuss to understand how our architecture is evolving? Where are our architecture artifacts, period? What if we could discuss and converge on an architecture diagram, and the code could be regenerated from changes to the architecture, instead of the architecture being kinda-sorta inferred from the code?
I am not asserting that all code will eventually be AI-generated to spec, bypassing human understanding. The feasibility of this whole endeavor hangs on the question of what a spec is, or what a spec could be. Anyone who has ever done a painful database migration should have learned some goddamn humility about our ability to extract and formalize users’ expectations in a replayable, automate-able way.
But I think that every step we can take in that direction will be good for us.
The tools to do this don’t exist yet, but many of the ideas do exist. Most come from operations and QA, two domains that software engineering has historically been rather snobbish about.
Those tests and techniques are not about testing for correctness or what ought to be happening, they are about observing and encoding what is happening. Behavioral tests, characterization tests, capture/replay, traffic splitters. Observability (the good kind).
Having nondeterministic code in production is finally forcing us to do the things we should have done all along. Instrumenting with traces. Tests and evals in production. Production is not what happens after development is over, production is a stage of development.
Human brains are not good at validation. The nitpickiness, the repetition. This is the worst thing to be clinging to, y’all. There are so many better things for us to want to preserve and assert for ourselves in the production and maintenance of software. We are never going to beat the machine when it comes to validation — we are literally the weakest link!
My money’s on humans for a good long time when it comes to creativity, inspiration, leaps of logic, and a lot of other things, but PLEASE do not rest your killer argument for humans in software on us being the best quality gate. OMG. 🙈
Alright. I’m almost done here. Just one more thing.
I think what many engineers have found so alienating and terrifying about the last two years of AI discourse has been the way so many prominent AI voices appear to be gleefully declaring that software is no longer an engineering problem. “SaaS is dead!” “Making AI great at coding was the strategy that unlocks everything else”, and so on. Even Adam Jacob, one of my dearest friends and someone who is rarely wrong about technology, seems to anticipate a bloodbath of software jobs.9
If 2025 was the year of vibe coding, where AI got as good at generating lines of code as the median software engineer, and the range of possible futures often felt destabilizingly, impossibly wide open, I feel like 2026 is shaping up to be a return to discipline.
The knowledge in our heads is unavailable to AI until we encode it into the system, after all. The returns on those investments will be massive and nonlinear. We might argue that they always would have paid for themselves in the long run. But now every CEO in existence is chomping at the bit to get some of those AI cookies, so let’s give it to them. Discipline first, cookies second.
The share of software engineering teams that work in short, fast feedback loops (the cardinal sign of discipline in my book) is, and always has been, appallingly small. Five percent, maybe? Definitely less than 10%. AI tooling brings this more within reach than ever before. Or it can. It could. The discontinuous returns on investment in engineering discipline are real enough that it just might happen.
I am not worried, at least in the near term, about AI creating massive, discontinuous returns on investment in the absence of engineering discipline. (Many will try, and it will be entertaining to watch.)
But value is backed by durability, not disposability, and I don’t see that changing. Bits are cheap and fast and governed by the rules of logic and language, but anything with value must ultimately resolve with physical systems: persistence on the one side, user experience on the other.
People do not want to wake up every day and log in to Slack and find the buttons and menus all subtly moved around. People do not want financial transactions that complete most of the time. Determinism is not going anywhere, my friends.
AI is not magic. This is still engineering. As Adam says, “it’s still technology, and technology needs technologists.” And I for one am looking forward to learning new and interesting engineering problems, reviewing different kinds of artifacts.
And never doing another sticky, picky, two year long API rewrite or strangler fig migration, ever, ever again.
~charity
P.S. Thanks to everyone who read a draft and gave me feedback: Dave Williams, Chad Fowler, Adam Jacob, Mark Ferlatte, Austin Parker, Erwin van der Koogh, Ankur Bhatt.
1
I was not trying to be neutral or even-handed in my last piece, only to give a baseline of courtesy to everyone. But I think it’s revealing how many times I was accused of being “so overly hard on skeptics”, by skeptics, and “so overly hard on enthusiasts”, by enthusiasts, and sometimes simply “It’s sad how some people can’t accept reality” with no indication which side they meant. Lord.
2
Fred Hebert and I gave the closing keynote at SRECon in March of 2025 where we told SREs they should get to know AI, maybe even try vibe coding (pause for laughs), because otherwise their critiques wouldn’t land as well.
Seriously, that was our big pitch. Learn AI so that you can complain more effectively.
3
Infrastructure, for example. I think this is true of a lot of engineers, btw. I just think it’s really really true of the type of engineer that signs up to be an SRE. Technological pessimism and ADHD, our two most defining traits.
4
There is a segment of AI enthusiasts who believe we are entering an era of eternal exponential growth, in which the machines begin to build better and better machines, in ways we cannot understand.
I think those people are bad at math. The only thing we know for certain about exponential growth is that it will end. It always does. either in an S curve or a crash. (For a good time, google Heinz van Foerster and “our great-great grandchildren will be squeezed to death.”)
I definitely think we will use machines to build the machines — duh, we already are — but that’s about recursion and specialization. I think the exponential curve we are on the inside of now was created by sloshy free money chasing high returns, plus the properties of software as a function of language and logic, plus the biggest discoveries always happen in the early days of a technology boom, because low hanging fruit gets picked first.
My personal sense — and keep in mind that I am no kind of expert on AI — is that the exponential advancement in AI models leveled out a while ago, and gains are becoming harder to earn and more incremental in nature. I may turn out to be very wrong, of course. But even if there were no more AI innovations moving forwards, the past year has unleashed enough pent-up force to radically reshape the software industry as we know it. Like a pig in a python, we will be dealing with the consequences for a long time to come.
5
Despite the fact that AI increasingly dominates our economy (it’s a hot IPO summer and we’re all just along for the ride), most Americans are not particularly optimistic about the technology’s long-term impact on the country, a new study from Pew Research reveals.
In fact, although a whole lot of Americans increasingly use AI in their daily lives, most of them have neutral to negative views about it, the research reveals.
Only 16% of Americans think that AI’s impact on society during the next 20 years will be positive, Pew says, while around 40% say that it will have a negative impact.
A vast majority of people (67%) don’t believe that the U.S. government will do anything to meaningfully regulate AI. A similarly skeptical cohort (59%) don’t trust companies to develop it safely.
Young people — that is, those people under 30 — are the ones with the most negative feelings about AI. Pew says that only 14% of this cohort believe the tech will have a positive impact on society.
On top of all this, a vast majority of Americans — nearly two-thirds — also think that AI’s development is occurring too quickly.
Despite all of the skepticism, a whole lot of Americans also report using AI in their daily lives on an increasingly regular basis. About a quarter of Americans say they use AI chatbots on a daily basis. Those who do are typically using the chatbots for research purposes or for work, Pew says.
A vast majority of people using AI are using ChatGPT. Pew writes that 44% of U.S. adults now say they use OpenAI’s chatbot, a figure that’s more than doubled since 2023.
The next most popular chatbot is Gemini (24%), followed by Copilot (17%) and Meta AI (14%), with Grok (8%), Claude (6%), and Character.ai (3%) lagging behind.
There is a bit of a gender divide. While chatbot use is growing for both men and women, men still use AI more and are more enthusiastic about it, while women are more skeptical, Pew says. Men are more likely to say they use AI chatbots in their daily lives (27% versus 20% for women) and while equal shares of men and women report using ChatGPT, men more commonly report usage of other brands, such as Copilot and Grok.
The report also highlights how AI is changing the ways Americans consume information. Six in 10 survey respondents told Pew that they routinely read AI-generated internet summaries (indeed, on Google, they’re pretty much unavoidable). A much smaller number report using AI to get information on fitness and dieting.
There are also still a whole lot of people — about half of the country — that say they do not use AI in their daily lives. The people who do not use AI tend to be older, while those under 50 are more likely to say that they use it. Nearly 75% of Americans aged 65 or older say that they never use AI chatbots.
Those people who don’t use chatbots say they don’t because they’re not interested in them, and add that they have no intention of using them in the future.
When you purchase through links in our articles, we may earn a small commission. This doesn’t affect our editorial independence.
Lucas is a senior writer at TechCrunch, where he covers artificial intelligence, consumer tech, and startups. He previously covered AI and cybersecurity at Gizmodo.
You can contact Lucas by emailing lucas.ropek@techcrunch.com.
View Bio
Abstract
This specification defines the QUERY method for HTTP. A QUERY requests that the request target process the enclosed content in a safe and idempotent manner and then respond with the result of that processing. This is similar to POST requests, but QUERY requests can be automatically repeated or restarted without concern for partial state changes.¶
Status of This Memo
This is an Internet Standards Track document.¶
This document is a product of the Internet Engineering Task Force (IETF). It represents the consensus of the IETF community. It has received public review and has been approved for publication by the Internet Engineering Steering Group (IESG). Further information on Internet Standards is available in Section 2 of RFC 7841.¶
Information about the current status of this document, any errata, and how to provide feedback on it may be obtained at https://www.rfc-editor.org/info/rfc10008.¶
Copyright Notice
Copyright (c) 2026 IETF Trust and the persons identified as the document authors. All rights reserved.¶
This document is subject to BCP 78 and the IETF Trust’s Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Revised BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Revised BSD License.¶
1. Introduction
This specification defines the HTTP QUERY request method as a means of making a safe, idempotent request (Section 9.2 of [HTTP]) that encloses a representation describing how the request is to be processed by the target resource.¶
A common query pattern is:¶
However, when the data conveyed is too voluminous to be encoded in the request’s URI, this pattern becomes problematic:¶
As an alternative to using GET, many implementations make use of the HTTP POST method to perform queries, as illustrated in the example below. In this case, the input to the query operation is passed as the request content as opposed to using the request URI’s query component.¶
A typical use of HTTP POST for requesting a query is:¶
In this variation, however, it is not readily apparent — without specific knowledge of the resource and server to which the request is being sent — that a safe, idempotent query is being performed.¶
The QUERY method provides a solution that spans the gap between the use of GET and POST, with the example above being expressed as:¶
As with POST, the input to the query operation is passed as the content of the request rather than as part of the request URI. Unlike POST, however, the method is explicitly safe and idempotent, allowing functions like caching and automatic retries to operate.¶
Recognizing the design principle that any important resource ought to be identified by a URI, this specification describes how a server can assign URIs to both the query itself or to a specific query result, for later use in a GET request.¶
Summarizing:¶
1.1. Terminology
This document uses terminology defined in Section 3 of [HTTP].¶
Furthermore, it uses the terms URI query parameter for parameters in the query component of a URI (Section 4.2.2 of [HTTP]) and query content for the request content (Section 6.4 of [HTTP]) of a QUERY request.¶
1.2. Notational Conventions
The key words “MUST”, “MUST NOT”, “REQUIRED”, “SHALL”, “SHALL NOT”, “SHOULD”, “SHOULD NOT”, “RECOMMENDED”, “NOT RECOMMENDED”, “MAY”, and “OPTIONAL” in this document are to be interpreted as described in BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all capitals, as shown here.¶
2. QUERY Method
The QUERY method is used to initiate a server-side query. Unlike the GET method, which requests a representation of the resource identified by the target URI (as defined by Section 7.1 of [HTTP]), the QUERY method is used to ask the target resource to perform a query operation within the scope of that target resource.¶
The content of the request and its media type define the query. The origin server determines the scope of the operation based on the target resource.¶
Servers MUST fail the request if the Content-Type request field ([HTTP], Section 8.3) is missing or is inconsistent with the request content.¶
As for all HTTP methods, the target URI’s query part takes part in identifying the resource being queried. Whether and how it directly affects the result of the query is specific to the resource and is out of scope for this specification.¶
QUERY requests are safe with regard to the target resource ([HTTP], Section 9.2.1); that is, the client does not request or expect any change to the state of the target resource. This does not prevent the server from creating additional HTTP resources through which additional information can be retrieved (see Sections 2.3 and 2.4).¶
Furthermore, QUERY requests are idempotent ([HTTP], Section 9.2.2); they can be retried or repeated when needed, for instance, after a connection failure.¶
As per Section 15.3 of [HTTP], a 2xx (Successful) response code signals that the request was successfully received, understood, and accepted.¶
In particular, a 200 (OK) response indicates that the query was successfully processed and the results of that processing are enclosed as the response content.¶
2.2. Equivalent Resource
The equivalent resource for any given QUERY request is a resource that responds to GET requests, represents that QUERY request and its target, and takes both message content and metadata into account (Section 6 of [HTTP]). In particular, this includes representation metadata (Section 8 of [HTTP]) such as the content’s media type.¶
In other words, the equivalent resource is derived from the resource implementing QUERY by incorporating the request content.¶
The term equivalent resource is used as a means to define behavior for other HTTP aspects, such as selected representations. Servers can but do not have to assign URIs to these resources (see Section 1.1 of [URI]). If they do so, these resources will become accessible for GET requests.¶
2.3. Content-Location Response Field
A successful response (2xx, Section 15.3 of [HTTP]) can include a Content-Location header field containing an identifier for a resource corresponding to the results of the operation; see Section 8.7 of [HTTP] for details. This represents a claim from the server that a client can send a GET request for the indicated URI to retrieve the results of the query operation just performed. The indicated resource might be temporary.¶
See Appendix A.4.1 for an example.¶
2.4. Location Response Field
A server can assign a URI to the equivalent resource (Section 2.2) of a QUERY request. If the server does so, the URI of that resource can be included in the Location header field of the 2xx response (see Section 10.2.2 of [HTTP]). This represents a claim that a client can send a GET request to the indicated URI to repeat the query operation just performed without resending the query content. This resource’s URI might be temporary; if a future request fails, the client can retry using the original QUERY request target and the previously submitted content.¶
See Appendix A.4.2 for an example.¶
2.5. Redirection
In some cases, the server may choose to respond indirectly to the QUERY request by redirecting the user agent to a different URI (see Section 15.4 of [HTTP]).¶
A response with either status codes 301 (Moved Permanently, [HTTP], Section 15.4.2) or 308 (Permanent Redirect, [HTTP], Section 15.4.9) indicates that the target resource has permanently moved to a different URI referenced by the Location response field ([HTTP], Section 10.2.2). Likewise, a response with either status codes 302 (Found, [HTTP], Section 15.4.3) or 307 (Temporary Redirect, [HTTP], Section 15.4.8) indicates that the target resource has temporarily moved. In all four cases, the server is suggesting that the user agent can accomplish its original QUERY request by sending a similar QUERY request to the new target URI referenced by the Location.¶
Note that the exceptions for redirecting a POST as a GET request after a 301 or 302 response do not apply to QUERY requests.¶
A response to QUERY with the status code 303 (See Other, Section 15.4.4 of [HTTP]) indicates that the original query can be accomplished via a normal retrieval request on the URI referenced by the Location response field ([HTTP], Section 10.2.2). For HTTP, this means sending a GET request to the new target URI, as illustrated by the example in Appendix A.4.3.¶
2.6. Conditional Requests
The selected representation (Section 3.2 of [HTTP]) of a QUERY request is the same as for a GET request to the equivalent resource (Section 2.2) of that QUERY request.¶
A conditional QUERY requests that the selected representation (i.e., the query results after any content negotiation) be returned in the response only under the circumstances described by the conditional header field(s), as defined in Section 13 of [HTTP].¶
See Appendix A.5 for examples.¶
2.7. Caching
The response to a QUERY method is cacheable; a cache MAY use it to satisfy subsequent QUERY requests as per Section 4 of [HTTP-CACHING].¶
The cache key for a QUERY request (Section 2 of [HTTP-CACHING]) MUST incorporate the request content (Section 6 of [HTTP-CACHING]) and related metadata (Section 8 of [HTTP]).¶
To improve cache efficiency, caches MAY remove semantically insignificant differences from request content and related metadata first. For instance, by:¶
Note that any such transformation is performed solely for the purpose of generating a cache key; it does not change the request itself.¶
Clients can indicate, using the “no-transform” cache directive (Section 5.2.1.6 of [HTTP-CACHING]) that they wish that no such transformation happens (but note that this directive is just advisory).¶
Note that caching QUERY method responses is inherently more complex than caching responses to GET, as complete reading of the request’s content is needed in order to determine the cache key. If a QUERY response supplies a Location response field (Section 2.4) to indicate a URI for an equivalent resource (Section 2.2), clients can switch to GET for subsequent requests, thereby simplifying processing.¶
2.8. Range Requests
The semantics of Range Requests for QUERY are identical to those for GET, as defined in Section 14 of [HTTP]. Byte Range Requests (the only range unit defined at the time of writing), however, offer little value for the results of a QUERY request.¶
Query formats often define their own way of limiting or paging through result sets, such as with “FETCH FIRST … ROWS ONLY” in SQL. It is expected that these built-in features will be used instead of HTTP Range Requests.¶
The “Accept-Query” response header field can be used by a resource to directly signal support for the QUERY method while identifying the specific query format media type(s) that may be used.¶
Accept-Query contains a list of media ranges (Section 12.5.1 of [HTTP]) using “Structured Fields” syntax [STRUCTURED-FIELDS]. Media ranges are represented by a List Structured Header Field of either Tokens or Strings, containing the media range value without parameters.¶
Media type parameters, if any, are mapped to Structured Field Parameters with the String or Token type. The choice of Token versus String is semantically insignificant. That is, recipients MAY convert Tokens to Strings, but MUST NOT process them differently based on the received type.¶
Media types do not exactly map to Tokens; for instance, they allow a leading digit. In cases like these, the String format needs to be used.¶
The only supported uses of wildcards are “*/*”, which matches any type, or “xxxx/*”, which matches any subtype of the indicated type.¶
The order of types listed in the field value is not significant.¶
The value of the Accept-Query field applies to every URI on the server that shares the same path; in other words, the query component is ignored. If requests to the same resource return different Accept-Query values, the most recently received fresh value (per Section 4.2 of [HTTP-CACHING]) is used.¶
For example:¶
Although the syntax for this field appears to be similar to other fields, such as “Accept” (Section 12.5.1 of [HTTP]), it is a Structured Field and thus MUST be processed as specified in Section 4 of [STRUCTURED-FIELDS].¶
4. Security Considerations
The QUERY method is subject to the same general security considerations as all HTTP methods as described in [HTTP].¶
It can be used as an alternative to passing request information in the URI (e.g., in the query component). This is preferred in some cases, as the URI is more likely to be logged or otherwise processed by intermediaries than the request content. In other cases, where the query contains sensitive information, the potential for logging of the URI might motivate the use of QUERY over GET.¶
If a server creates a temporary resource to represent the results of a QUERY request (e.g., for use in the Location or Content-Location field), assigns a URI to that resource, and the request contains sensitive information that cannot be logged, then that URI SHOULD be chosen such that it does not include any sensitive portions of the original request content.¶
Caches that normalize QUERY content incorrectly or in ways that are significantly different from how the resource processes the content can return an incorrect response if normalization results in a false positive.¶
A QUERY request from user agents implementing Cross-Origin Resource Sharing (CORS) will require a “preflight” request, as QUERY does not belong to the set of CORS-safelisted methods (see [FETCH]).¶
5. IANA Considerations
5.1. Registration of the QUERY Method
IANA has added the QUERY method to the “Hypertext Transfer Protocol (HTTP) Method Registry” at <http://www.iana.org/assignments/http-methods> (see Section 16.3.1 of [HTTP]).¶
5.2. Registration of the Accept-Query Field
IANA has added the Accept-Query field to the “Hypertext Transfer Protocol (HTTP) Field Name Registry” at <https://www.iana.org/assignments/http-fields> (see Section 16.1.1 of [HTTP]).¶
6. References
6.1. Normative References
6.2. Informative References
Appendix A. Examples
The examples below are for illustrative purposes only; if one needs to send queries that are actually this short, it is likely better to use GET.¶
The media type used in most examples is “application/x-www-form-urlencoded” (as used in POST requests from browser user clients, defined in “application/x-www-form-urlencoded” in [URL]). The Content-Length fields have been omitted for brevity.¶
A.1. Simple Query
Below is a simple query with a direct response:¶
Response:¶
A.2. Discovery of QUERY Support
A simple way to discover support for QUERY is provided by the OPTIONS (Section 9.3.7 of [HTTP]) method:¶
Response:¶
The Allow response field (Section 10.2.1 of [HTTP]) denotes the set of supported methods on the specified resource.¶
There are alternatives to the use of OPTIONS. For instance, a QUERY request can be tried without prior knowledge of server support. The server would then either process the request, or it could respond with a 4xx status such as 405 (Method Not Allowed, Section 15.5.6 of [HTTP]), including the Allow response field.¶
A.3. Discovery of QUERY Formats
The discovery of supported media types for QUERY is possible via the Accept-Query response field (Section 3):¶
Response:¶
To add this web app to your iOS home screen tap the share button and select "Add to the Home Screen".
10HN is also available as an iOS App
If you visit 10HN only rarely, check out the the best articles from the past week.
Visit pancik.com for more.