cedrickchee

Project Glasswing Is Not Just Marketing Fluff

TL;DR: Project Glasswing is not just PR, but the interesting part is not Anthropic’s narrative, it is the underlying shift in capability and what that means for software security.

Over the past week, some of the most credible people in security have been pounding the same drum: AI-assisted vulnerability research is getting real, fast.

Thomas Ptacek (tptacek) flatly wrote that “vulnerability research is cooked.” Simon Willison (simonw) highlighted the same shift. Daniel Stenberg of curl has also said AI has gotten genuinely useful at finding bugs and vulnerabilities. Colin Percival (cperciva), former FreeBSD security officer. The most significant individual contributions in the narrative given cperciva's credibility

cedrickchee

Biggest Takeaways from Simon Willison on Lenny's Podcast

Date: 2026-04-04

In a new Lenny Rachitsky's podcast episode titled "An AI state of the union: We've passed the inflection point, dark factories are coming, and automation timelines".

Highlights: https://simonwillison.net/2026/Apr/2/lennys-podcast/

Transcript: https://www.lennysnewsletter.com/p/an-ai-state-of-the-union

cedrickchee

Claude Code Move 37 - Lessons from Building Claude Code: Seeing like an Agent

One of the hardest parts of building an agent harness is constructing its action space.

Claude acts through Tool Calling, but there are a number of ways tools can be constructed in the Claude API with primitives like bash, skills and recently code execution (read more about programmatic tool calling on the Claude API in Lance Martin's new article).

Given all these options, how do you design the tools of your agent? Do you need just one tool like code execution or bash? What if you had 50 tools, one for each use case your agent might run into?

To put myself in the mind of the model I like to imagine being given a difficult math problem. What tools would you want in order to solve it? It would depend on your own skills!

cedrickchee

Analysis: "Some Things Just Take Time" by Armin Ronacher

Blog post: https://lucumr.pocoo.org/2026/3/20/some-things-just-take-time/

Author: Armin Ronacher. Published March 20, 2026.

---

Core Thesis

cedrickchee

Analysis: "A Sufficiently Detailed Spec is Code"

Blog post: https://haskellforall.com/2026/03/a-sufficiently-detailed-spec-is-code

Core Thesis

The post argues that the agentic coding movement's promise — that engineers can simply write specification documents and have AI agents generate working code — is fundamentally flawed. The central claim is captured in the title: if you make a specification precise enough to reliably generate correct code, the specification itself effectively becomes code. There is no shortcut that avoids the hard intellectual work of programming.

---

cedrickchee

Karpathy: Loopy AI Era

Podcast: www.youtube.com/watch?v=kwSVtQ7dziU

This is a comprehensive analysis of the interview with Andrej Karpathy on the "No Priors" podcast, detailing the profound shifts in software engineering driven by AI agents and Autoresearch.

This including key insights, a structured outline, and any critical nuances mentioned.

TL;DW

cedrickchee

SWE, Stop Using Codex and Claude Code Like Chatbots

Most software engineers are using Codex and Claude Code like they are opening a fresh chat window and hiring a new intern every time.

New thread. New prompt. Same repo. Same rediscovery tax.

The main agent has to re-learn the codebase, re-infer the architecture, and re-guess what matters. Then people wonder why results are inconsistent, slow, and fragile.

cedrickchee

Verified Spec-Driven Development (VSDD)

The Fusion: VDD × TDD × SDD for AI-Native Engineering

Overview

Verified Spec-Driven Development (VSDD) is a unified software engineering methodology that fuses three proven paradigms into a single AI-orchestrated pipeline:

• Spec-Driven Development (SDD): Define the contract before writing a single line of implementation. Specs are the source of truth.
• Test-Driven Development (TDD): Tests are written before code. Red → Green → Refactor. No code exists without a failing test that demanded it.

cedrickchee

The AI is the Computer

A new AI product launches that sparks a market panic. It’s a new initiative, or an agent or something. Whatever it is, I can tell you one thing it can’t do.

Even with the best AI model in the world, the one thing it can’t do is its best work for you.

How do I know? Because the state of frontier models has gotten so advanced that to get the best talents out of any of them, you need different models to work together. The biggest weakness of Claude is that it only coworks with Claude

No one model family can do its best work for you without the talents of others. As models get more powerful, we’re seeing them specialize. The future state of AI is your best work will get done when there are different models working together.

cedrickchee

GPT-5.4 and the Emergence of the Agent Operating System

OpenAI just released GPT-5.4 and Codex 5.4, and the early reactions from developers are unusually strong.

Some report that it solved bugs earlier models failed to fix after dozens of prompts. Others describe it refactoring entire codebases in a single run. A few say it has already become their daily driver for coding and knowledge work.

But none of those anecdotes capture the real significance of this release.