All these new tools are so exciting, but running untrusted code which auto-updates itself is blocking me from trying these tools.
I wish for a vetting tool. Have an LLM examine the code then write a spec of what it reads and writes, & you can examine that before running it. If something in the list is suspect.. you’ll know before you’re hosed not after :)
Not a professional developer (though Guillermo certainly is) so take this with a huge grain of salt, but I like the idea of an AI "trained" on security vulnerabilities as a second, third and fourth set of eyes!
You p much just linked to an ad for a vibe coding platform.
If you don't know what you're doing, you are going to make more security mistakes. Throwing LLMs into it doesn't increase your "know what you're doing" meter.
I'm not sure how to take that seriously with the current reality where almost all security findings by LLM tools are false positives
While I suspect that's gonna work good enough on synthetic examples for naive and uninformed people to get tricked into trusting it... At the very least, current LLMs are unable to provide enough stability for this to be useful.
It might become viable with future models, but there is little value in discussing this approach currently.
At least until someone actually made a PoC thats at least somewhat working as designed, without having a 50-100% false positive quota.
You can have some false positives, but it has to be low enough for people to still listen to it, which currently isn't the case.
While I agree with the idea of vetting things, I too get a chuckle when folks jump straight from "we can't trust this unknown code" to "let's trust AI to vet it for us". Done it myself.
that's cool and all, before you get malicious code that includes prompt injections and code that never runs but looks super legit.
LLMs are NOT THOROUGH. Not even remotely. I don't understand how anyone can use LLMs and not see this instantly. I have yet to see an LLM get a better failure rate than around 50% in the real world with real world expectations.
Especially with code review, LLMs catch some things, miss a lot of things, and get a lot of things completely and utterly wrong. It takes someone wholly incompetent at code review to look at an LLM review and go "perfect!".
Edit: Feel free to write a comment if you disagree
They work better in small, well-commented code bases in popular languages. The further you stray from that the less successful they are. That's on top of the quality of your prompt, of course.
> I don't understand how anyone can use LLMs and not see this instantly
Because people in general are not thorough. I've been playing around with Claude Code and before that, Cursor. And both are great tools when targeted correctly. But I've also tried "Vibe" coding with them and it is obvious where people get fooled - it will build a really nice looking shell of a product that appears to be working, but then you step into using it past the surface layer and issues start to show. Most people don't look past the surface layer, and instead keep digging in having the agent build on the crappy foundation, until some time later it all falls apart (And since a lot of these people aren't developers, they have also never heard of source control.)
If you know that LLMs are not thorough going into it, then you can get your failure rates way lower than 50%. Of course if you just paste a product spec into an LLM, it will do a bad job.
If you build an intuition for what kinds of asks an LLM (agent, really) can do well, you can choose to only give it those tasks, and that's where the huge speedups come from.
Don't know what to do about prompt injection, really. But "untrusted code" in the broader sense has always been a risk. If I download and use a library, the author already has free reign of my computer - they don't even need to think about messing with my LLM assistant.
My suggestion is to try CC, use a language like Go, and read their blogs how they use it internally. They are transparent what works and what does not work.
You can always chroot the directory you're using to isolate the tools from the rest of your system. That is unless your using a toy operating system of course. ;)
This is what got me started with claude-code. I gave it a try using openrouter API and got a bill of $40 for 2-3 hours of work. At that point, subscription to the Anthropic plan became a no-brainer
I tried quite a few of them, including the cheap / free models but the only one that was really working was claude. The others were hanging whenever the model needed a confirmation for action. Mind you, this was some time ago.
The agentic instructions just seem to be better. It does stuff by default (such as working up a plan of action) that other agents need to be prompted for, and it seems to get stuck less in failure sinks. The actual Claude model is decent, but claude code is probably the best agentic tool out there right now.
tbh, claude code is the only product that feels like its made by people who have actually used AI tooling on legacy codebases
for pretty much every other tool i've used, you walk away from it with the overwhelming feeling that whoever made this has never actually worked at a company in a software engineering team before
i realize this isn't an answer with satisfactory evidence-based language. but I do believe that there's a core `product-focus` difference between claude with other tools
Claude's edge comes from its superior context handling (up to 200K tokens), better tool use capabilities, and constitutional AI training that reduces hallucinations in code generation.
Yeah but most fall apart at lower context than advertised. They do great at simple stuff like needle in a haystack tests but totally flop when you actually try and use that context for something productive.
In my case, I ended up accruing $100/day w/ Claude Code (on github workflows) so Max x20 was an easy decision.
Pro seems targeted at a very different use case. Personally, I’ve never used the chat enough to break even. But someone who uses it several times per day might.
ETA: I get that the benefits transfer between the two, just with different limits. I still think it’s pretty clear which kind of usage each plan is intended for.
I tried installing and setting up the project today, it was miserable. I finally got it to work only to find out that the mistral models' tool calling does not work at all for claude code. Also, there is no mention anywhere of what models actually support anthropic level tool calling. If anyone knows if there are some open weight models (deepseek or others) I can host on my infra to get this to work out of the box that would be amazing.
Unfortunately, I haven’t been able to use this with many of the recent open weight code/instruct models - CC tool use doesn’t work with Qwen3 and Kimi K2 for me.
Anyone care to compare the current Aider with Claude Code? I tried Aider 6+ months ago and liked it but haven't tried it more recently because Claude Code is working so well for me. But I keep feeling like I should try Aider again.
Aider is good at one-shotting Git commits, but requires a human in the loop for a lot of iteration. Claude Code is better at iterating on problems that take multiple tries to get right (which is most problems IMO). I was really impressed by Aider until I started using CC.
I moved from Aider to ClaudeCode for the simple reason i usually use IntelliJ Idea and even if poorer than RooCode on VSCode, integration between IntelliJ and ClaudeCode is reasonably solid.
That said today i started using CCR since the possibility to use different models is extremely interesting (and the reason why i initially used Aider)
No please folks. Personally I have always been excited about the AI as a scientific discipline and practical field, and still am. But lets please stop trying to make a dead-end application of an otherwise interesting technology work. Its like those people who were still trying to build electronics with vaccuum tubes after transistors were invented. We need a transistor moment in the AI, not more vaccuum tubes.
I am not disputing that it improves the tools. But looking at the entire picture, the whole concept of using LLMs as a general purpose utility is a dead-end. Just the basic arithmetics of it does not add up. If you told your manager you had spent 20,000 dollars on a project, generating a pre-tax revenue of 100 dollars, i.e. creating net loss of 19,900 USD, you'd be fired right away. But somehow the GenAI industry has a similar investment-to-revenue ratio on a much larger scale and still the wishful thinking is in it's fifth year? I get it that people want to get in on the ride but just that having to add so much on top of it, constantly new plugins, tools, concepts, whatever all so that we can avoid seeing this for what it is - building TVs with vaccuum tubes, when what we desparately need are transistors, not improved vaccuum tubes. Just as we did not need faster horses in the era of Ford T-Model.
OpenAI would be profitable if they stopped all investment and research and just sold their existing products. So this argument doesn't really match reality.
In 2024 they had a $5 billion loss. About $3b of that was training. $1.5b was employees. I'm sure there's at least another $0.5b of costs associated to building out rather than just serving inference. In reality it's probably several times that. So if you cut employees to just maintaining what they have, fire all researchers etc, stop expansion, and stop training, you'd be profitable. Which is dumb and they wouldn't do that, but my point isn't that it's realistic, but rather that they could sell what they have at a profit if they wanted to.
So they could be profitable, but the conditions to achieve the profitability are dumb and unrealistic. Your own words. Somehow you claim to have still made your point, because a company firing all its employees and stopping all product development could be profitable, right? Because thats what companies do routinely, they just maximise profits by firing everyone once the product is mature enough and can practically take care of itself. I wonder why all the e-commerce companies just dont apply this one simple trick? Is that the argument that you are making? Now for the calculations - are you sure the losses are only 5B? Well, if we just account for the Microsoft donated Azure credits, they run a lot of their workloads on, its probably a lot, lot more than that. Unaccounted for in the OpenAI books perhaps, but still a huge material investment, that does not make any returns to anyone, hence a (by definition) loss.
Either it's that serving AI as a business model is impossible to run at a profit, which I easily demonstrated is not the case. If it's just serving the model, then yes, it works, and there's tons of businesses doing just that and operating at a profit.
Or is that's the expense of evening running a GPU to serve a model is not worth the value that the model running on the GPU is capable of making, which is demonstrably not true, given that people are paying anywhere from dozens to hundreds of dollars a month, and there is an eventual payback period for both the cost of the hardware and electricity there.
I think it was on you to make a point here, not me. What is it that you demonstrated? I only saw a lot of creative imagination and "could be-would be" scenarios.
All these new tools are so exciting, but running untrusted code which auto-updates itself is blocking me from trying these tools.
I wish for a vetting tool. Have an LLM examine the code then write a spec of what it reads and writes, & you can examine that before running it. If something in the list is suspect.. you’ll know before you’re hosed not after :)
Throwing more llm at a prompt escaper is like throwing more regexp at a html parser.
If the first llm wasn’t enough, the second won’t be either. You’re in the wrong layer.
Here's an alternative perspective: https://x.com/rauchg/status/1949197451900158444
Not a professional developer (though Guillermo certainly is) so take this with a huge grain of salt, but I like the idea of an AI "trained" on security vulnerabilities as a second, third and fourth set of eyes!
You p much just linked to an ad for a vibe coding platform.
If you don't know what you're doing, you are going to make more security mistakes. Throwing LLMs into it doesn't increase your "know what you're doing" meter.
I'm not sure how to take that seriously with the current reality where almost all security findings by LLM tools are false positives
While I suspect that's gonna work good enough on synthetic examples for naive and uninformed people to get tricked into trusting it... At the very least, current LLMs are unable to provide enough stability for this to be useful.
It might become viable with future models, but there is little value in discussing this approach currently. At least until someone actually made a PoC thats at least somewhat working as designed, without having a 50-100% false positive quota.
You can have some false positives, but it has to be low enough for people to still listen to it, which currently isn't the case.
While I agree with the idea of vetting things, I too get a chuckle when folks jump straight from "we can't trust this unknown code" to "let's trust AI to vet it for us". Done it myself.
> All these new tools are so exciting,
Most of these tools are not that exciting. These are similar-looking TUIs around third-paty models/LLM calls.
What is the difference between this, and https://opencode.ai? Or any of the half a dozen tools that appeared on HN in the past few weeks?
that's cool and all, before you get malicious code that includes prompt injections and code that never runs but looks super legit.
LLMs are NOT THOROUGH. Not even remotely. I don't understand how anyone can use LLMs and not see this instantly. I have yet to see an LLM get a better failure rate than around 50% in the real world with real world expectations.
Especially with code review, LLMs catch some things, miss a lot of things, and get a lot of things completely and utterly wrong. It takes someone wholly incompetent at code review to look at an LLM review and go "perfect!".
Edit: Feel free to write a comment if you disagree
They work better in small, well-commented code bases in popular languages. The further you stray from that the less successful they are. That's on top of the quality of your prompt, of course.
> I don't understand how anyone can use LLMs and not see this instantly
Because people in general are not thorough. I've been playing around with Claude Code and before that, Cursor. And both are great tools when targeted correctly. But I've also tried "Vibe" coding with them and it is obvious where people get fooled - it will build a really nice looking shell of a product that appears to be working, but then you step into using it past the surface layer and issues start to show. Most people don't look past the surface layer, and instead keep digging in having the agent build on the crappy foundation, until some time later it all falls apart (And since a lot of these people aren't developers, they have also never heard of source control.)
If you know that LLMs are not thorough going into it, then you can get your failure rates way lower than 50%. Of course if you just paste a product spec into an LLM, it will do a bad job.
If you build an intuition for what kinds of asks an LLM (agent, really) can do well, you can choose to only give it those tasks, and that's where the huge speedups come from.
Don't know what to do about prompt injection, really. But "untrusted code" in the broader sense has always been a risk. If I download and use a library, the author already has free reign of my computer - they don't even need to think about messing with my LLM assistant.
My suggestion is to try CC, use a language like Go, and read their blogs how they use it internally. They are transparent what works and what does not work.
You can always chroot the directory you're using to isolate the tools from the rest of your system. That is unless your using a toy operating system of course. ;)
Put it in a docker instance with a mounted git worktree?
Aka VSCode DevContainer?
Could work I think (be wary of sending .env to the web though)
One way of doing it, yes. Why would your dev repo have any credentials in .env?
This is what got me started with claude-code. I gave it a try using openrouter API and got a bill of $40 for 2-3 hours of work. At that point, subscription to the Anthropic plan became a no-brainer
Which model did you use in Openrouter, Claude?
I tried quite a few of them, including the cheap / free models but the only one that was really working was claude. The others were hanging whenever the model needed a confirmation for action. Mind you, this was some time ago.
What is the secret sauce of Claude Code that makes it, somewhat irrespective of the backend LLM, better than the competition?
Is it just better prompting? Better tooling?
The agentic instructions just seem to be better. It does stuff by default (such as working up a plan of action) that other agents need to be prompted for, and it seems to get stuck less in failure sinks. The actual Claude model is decent, but claude code is probably the best agentic tool out there right now.
tbh, claude code is the only product that feels like its made by people who have actually used AI tooling on legacy codebases
for pretty much every other tool i've used, you walk away from it with the overwhelming feeling that whoever made this has never actually worked at a company in a software engineering team before
i realize this isn't an answer with satisfactory evidence-based language. but I do believe that there's a core `product-focus` difference between claude with other tools
Claude's edge comes from its superior context handling (up to 200K tokens), better tool use capabilities, and constitutional AI training that reduces hallucinations in code generation.
200 k is the lowest among any frontier llm
Yeah but most fall apart at lower context than advertised. They do great at simple stuff like needle in a haystack tests but totally flop when you actually try and use that context for something productive.
Claude Code with a plan is so much cheaper than any API.
Do you feel this is true of both the Pro and Max plans?
It depends on your usage patterns, presumably.
In my case, I ended up accruing $100/day w/ Claude Code (on github workflows) so Max x20 was an easy decision.
Pro seems targeted at a very different use case. Personally, I’ve never used the chat enough to break even. But someone who uses it several times per day might.
ETA: I get that the benefits transfer between the two, just with different limits. I still think it’s pretty clear which kind of usage each plan is intended for.
I tried installing and setting up the project today, it was miserable. I finally got it to work only to find out that the mistral models' tool calling does not work at all for claude code. Also, there is no mention anywhere of what models actually support anthropic level tool calling. If anyone knows if there are some open weight models (deepseek or others) I can host on my infra to get this to work out of the box that would be amazing.
It is a bit off-topic here, but anybody tried to use such LLMs for code porting: from c++ (and similar) to plain C99+?
Yeah, look at what https://x.com/badlogicgames has done porting an engine with the help of Claude Code. He's set up a TODO loop to perform this: https://github.com/badlogic/claude-commands – background blog article: https://mariozechner.at/posts/2025-06-02-prompts-are-code/
Mariosechner post looks very promising.
We may finally get to the devs doing lock-in using ultra complex syntax languages in a much more efficient way using LLMs.
I have already some ideas for some target c++ code to port to C99+.
The todo and porting "programs" are unrelated. The blog post shows the full porting pipeline.
One of the best use cases for LLMs. They excel at this kind of translation-adjacent task.
Unfortunately, I haven’t been able to use this with many of the recent open weight code/instruct models - CC tool use doesn’t work with Qwen3 and Kimi K2 for me.
Feels very similar to Aider[1]
1: https://aider.chat/
Anyone care to compare the current Aider with Claude Code? I tried Aider 6+ months ago and liked it but haven't tried it more recently because Claude Code is working so well for me. But I keep feeling like I should try Aider again.
Aider is good at one-shotting Git commits, but requires a human in the loop for a lot of iteration. Claude Code is better at iterating on problems that take multiple tries to get right (which is most problems IMO). I was really impressed by Aider until I started using CC.
I recently tried Aider and it seemed a bit behind. It's not getting as much development as the others either: https://github.com/Aider-AI/aider/pulse/monthly
Compare with https://github.com/sst/opencode/pulse/monthly
There’s also RooCode which is pretty nice: https://marketplace.visualstudio.com/items?itemName=RooVeter... (fork of Cline, that one’s also good)
Ofc some might prefer the pure CLI experience, but mentioning that because it also supports a lot of providers.
I moved from Aider to ClaudeCode for the simple reason i usually use IntelliJ Idea and even if poorer than RooCode on VSCode, integration between IntelliJ and ClaudeCode is reasonably solid. That said today i started using CCR since the possibility to use different models is extremely interesting (and the reason why i initially used Aider)
btw do you have javascript's stack background?
No please folks. Personally I have always been excited about the AI as a scientific discipline and practical field, and still am. But lets please stop trying to make a dead-end application of an otherwise interesting technology work. Its like those people who were still trying to build electronics with vaccuum tubes after transistors were invented. We need a transistor moment in the AI, not more vaccuum tubes.
If language is a dead-end application of language models, I don't know what isn't; the tooling is architecture agnostic anyway
> after transistors were invented
But we don't have "transistors" yet, what's your point exactly?
Given the vast space of AI research results since the 1950s, I would not say that we dont have transistors yet. Just that we are not applying them.
So, researchers are insanely lazy/secretly against AI/controlled by the Big Data?
I never said anything remotely similar to that, you must be projecting.
what are you talking about? how is this a deadend?
it improves over existing tools
I am not disputing that it improves the tools. But looking at the entire picture, the whole concept of using LLMs as a general purpose utility is a dead-end. Just the basic arithmetics of it does not add up. If you told your manager you had spent 20,000 dollars on a project, generating a pre-tax revenue of 100 dollars, i.e. creating net loss of 19,900 USD, you'd be fired right away. But somehow the GenAI industry has a similar investment-to-revenue ratio on a much larger scale and still the wishful thinking is in it's fifth year? I get it that people want to get in on the ride but just that having to add so much on top of it, constantly new plugins, tools, concepts, whatever all so that we can avoid seeing this for what it is - building TVs with vaccuum tubes, when what we desparately need are transistors, not improved vaccuum tubes. Just as we did not need faster horses in the era of Ford T-Model.
DeepSeek has shown that it makes 500% profit and it sells tokens for far lower than any big AI company.
https://www.reuters.com/technology/chinas-deepseek-claims-th...
These companies are unprofitable because of balance sheet shenanigans. See “Hollywood Accounting”.
There is absolutely no way they are not turning massive profit. They are serving relatively similar models to open source at 5-50x the price.
GLM 2.5 is $0.60 in, $2.20 out and it’s basically equivalent to Claude Opus.
Opus is $15 in and $75 out.
No way they’re operating at a massive loss.
I have no idea about DeepSeek. But the US-based GenAI leaders are in fact, operating under massive loss.
OpenAI would be profitable if they stopped all investment and research and just sold their existing products. So this argument doesn't really match reality.
Sure, feel free to break down the numbers.
In 2024 they had a $5 billion loss. About $3b of that was training. $1.5b was employees. I'm sure there's at least another $0.5b of costs associated to building out rather than just serving inference. In reality it's probably several times that. So if you cut employees to just maintaining what they have, fire all researchers etc, stop expansion, and stop training, you'd be profitable. Which is dumb and they wouldn't do that, but my point isn't that it's realistic, but rather that they could sell what they have at a profit if they wanted to.
So they could be profitable, but the conditions to achieve the profitability are dumb and unrealistic. Your own words. Somehow you claim to have still made your point, because a company firing all its employees and stopping all product development could be profitable, right? Because thats what companies do routinely, they just maximise profits by firing everyone once the product is mature enough and can practically take care of itself. I wonder why all the e-commerce companies just dont apply this one simple trick? Is that the argument that you are making? Now for the calculations - are you sure the losses are only 5B? Well, if we just account for the Microsoft donated Azure credits, they run a lot of their workloads on, its probably a lot, lot more than that. Unaccounted for in the OpenAI books perhaps, but still a huge material investment, that does not make any returns to anyone, hence a (by definition) loss.
I'm not sure what your original point was.
Either it's that serving AI as a business model is impossible to run at a profit, which I easily demonstrated is not the case. If it's just serving the model, then yes, it works, and there's tons of businesses doing just that and operating at a profit.
Or is that's the expense of evening running a GPU to serve a model is not worth the value that the model running on the GPU is capable of making, which is demonstrably not true, given that people are paying anywhere from dozens to hundreds of dollars a month, and there is an eventual payback period for both the cost of the hardware and electricity there.
I think it was on you to make a point here, not me. What is it that you demonstrated? I only saw a lot of creative imagination and "could be-would be" scenarios.
Citation needed.