@simonwillison.net ...and now I've massively improved it - after untrusted tokens enter session, it uses clean subagents you check for prompt injection at a high level. Many few approvals and safe execution
@simonwillison.net hi π I built a way for Claude Code to avoid the Lethal Trifecta through tool call ordering and plan mode, building on your work and on CaMeL.
Means far fewer approvals and easier to parse statements of intent. Grateful for feedback!
github.com/chrismdp/loc...
@chrismdp.com post is well worth a read. Rather squashes the idea that AI will give us more than incremental productivity gains.
Related, I'm seeing a trend back to BDUF with GenAI. For complex work, we just donβt know everything upfront. Is why agile/iterative approaches came about
FINAL CALL: "Kill Your Prompts" starts in one hour! Free to join?
Sign up: chrismdp.com/webinar
All sign ups get full slides and recording (even if you don't make it)
Thanks! More people need to understand this for sure
Most people think they control their AI conversations. The reality? Your input is the smallest piece of a much larger system. Here's what actually controls every AI response: πΈ Text Input - The only part you directly control (if using an app) πΈ User Prompt - Your complete input including tools and formatting πΈ Your System Prompt - App-specific instructions defining AI personality and behavior. Don't put user input here - creates prompt injection vulnerabilities. πΈ Chat Construct - LLMs are next-word predictors, not conversational beings. Apps send your entire chat history with each message, creating an illusion of memory. πΈ Hidden System Prompt - Safety guidelines from OpenAI, Anthropic, etc. These regularly leak online and define content policies you cannot control. πΈ Foundation Model Training - Reinforcement learning, fine-tuning, and training methodology that shapes core capabilities. πΈ Raw Training Data - Billions of text examples from the internet. Contains "unsafe" content but has the biggest influence on behavior.
You control less of your AI conversation than you think.
(Quite proud of this infographic. Didn't do well on LinkedIn. Perhaps BlueSky users are more discerning?)
I have recently gone back to Notion after a long break.
Why? MCP. Changes everything.
Bitten the bullet and paid for Opus and the Claude Max plan for Claude Code.
Jury is out so far on whether it is worth it: trying to be objective on usage and state hypotheses up front.
you see this kind of reaction is why I use Claude over ChatGPT π (although I'm already missing the per project memory)
Whew: more LinkedIn posts scheduled for the next 3 days. It's exhausting coming up with actually good AI content all the time!
Just tried local MCP servers, again. Bleurgh.
I'm pretty technical and it took an hour to get one of the most popular ones working at all, and then the results were extremely poor.
MCP local is a rabbit hole. Don't bother. Remote, well maintained MCP servers is the way to go.
Brilliant day at London Tech Week and Founder Gathr event. Super tired now, so writeup will have to wait until tomorrow (watch out for it on LinkedIn). Some amazing conversations!
Can I have sub-projects in my AI tools, with layers of context please? I want a folder structure, or the ability to write a prompt in multiple projects at once to get all the context
nice
Once we move beyond IDEs these won't matter. For now they're a key differentiator.
The thing that sets apart @cursor.com.web.brid.gy from over AI coding IDEs for me is not the agents/prompting: it's the UX. The tiny friction reducers like amazing smart autocomplete, tools in Inline Assist, easy checkpointing, automatic linting fixes, etc.
I'm going to hold my nose and go back to Cursor, much as I dislike VSCode bloat the AI tools are much faster
β’ Zed is much nicer than VSCode based editors,
β’ I really miss smart auto-complete to repeat one change elsewhere
β’ Tools like `Web` aren't available in Inline Assist which I use all the time for small tweaks
β’ 2.5 Pro is just as good as Claude but slower. Flash is fast but gets stuck quickly
Just been trying Zed with Gemini 2.5 for coding for a morning.
Takeaways:
Thanks Tony! What specifically convinced you?
Finding more and more I'm just using the main Desktop tools (Claude, ChatGPT, Cursor) rather than feeling like I need to build agents.
Areas in which I want to code against #AI APIs:
- task repetition for multiple files
- critique loops to improve text
- pasting between non-MCP services
Thanks Tony! Can I assume you mean βsignificantβ? :)
Started this great article about AI coding, and I already feel seen. Templates were so exciting in 2002.
fly.io/blog/youre-...
I do cancel things regularly. This prod feels like it's well worth the cost of any annual discount I might get.
I quite like paying for all of my AI subscriptions monthly.
Every time I see the payment go out, it's a prod to remind me whether or not I'm actually using the thing.
And if I'm not, then I cancel it.
(That's exactly why I started building kaijo.ai in the first place)
Hilarious ChatGPT fail I came across: they cached the request too, so retries also failed π€¦ββοΈ
Hype jockeys take note: this tech is still experimental, and can be completely unpredictable.
Decided I need a different outlet than LinkedIn for social chat. I was posting everything to everything, but I think that doesn't really work.
I think I'm just going to use Twitter and Blue Sky for chat, expect much more ad-hoc posts here, with perhaps more nonsense (you've been warned)
