←back to thread

Living Dangerously with Claude

(simonwillison.net)
134 points FromTheArchives | 6 comments | 22 Oct 25 12:36 UTC | HN request time: 0.864s | source | bottom
Show context
matthewdgreen ◴[23 Oct 25 01:10 UTC] No.45677089[source]
So let me get this straight. You’re writing tens of thousands of lines of code that will presumably go into a public GitHub repository and/or be served from some location. Even if it only runs locally on your own machine, at some point you’ll presumably give that code network access. And that code is being developed (without much review) by an agent that, in our threat model, has been fully subverted by prompt injection?

Sandboxing the agent hardly seems like a sufficient defense here.

replies(3): >>45677537 #>>45684527 #>>45686450 #
1. tptacek ◴[23 Oct 25 17:34 UTC] No.45684527[source]
Where did "without much review" come from? I don't see that in the deck.
replies(2): >>45684731 #>>45688191 #
2. enraged_camel ◴[23 Oct 25 17:51 UTC] No.45684731[source]
Yeah. Personally I haven't found a workflow that relies heavily on detailed design specs, red/green TDD followed by code review. And that's fine because that's how I did my work before AI anyway, both at the individual level and at the team level. So really, this is no different than reviewing someone else's PR, aside from the (greatly increased) turnaround time and volume.
replies(2): >>45684813 #>>45684821 #
3. ◴[23 Oct 25 17:58 UTC] No.45684813[source]
4. tyre ◴[23 Oct 25 17:58 UTC] No.45684821[source]
I’ve found it helpful to have a model write a detailed architecture and implementation proposal, which I then review and iterate on.

From there it splits out each phase into three parts: implementation, code review, and iteration.

After each part, I do a code review and iteration.

If asked, the proposal is broken down into small, logical chunks so code review is pretty quick. It can only stray so far off track.

I treat it like a strong mid-level engineer who is learning to ship iteratively.

replies(1): >>45684937 #
5. theshrike79 ◴[23 Oct 25 18:09 UTC] No.45684937{3}[source]
I play Claude and Codex against each other

Codex is pretty good at finding complex bugs in the code, but Claude is better at getting stuff working

6. matthewdgreen ◴[23 Oct 25 22:29 UTC] No.45688191[source]
He wrote 14,000 lines of code in several days. How much review is going on there?