Vuln Detection, QCOM Prod Security. Tweet/RT/Likes do NOT reflect the views of my employer, colleagues, friends, family & in some speculative cases even myself.
📢 NEW essay: the narrative that AI is replacing software engineers seems to be based on AI-washing of layoffs. Among the many lines of evidence: New York State requires firms to disclose which layoffs were due to AI. When there are legal consequences to lying, almost no company blames AI.
The best data suggests that software engineer employment in the U.S. is still growing, though slightly more slowly compared to a no-AI counterfactual world. But even this doesn’t account for increased entry into entrepreneurship.
Why haven’t AI agents replaced software engineers? Many kinds of knowledge work, including software development, can be seen as a “decide-execute-deliver sandwich”. AI compresses the middle but the other two layers resist automation in a way that will not be overcome by capability improvements alone. In 2026, the middle has already been squeezed and there isn’t much room for further compression, so there isn’t a future capability leap that will cause discontinuous impacts, either.
The essay also has a detailed breakdown of the difference between vibe coding and agentic engineering. Conflating the two has unfortunately led to a lot of confusion.
We acknowledge that there’s a lot of uncertainty about the future. But we think the unknowns are more about how we will define and carve up roles and who can adapt to the changing needs, and less about whether software engineering skills and judgment will remain in demand (they will).
Given that the AI-capabilities-cause-mass-layoffs narrative seems to be false even in a sector with very few regulatory barriers, we think most other professions are likely to be even more cushioned. (The claim isn’t that automation never displaces jobs, but that there are many downstream links in the causal chain, and that we have collective agency to act on those downstream decision points to ensure better outcomes for workers.)
This essay by me and @sayashk is the first in a series. Feedback is welcome! We hope that our unique vantage point (leading an AI agent evals research group + fluency with the labor economics literature + the "normal technology" framework for understanding AI impacts + being coders ourselves and well connected to the software engineering community) gives us a way to bring complementary perspectives together for a deep dive into how AI is transforming the profession, in a way that hasn't been done before.
Read the essay here for lots of other details: https://t.co/8ZofeCz8yS
The popular conversation around AI in America looks nothing like the narratives the elites are driving.
For our new research, we analyzed 25,000 TikTok and YouTube videos about AI---and watched thousands of them ourselves---to understand how Americans are encountering AI in their everyday lives.
Despite an elite conversation focused largely on backlash, AI videos embracing AI outnumber videos about resisting AI 3 to 1.
These "adopter" videos don't focus on the things elites talk about: they talk about funny memes and effects AI can help make and ways you can use AI to help you with your job search.
There is a significant and organized social media community focused on resisting AI, but surprisingly, it's not mainly about job loss, data centers, or existential risk. Instead, it's about creative theft and the erosion of human-made art. This has all the hallmarks of a genuine movement---with organized efforts to support human artists, to report AI-generated content, and to oppose the technology in the real world.
All in all, when we look past the efforts of the labs and the media to impose a top-down narrative around job loss and existential risk, we find everyday Americans having a far different and in many ways more "normal" conversation (@random_walker)---one in which AI offers immediate and personal opportunities and challenges all at the same time.
Check out the full research piece, which is loaded with interesting real example videos, here:
https://t.co/AbFTqM4g7e
Qualcomm Product Security team has two U.S. based positions open: one for an experienced product security engineer in secure development lifecycle and regulatory compliance; the other is for a seasoned Incident Response engineer.
https://t.co/RkLEy4O8jb
https://t.co/MRUayDmiyI
AI isn't replacing programmers, but it *is* making it harder to survive as a programmer with purely technical skills and no interest or expertise in how those skills translate to business or societal value. Funny thing is, this has always been true—it's just being accelerated a bit due to AI. There's a famous essay by @patio11 from 15 years ago called "Don't Call Yourself A Programmer, And Other Career Advice". https://t.co/FlJGJFTWmL
I don' think most people appreciate both the nuance and the importance of this UI that Microsoft is shipping with their new coding agent
It works *on behalf of* a dev. This has lots of implications!
In the upcoming S&P, Guoren will present the best indirect call analysis for the Linux kernel and other large programs. This analysis simultaneously improves the precision and soundness of prior work by eliminating false and missed indirect call targets.
https://t.co/DVoB9334mM
What happens if your CPU gets something wrong? If it wakes up one day and decides 2+2=5?
Well, most of us will never have to worry about that. But if you work at a company the size of Google, you do, which is why this paper on "mercurial cores" is so fascinating.
What the authors report--and supposedly this is common knowledge at the hyperscalers--is that a couple cores per several thousand machines are "mercurial." Due to subtle manufacturing defects or old age, they give wrong answers for certain instructions. These can cause all sorts of impossible-to-diagnose issues. Some rare problems at Google that were traced back to bad CPUs include:
- Mutexes not working, causing application crashes
- Silent data corruption
- Garbage collectors targeting live memory, causing application crashes
- Kernel state corruption causing kernel panics
What makes CPUs go bad? It's very hard to tell. The authors posit that issues are becoming more frequent as CPUs get more complex, but there aren't solid numbers behind that. There are certainly strong relationships between frequency, temperature, voltage, and bad CPU behavior--most mercurial CPUs only cause problems under very specific conditions, but those conditions vary from CPU to CPU. Age is another source of problems, as older CPUs are more likely to exhibit problems.
Bad CPUs are an especially serious problem because they're very hard to detect. If cosmic rays flip bits in storage or on the network, that can be detected through error coding. But there's no analogy for a CPU that allows cheap online verification of its correctness. Instead, the best detection techniques involve monitoring for symptoms. If a core exhibits exceptionally high rates of process crashes or kernel panics relative to its fellows, that's a strong indication something is wrong with it. For the most critical applications, the authors propose triple modular redundancy--redoing each of its computations on three cores and majority-voting a reliable result.
More than anything, this paper is a call to action--letting everyone know that CPUs can fail. So now, if you ever find a bug you can't diagnose, you can blame the CPU! 🙂
Apparently many not that strong ML security paper submissions, usable security had the highest acceptance rate. Lots of interesting statistics by @balzarot and Wenyuan Xu regarding @USENIXSecurity, I hope the slides will be available #usesec24
Here is a lovely geometric proof that sqrt(2) is irrational.
The proof begins by looking at an isosceles right triangle whose legs have length 1. By the Pythagorean theorem, this triangle's hypotenuse will have length sqrt(2).
I've spent the past ~3 weeks going through the entire history of deep learning and reimplementing all the core breakthroughs.
It has completely changed my beliefs about deep learning progress and where we're headed.
Progress tracker in thread (all resources at the end) 👇
One of the two Test of Time awards is „Modeling and Discovering Vulnerabilities with Code Property Graphs“ (https://t.co/gaHcHCcEpE) - pretty cool paper with lots of impact. Congratulations @fabsx00, @mlsec, Daniel Arp and Nico Golde 🎉
At KGP, my bike was a Raleigh from Nottingham. It was more than 50 years old. I got it from my grand father's colleague who bought it from a "Kabuliwala" (person from Kabul) decades ago. The person would bike from Kabul to Kolkata selling various nuts along the way.
There is a cycling microculture in college campuses in India that we don’t talk about much. Here is what I found during my visit to IIT Kharagpur @IITKgp:
1/n
Qualcomm's Product Security (QPSI) is looking for interns for the summer of 2024 to work on AI model security against malicious attacks.
Mail [email protected].
DM me with any questions you have. #AIModelSecurity
Essential ML papers:
1. Transformers: Attention is All You Need
https://t.co/0YB2GKc7Jv
2. BERT: Pre-training of Deep Bidirectional Transformers for Language Understanding
https://t.co/Hf9h3mSSsG
3. GPT: Language Models are Few-Shot Learners
https://t.co/c5Sxf4LWXn
4. CNNs: ImageNet Classification with Deep Convolutional Neural Networks
https://t.co/Yfzep7fOz6
5. GATs: Graph Attention Networks
https://t.co/bk9dW1zwtp
6. ViT: An Image is Worth 16x16 Words: Transformers for Image Recognition at Scale
https://t.co/X1SeSLgdMa
7. AlphaFold2: Highly accurate protein structure with AlphaFold
https://t.co/UDoCVF2kxq
8. GANs: Generative Adversarial Nets
https://t.co/BWi2nWSkrL
9. RoBERTa: A Robustly Optimized BERT Pretraining Approach
https://t.co/VQH21mSBqD
10. NeRF: Representing Scenes as Neural Radiance Fields for View Synthesis
https://t.co/pFyiUyqRpv
11. FunSearch: Mathematical discoveries from program search with large language models
https://t.co/1wl4lOgSGG
12. VAEs: Auto-Encoding Variational Bayes
https://t.co/1m5vaPIQNu