My heuristic is that any diff an agent generates over ~1500 lines is too big and is indicative that the problem needs to be decomposed. This is my general pattern now for feature work:
1. Try to implement the whole feature, loosely guided. I call this the "draw the owl" prompt in reference to the meme. Expect garbage, you're going to get garbage.
2. If the diff is less than 1500 lines, review it and iterate normally. If the diff is more than 1500 lines, prompt the agent to decompose the problem into atomic, incremental, reviewable tasks. Simultaneously, do this yourself.
3. Agents will very often make these tasks way too specific to the shape they solved. You need to massage it into the right general shape. Do that.
4. Kick off new agents to work on those incremental things (as parallelized as possible). Apply the same rules.
5. At a certain, point, repeat the "draw the owl" prompt. At some point, you will get beneath your review-ability threshold.
This has been producing consistently high quality, maintainable, reviewable chunks of code that have a good handoff to either merge as-is or human refinement.
And with the latest frontier models at xhigh thinking, these are all slow enough that you can usually have multiple going concurrently while you are actively reviewing others or working on your own tasks.
HITL (human-in-the-loop) agents are still super important, especially for feature work. Features touch the human boundary in terms of UI, API, etc. And net new stuff can introduce pathologies in the architecture that violate desired invariants (these should be represented in specs or tests but we aren't perfect!).
I know a lot of the leading edge agentic discourse is about "loops" and agents driving agents continuously. I do some of that (will report on that later). But, in terms of raw daily get-shit-done type of work, this is my most rewarding pattern at the moment.
Statement : CBSE's On-Screen Marking failure and the case for a Joint Parliamentary Committee
New Delhi, 30 May 2026
This year CBSE graded the Class 12 scripts of over 17.8 lakh students on an On-Screen Marking (OSM) portal built by a private vendor, Coempt EduTeck. Nisarga Adhikary, a 19 year old who had just sat his own boards, found that anyone could take over an examiner account and change marks. He reported it to CERT-In on 25 February. CERT-In sent a form acknowledgement and did nothing further. These flaws stayed live for close to three months, through the declaration of results.
IFF states that this is not a CBSE problem alone and is part of a wider pattern of faulty and insecure digital systems in a growing number of public services. For instance, Srikanth of Cashless Consumer has shown that the same platform runs the evaluation portals of at least thirty boards and universities on one codebase, so a single flaw puts all of them at risk. Sarthak Sidhant, himself a Class 12 student this year, has documented how CBSE rewrote its own tender to qualify a vendor it should have rejected. Coempt was earlier Globarena, the firm behind the 2019 Telangana results disaster.
This contract required a CERT-In security audit before the portal went live. It is not clear how and if it was done and CERT-In avoids pro-active disclosures on its functioning and further has been exempted from the RTI. The OSM platform as we now know went live anyway, carrying a hardcoded password and an OTP check that ran inside the user's own browser. It demonstrates that India's cybersecurity audit and certification regime for public services even if they work, exist only on paper. Over years there has been a consistent failure and apathy by CERT-In to perform its statutory duties.
Further, the existing provisions of the IT Act, 2000 criminalise responsible disclosures and put cyber security researchers to risk of legal prosecution. IFF asked the government years ago to protect good faith security research. That protection still does not exist.
We must also ask the questions on digitalisation of each and every public service as an administrative and policy dogma. CBSE made the system compulsory and promised speed and accuracy. A record four lakh students have since sought re-evaluation, four times last year's number. As Prof. Anita Rampal has put it, marking is an act of human judgment, not a mindless scroll down a screen, watched by a camera that treats a teacher who pauses to think as a suspect: "We are not robots and shouldn't be making humans into robots." Forcing a working process onto a digital system because it looks modern, without first showing that it works better, fails any precepts of rights based principles or evidence lead public policy.
Given the severity of the platform vunerabilities, in addition to the demands made through our representation dated May 26, 2026, today additionally IFF asks for:
1. An independent, published security audit of every board on the platform, and immediate fixes.
2. Public disclosure of the full tender file and the decisions that cleared this vendor with an investigation into the role of CERT-In.
3. An amendment to the IT Act that protects good-faith security researchers.
4. A Joint Parliamentary Committee, chaired by a member of the opposition and members from across parties and co-opted technical experts, to examine the security failure, the procurement, the handling of children's data, the functioning of CERT-In and whether digitisation in every sector is causing coercion. It must stand apart from the bodies it is investigating, not be an internal review that closes ranks or merely issues, "clean chits".
We are dismayed at offices of the CBSE which are directing propaganda and narrative deflection by forcing our educators to put out social media posts praising the OSM and CBSE. This is a moment to introspect, acknowledge and work towards correction from the years of fetishisation of digital technologies in our public services.
Digitalisation in some aspects has indeed improved our lives, but in many others made life for indians more bothersome and coercive. We owe it to our youth to maintain trust in our shared national project and the constitution of India.
The national high school exam of India, CBSE, has been Pwned!
This incompetent organization continues to deny the allegations against them. And a teenager has taken over their prod servers hosting the exam booklet scans of 2M test takers. They have just taken it down.
All they had to say is "can you help us fix the problem?" but their ego is too big to admit they were wrong.
Incompetence is one thing. The complete lack of accountability to the nation while your servers get catastrophically owned is another. Internet-scale embarrassment.
This is an unbelievable piece of work by Sarthak and something that requires amplification.
Let me explain what he found, in simple terms.
Sarthak is a Class 12 student from the 2025-26 batch, one of the 17 lakh students whose answer sheets went through CBSE's new On-Screen Marking system.
He spent days reading through CBSE's evaluation tenders, scraped all 576 tenders CBSE has issued, and tracked how the rules changed across three versions of the same tender.
The core finding is that the company that won the contract to scan and grade 17 lakh students' answer sheets is Coempt Eduteck.
Coempt used to be called Globarena Technologies. Globarena was the company behind the 2019 Telangana intermediate exam disaster, where software failures led to 3.8 lakh students getting wrong or missing marks, and 23 students died by suicide.
A government committee found systemic failure and negligence. Six months later, Globarena rebranded to Coempt Eduteck.
So a company with that track record won a contract to handle 17 lakh CBSE students. Sarthak's investigation is about how the rules were rewritten to let that happen.
The tender was issued three times.
> First tender, February 2025. It existed, then disappeared from the public GeM portal. Sarthak scraped all 576 CBSE tenders and this one was missing from the archive entirely.
> Second tender, May 2025. Four companies applied including TCS and Coempt. All four failed the technical evaluation. Cancelled.
> Third tender, August 2025. Coempt won. Between the second and third tender, a series of rule changes happened, and every single one made it easier for Coempt to qualify.
Here is what changed, one by one.
01. The old rules disqualified any company with a history of abandoning work, failing to complete contracts, or financial weakness. The new rules deleted this clause entirely. Coempt's Telangana history stopped being a barrier.
02. The old rules disqualified any company that was "blacklisted earlier." The new rules changed this to "currently blacklisted." Because Globarena rebranded after Telangana, removing the word "earlier" effectively erased their past.
03. The rules required Rs 50 crore average turnover over three years. Coempt's exact average came to Rs 50.86 crore. They cleared the bar by less than 1%. Earlier, a smaller company had asked CBSE to lower the bar to Rs 30 crore for fairer competition. CBSE refused. So the bar was kept high enough to block small players, but sat exactly low enough for Coempt to scrape through.
04. Software maturity is measured on the CMMI scale, 1 to 5. The old rules required Level 5. The new rules dropped it to Level 3. Coempt is a Level 3 company.
05. The cooling-off period for engaging retired CBSE officials was cut from two years to one. This makes it easier to use recently retired insiders to influence the process.
06. The old rules required experience with large projects of at least 5 lakh students each. The new rules removed the student count and counted cumulative answer-book volume across small projects instead. Coempt has many small fragmented university contracts. This helped Coempt and hurt TCS.
07. The old rules required bidders to own their own data centre and disaster recovery centre on Indian soil. The new rules allowed third-party MeitY-empanelled cloud hosting. Coempt runs on AWS and Azure. This helped Coempt and hurt TCS, which owns its own data centres. It also means student data is no longer on sovereign, Indian infrastructure.
08. The old rules required the bidder to own or control the complete source code of its software. The new rules deleted this. Coempt's platform runs on Microsoft's proprietary IIS, which they don't own.
09. A last-minute corrigendum, issued right before bid submission, removed CBSE's own power to blacklist the firm if its software failed catastrophically. So even a Telangana-scale failure couldn't get Coempt banned from future government tenders.
10. The penalty structure shifted from punishing mistakes to punishing delays. The old rules fined the vendor for wrong scanning, merged pages, and unscanned books. The new rules dropped those and instead levied Rs 50,000 per day for delays. This incentivises rushed scanning over accurate scanning.
11. The old rules had a hard accuracy threshold, error rate not to exceed 0.5%. The new rules removed this number entirely.
12. The old rules specified proper book and robotics scanners. The new rules just say "sufficient scanners." The definition was vague enough that, as Sarthak notes, the scanning could be done with a phone on a stand.
13. On the security side, the contract required a VAPT (vulnerability and penetration test) certified by CERT-In before go-live, and a restricted beta phase before launch. The system clearly wasn't restricted, because the other researcher, Nisarga, was able to access it and find vulnerabilities four days before go-live. So the mandatory security audit appears to have been bypassed.
These are more than a dozen rule changes, all between the failed tender and the winning tender, all pushing in the same direction, all benefiting the one company with the worst track record in the field.
The security holes Nisarga found last week now have an explanation. The system was built by a vendor that was specifically allowed to skip the security certification, the source code ownership, the data sovereignty, and the quality thresholds the original rules demanded.
Following things need to happen immediately;
1. An immediate CAG audit of the tender process.
2. A parliamentary debate on the topic.
3. An independent investigation into
> Why the first tender vanished?
> Why the disqualification clauses were deleted?
> Why the turnover bar was held exactly where it was?
> Why the security level was dropped?
> Why the blacklisting power was removed at the last moment?
Sarthak, this is genuinely exceptional investigative work. Far better than most journalists with full resources ever manage. Take a bow. :)
🦔Uber's COO Andrew Macdonald said on Saturday that the company is having a harder time justifying its AI spend. After CTO Praveen Neppalli Naga went viral in April for admitting Uber burned through its 2026 Claude Code budget in four months, senior engineering leaders concluded higher token usage was not translating into proportionally more useful product.
Macdonald said the link between AI consumption and shipped features is "not there yet." CEO Dara Khosrowshahi confirmed on the earnings call that Uber is slowing hiring to fund its AI spend. Duolingo also walked back its decision to include AI usage in performance reviews last month.
My Take
Uber is the first major enterprise where the C-suite has publicly admitted, on the record, that the AI productivity story is not closing for them. That matters because Uber is not a skeptic. The company went all-in on AI tooling, set internal targets, and burned through its annual research and development budget in four months trying to make it work. The conclusion from the people running the experiment is that tokens consumed and value shipped are not the same number, and management is finally noticing.
Duolingo's reversal lands in the same week for a reason. CEO Luis von Ahn said employees were asking whether they needed to use AI just to use AI, which is Goodhart's Law showing up in a performance review system. When usage becomes the metric, employees optimize for usage, not output. Microsoft canceled internal Claude Code licenses, Google AI Pro stripped credits from paid subscribers, and now Uber is admitting the ROI does not close at scale.
The narrative has shifted in the last 30 days from "AI productivity is here" to "AI productivity is harder to measure than we thought." The companies pushing tokenmaxxing internally are now the same companies signaling cost pressure externally. The IPO calendar for OpenAI and Anthropic is going to get a lot more complicated if the largest enterprise customers keep saying this out loud.
Hedgie🤗
Strong Opinions, Loosely Held on Agent + Harness Engineering:
1. You can outperform any default harness+model (including codex & claude code) on pretty much any Task by engineering the harness around it. Using the exact same model, curate prompts, tools, skills, hooks for that Task. This harness optimization process is becoming much more agent driven with humans reviewing and curating evals/rewards to hill climb on. “Just say what you want”.
2. A “general purpose” agent/harness doesn’t really exist, it’s a tradeoff between time spent on customizing the agent and performance (cost, latency, accuracy) on a Task. I don’t exactly follow what a general purpose means tbh. Who decides what’s general and what’s not?
3. But if the “general purpose” agent/harness existed, it would look like a good coding agent
4. Building a Task specific harness will most likely converge to good prompt & tool design (probably packaged up as a Skill) as models become smarter and better at in-context learning
5. Evals are a moat and thus data to produce evals is a moat. Especially true for vertical agent companies. This is because agents can fit to most Eval sets today. If Evals measurably encode all the good behavior your agent needs to do, then this signal can be hill climbed to improve your agent
6. Frontier closed models are far too expensive for the large majority of tasks the world needs to do. As teams start mapping costs to ROI, Open Model Harness Engineering will take off even more. It is almost always worth the investment to at least try to get a potential 20x+ cost reduction
7. A large chunk of design decisions around Task decomposition and context engineering exist solely because our usable context window is 50-100k. Agents that become excellent at breaking down tasks, applying compaction appropriately, and orchestrating subagents as sub-task workers will be the most delightful products to do real work.
8. We’re entering an Age of Unbundled (& Rebundled) Agents where Subagents exposed as Tools do a ton of domain specific work on behalf of an orchestrator agent. The Harness becomes a box that gets populated with the exact set of tools, skills, and subagents needed to solve that task or sub-task.
Examples include WarpGrep (search), Chroma Context-1 (search), Nemotron 3 Omni (small multimodal), etc. Bespoke agents that rock at narrow tasks orchestrated as tools.
This also applies to software as tools that are used by agents via Skills like Remotion or Blender. Different harnesses bundle together the tooling needed to complete that narrow task.
End of opinions, these may change by the time this tweet goes out or may double down and expand on these in an article
Building AI applications is more like gardening than like construction.
When you 'build' something, you know where everything is and how it interacts with its environment and the stresses and strains it takes.
When you garden, you plant seeds and let it grow, keep an eye on the health and intervene only where necessary.
Now that we've unleashed the golems, there's no point in knowing exactly how the system is built. Rather we must train ourselves to spot the diseases - the antipatterns, the two components that should be the same but look different, and so on.
Tools for checking code health and tests for verifying behaviour are all the understanding we need. for the rest, let the agents cook.
The FDE model is about TALENT not just deployment. McKinsey made “client service” prestigious for business generalists. Palantir made “embedded deployment” prestigious for technical generalists.
The open question of the AI era is who makes AI implementation feel like cutting edge work.
The question right now that you see so many undergrads senior year asking is “which of these places is going to be sexy to do this forward deployed work at”…..
we're continuing to see clear examples where a model's harness is a major determinant of overall performance. with the same model, running on same task, it's easy to observe very different scores depending on (system) prompts, tools (& their descriptions), and middleware (steering hooks).
this is exactly why we built a harness profiles abstraction in Deep Agents: per-provider or per-model overrides for base system prompts, tool names + implementations, etc., so swapping models doesn't mean losing the work that made the last one good!
10–20pt jumps on tau2-bench in our own testing.
currently cooking up built-in profiles for popular open weight models 🧑🍳
https://t.co/4ZWF2vQMwV
We are investing in foundational technologies across the board: recently in quantum sensing, advanced materials, and soon metallurgy. I am a big proponent of metallurgy R&D in particular. Without it, we cannot build nail cutters or precision machinery or jet engines.
These are not flashy billion dollar investments to make headlines, they are foundational R&D that cost millions a year, stretched out over many years. The key is to SUSTAIN them for a decade or longer. Scientists and engineers need time and rock solid support.
We also don't aim for prestige, we want to first replicate know-how already there.
We have also been looking to partner with small Japanese companies with critical know-how. I have two fluent Japanese speakers with me now!
China will let Pakistan use its Mythos-like AI for Stuxnet-type digital attacks on India or physical attacks via robo-terrorists. US will deny India access to SOTA capabilities for whatever reason. What are the options?
Our tech visionaries should consider AI correctly by seeinh beyond "application layer" and mass use-cases.
I strongly disagree with this. And I cannot believe how @NandanNilekani can be so short-sighted.
Data and intelligence sovereignty should be a national strategic priority. Using AI models from foreign players will involve perpetually sending them all of our data, including use-case insights and user preferences.
Dear Mr. Vembu,
I am welcome?
IIM professors told me otherwise when I tried to apply to come back to teach future managers cybersecurity as a risk management discipline, something I thought I could do for India by training future generations to lead Indian companies in a cyber-informed manner.
I was told to get another PhD in MIS to be worthy of teaching (I had a PhD in Computer Science from Stonybrook one of the top places in my field)
Basically they wanted to hire their own students (a practice frowned on internationally) and actively were condescending or passively dismissive to anyone who was not. And I had a privileged position from a desi lens, as my father had been a professor at the same institution.
I now do the same for one of world’s biggest medtech companies, wrote a book in the medical device space on this risk management concept extensively used in many other large medtech companies and I say this to preempt the “oh well you were not good enough”. Those who have known me on social media for two decades know that I am not the humble brag type.
(I also applied to private management institutes. One of them sent me an email a year later after I had applied asking me to appear for an interview in two days promising to pay me second class train fare from where I was, which I presume would be difficult from Chicago (that’s where I was then))
So all this sounds great on X but unless institutions change in India, away from old babu culture, people who want to come back on their own (I already had my green card so I wasn’t trying to come because of visa issues, but from a genuine desire to leave a legacy) will find themselves blocked and demotivated.
Thanks
In all humility and with complete respect for judiciary, I have written the following letter to Justice Swarna Kanta Sharma, informing her that pursuing Gandhian principles of Satyagraha, it won’t be possible for me to pursue this case in her court, either in person or through a counsel.
I have taken this difficult decision after coming to the clear conclusion that the proceedings being conducted in her court do not, in any manner, satisfy the fundamental principle that ‘justice must not only be done but must also be seen to be done’. My participation in these proceedings, either myself or through a counsel will not achieve anything meaningful.
During the second wave of the COVID-19 pandemic, when the Union government threw up its hands during an oxygen supply crisis, I worked swiftly to bring oxygen from Odisha to Madurai — by trains and trucks — saving the lives of hundreds of patients at the Rajaji Hospital and hospitals across our southern districts.
When DMK assumed office in 2021, Madurai was recording 1,200–1,250 COVID cases per day. Within 30 days, we brought that number down to 150.
In nine years as MLA, we brought ₹12 crore in CSR funding to modernise every single government and Corporation school in the constituency: smart classes, libraries, toilets. We built 22 new ration shops, 23 anganwadis, 47 borewells, 8 community centres, and 3 scan machines so women no longer have to travel far for prenatal care.
This is my commitment to the people of Madurai Central. Not promises. A record.
The hardest thing about agents and backends is durability. @workflowsdk fixes this.
That LLM you're calling *will* go down. That service *will* rate limit you. That database *will* unexpectedly slow down. You *will* get paged 💀
I've been looking for a unicorn for a decade. I wanted the level of reliability of combining stuff like SQS / Kafka / microservices, and I absolutely did not want *that* at the same time 😂
Truly reliable systems like that are notoriously difficult to reason about, to develop locally, to test, to simulate, to deploy… Workflow SDK solves that without compromises.
We're doing what Next.js did for the frontend, but for one of the most important problems of the new generation of backend applications.
Notably, Workflow SDK has an incredible self-hosting and multi-cloud story from day 0. We've taken amazing lessons from Next.js and poured them into the many Worlds (adapters) you can deploy to.
Congrats to Pranay and the Workflow team on a generational ship: https://t.co/ub7vQ7L6yE
I recently had dinner with Dr Devi Shetty, the founder of Narayana Hospitals. For those who don't know him, he's the guy who figured out how to do open heart surgery for a few hundred dollars when the same procedure costs a bomb in the US. Narayana has 18,000 beds across India, and if you ask most middle-class people in Bangalore about it, they'll speak highly of it.
There was one thing I kept thinking about over and over again after meeting him.
Narayana's market cap is around ₹38,000 crore. Now compare that to pretty much any half-decent financial services business in India, and it'll be valued more than that, including Zerodha. A brokerage, worth more than a hospital chain, that has probably saved hundreds of thousands of lives.
I get the arguments. If you're a fund manager/analyst, you can immediately explain it away using margins, capex, asset-light vs asset-heavy, and all that, and I'm not saying the market is wrong.
But it's still a strange world we've built, where the businesses closest to money get valued the highest, and the ones doing the hard and essential things get priced like boring utilities. A hospital carries physical infrastructure, enormous liability, thin margins and the actual weight of keeping people alive. And somehow that's worth less than a platform for buying and selling stocks.
I don't have a clean take on this. All of this just felt odd.
Ps: Nothing here is investment advice. For that, go to @zerodhavarsity
We’re introducing Dynamic Workers, which allow you to execute AI-generated code in secure, lightweight isolates. This approach is 100 times faster than traditional containers. https://t.co/c36Vkb7I0R
Almost every SaaS app inside Vercel has now been replaced with a generated app or agent interface, deployed on Vercel.
Support, sales, marketing, PM, HR, dataviz, even design and video workflows. It’s shocking.
The SaaSpocalypse is both understated and overstated. Over because the key systems of record and storage are still there (Salesforce, Snowflake, etc.)
Understated because the software we are generating is more beautiful, personalized, and crucially, fits our business problems better.
We struggled for years to represent the health of a Vercel customer properly inside Salesforce. Too much data (trillions of consumption data points), the ontology of Vercel was a mismatch to the built-in assumptions, and the resulting UI was bizarre. We generated what we needed instead. When you don’t need a UI, you just ask an agent with natural language.
We’ve also been moving off legacy systems with poor, slow, outdated, and inconsistent APIs, as well as just dropping abstraction down to more traditional databases. UI is a function 𝑓 of data (always has been), and that 𝑓 is increasingly becoming the LLM.
Recently met the head of product at a SaaS with a $100B+ market cap.
They're building a headless version of their flagship product specifically for agents.
Not the cloud version with a UI. Actual infrastructure level APIs that agents can call programmatically.
Imo, this is a far more accurate evolution of traditional SaaS than the current SaaSpocalypse BS.