Slashdot reader spatwei shared this report from the cybersecurity site SC World: : AI coding assistants such as GitHub Copilot and Cursor could be manipulated to generate code containing backdoors, vulnerabilities and other security issues via distribution of malicious rule configuration files, Pillar Security researchers reported Tuesday.

Rules files are used by AI coding agents to guide their behavior when generating or editing code. For example, a rules file may include instructions for the assistant to follow certain coding best practices, utilize specific formatting, or output responses in a specific language.

The attack technique developed by Pillar Researchers, which they call 'Rules File Backdoor,' weaponizes rules files by injecting them with instructions that are invisible to a human user but readable by the AI agent.

Hidden Unicode characters like bidirectional text markers and zero-width joiners can be used to obfuscate malicious instructions in the user interface and in GitHub pull requests, the researchers noted.

Rules configurations are often shared among developer communities and distributed through open-source repositories or included in project templates; therefore, an attacker could distribute a malicious rules file by sharing it on a forum, publishing it on an open-source platform like GitHub or injecting it via a pull request to a popular repository.

Once the poisoned rules file is imported to GitHub Copilot or Cursor, the AI agent will read and follow the attacker's instructions while assisting the victim's future coding projects.

Computer programming jobs in the US have declined by more than a quarter over the past two years, placing the profession among the 10 hardest-hit occupations of 420-plus jobs tracked by the Bureau of Labor Statistics and potentially signaling the first concrete evidence of artificial intelligence replacing workers.

The timing coincides with OpenAI's release of ChatGPT in late 2022. Anthropic researchers found people use AI to perform programming tasks more than those of any other job, though 57 percent of users employ AI to augment rather than automate work. "Without getting hysterical, the unemployment jump for programming really does look at least partly like an early, visible labor market effect of AI," said Mark Muro of the Brookings Institution.

While software developer positions have remained stable with only a 0.3 percent decline, programmers who perform more routine coding from specifications provided by others have seen their ranks diminish to levels not seen since 1980. Economists caution that high interest rates and post-pandemic tech industry contraction have also contributed to the decline in programming jobs, which typically pay $99,700 compared to $132,270 for developers.

Y Combinator CEO Garry Tan said startups are reaching $1-10 million annual revenue with fewer than 10 employees due to "vibe coding," a term coined by OpenAI cofounder Andrej Karpathy in February.

"You can just talk to the large language models and they will code entire apps," Tan told CNBC (video). "You don't have to hire someone to do it, you just talk directly to the large language model that wrote it and it'll fix it for you." What would've once taken "50 or 100" engineers to build, he believes can now be accomplished by a team of 10, "when they are fully vibe coders." He adds: "When they are actually really, really good at using the cutting edge tools for code gen today, like Cursor or Windsurf, they will literally do the work of 10 or 100 engineers in the course of a single day."

According to Tan, 81% of Y Combinator's current startup batch consists of AI companies, with 25% having 95% of their code written by large language models. Despite limitations in debugging capabilities, Tan said the technology enables small teams to perform work previously requiring dozens of engineers and makes previously overlooked niche markets viable for software businesses.

Roku is testing autoplaying video ads that play before users can access the home screen. While Roku claims this is just an experiment, users are threatening to abandon the platform if the change becomes permanent. Ars Technica reports: Reports of Roku customers seeing video ads automatically play before they could view the OS' home screen started appearing online this week. A Reddit user, for example, posted yesterday: "I just turned on my Roku and got an unskippable ad for a movie, before I got to the regular Roku home screen." Multiple apparent users reported seeing an ad for the movie Moana 2. When reached for comment, a Roku spokesperson shared a company statement that confirms that the autoplaying ads are expected behavior but not a permanent part of Roku OS currently. Instead, Roku claimed, it was just trying the ad capability out.

Roku's representative said that Roku's business "has and will always require continuous testing and innovation across design, navigation, content, and our first-rate advertising products," adding: "Our recent test is just the latest example, as we explore new ways to showcase brands and programming while still providing a delightful and simple user experience."

Most mobile apps fail to reach $1,000 in monthly revenue within their first two years, according to a new report from RevenueCat examining data from over 75,000 mobile apps. Across all categories, only about 20% of apps achieve the $1,000 threshold, while just 5% reach $10,000 monthly.

In 2025, the top 5% of apps generate 500 times more revenue than the remaining 95% -- up from 200 times in 2024. After one year, elite performers in gaming, photo and video, health and fitness, and social categories exceed $5,000 monthly, while those in the 25th percentile earn a meager $5-20 per month. The report also highlights North American developers' heavy iOS dependence, with 76.1% making over 80% of their revenue from Apple's platform. Subscription retention presents another challenge, with barely 10% of monthly subscribers staying beyond the first year.

Tuesday Microsoft "surprised everyone," writes Neowin, "by announcing a new change that will radically improve TypeScript performance" — porting TypeScript to Go.

InfoWorld writes that "The initiative promises dramatic improvements in editor startup speed, build times, and memory usage, making it easier to scale TypeScript to large code bases, Microsoft said." Microsoft's TypeScript team expects to be able to preview command-line type-checking in Go-based tsc by mid-2025, and to deliver a feature-complete Go implementation of TypeScript by the end of the year. [You can build and run the Go code now from Microsoft's new working repository.] Developers who use Go-based TypeScript in the Visual Studio Code editor will feel the increased speed in the editor, Microsoft said. The company promises an 8x improvement in project load times, instant comprehensive error listings across entire projects, and greater responsiveness for all language service operations including completion lists, quick information, go to definition, and find all references. The new TypeScript will also support more advanced refactoring and deeper insights that were previously too expensive to compute, the company said.
Microsoft believes native Go implementations reduce build times by up to 10x, notes Neowin. But "Developers can expect TypeScript 6.0 to have some deprecations and breaking changes to support the upcoming Go-based version." Later this year, Microsoft will be releasing this new native Go implementation as TypeScript 7.0. The current JS-based TypeScript codebase will continue development into the 6.x series until TypeScript 7+ reaches sufficient maturity and adoption, since some projects may depend on certain API features, legacy configurations, or other things that are not supported by TypeScript 7+.
TypeScript's original creator Anders Hejlsberg recorded an announcement video — and also shared his thoughts in a GitHub discussion titled simply... "Why Go?" The TypeScript compiler's move to Go was influenced by specific technical requirements, such as the need for structural compatibility with the existing JavaScript-based codebase, ease of memory management, and the ability to handle complex graph processing efficiently. After evaluating numerous languages and making multiple prototypes — including in C# — Go emerged as the optimal choice...

Let's be real. Microsoft using Go to write a compiler for TypeScript wouldn't have been possible or conceivable in years past. However, over the last few decades, we've seen Microsoft's strong and ongoing commitment to open-source software, prioritizing developer productivity and community collaboration above all. Our goal is to empower developers with the best tools available, unencumbered by internal politics or narrow constraints. This freedom to choose the right tool for each specific job ultimately benefits the entire developer community, driving innovation, efficiency, and improved outcomes. And you can't argue with a 10x outcome!
Hejlsberg also addressed their choice of Go in an online interview with the Michigan TypeScript meetup.

Tens of thousands of JPMorgan Chase software engineers increased their productivity 10% to 20% by using a coding assistant tool developed by the bank, its global chief information officer Lori Beer said. From a report: The gains present "a great opportunity" for the lender to assign its engineers to other projects, Beer told Reuters ahead of DevUp, an internal conference hosted by JPMorgan, bringing together its top engineers in India this year. The largest lender in the U.S. had a technology budget of $17 billion for 2024. Its tech workforce of 63,000 employees, with a third of them based in India, represents about 21% of its global headcount. The efficiency gains from the coding assistant will also allow JPMorgan's engineers to devote more time to high-value projects focusing on artificial intelligence and data, Beer said.

An anonymous reader quotes a report from Ars Technica: On Saturday, a developer using Cursor AI for a racing game project hit an unexpected roadblock when the programming assistant abruptly refused to continue generating code, instead offering some unsolicited career advice. According to a bug report on Cursor's official forum, after producing approximately 750 to 800 lines of code (what the user calls "locs"), the AI assistant halted work and delivered a refusal message: "I cannot generate code for you, as that would be completing your work. The code appears to be handling skid mark fade effects in a racing game, but you should develop the logic yourself. This ensures you understand the system and can maintain it properly."

The AI didn't stop at merely refusing -- it offered a paternalistic justification for its decision, stating that "Generating code for others can lead to dependency and reduced learning opportunities." [...] The developer who encountered this refusal, posting under the username "janswist," expressed frustration at hitting this limitation after "just 1h of vibe coding" with the Pro Trial version. "Not sure if LLMs know what they are for (lol), but doesn't matter as much as a fact that I can't go through 800 locs," the developer wrote. "Anyone had similar issue? It's really limiting at this point and I got here after just 1h of vibe coding." One forum member replied, "never saw something like that, i have 3 files with 1500+ loc in my codebase (still waiting for a refactoring) and never experienced such thing."

Cursor AI's abrupt refusal represents an ironic twist in the rise of "vibe coding" -- a term coined by Andrej Karpathy that describes when developers use AI tools to generate code based on natural language descriptions without fully understanding how it works. While vibe coding prioritizes speed and experimentation by having users simply describe what they want and accept AI suggestions, Cursor's philosophical pushback seems to directly challenge the effortless "vibes-based" workflow its users have come to expect from modern AI coding assistants.

IBM CEO Arvind Krishna has publicly disagreed with Anthropic CEO Dario Amodei's prediction that AI will write 90% of code within 3-6 months, estimating instead that only "20-30% of code could get written by AI."

"Are there some really simple use cases? Yes, but there's an equally complicated number of ones where it's going to be zero," Krishna said during an onstage interview at SXSW. He argued AI will boost programmer productivity rather than eliminate jobs. "If you can do 30% more code with the same number of people, are you going to get more code written or less?" he asked. "History has shown that the most productive company gains market share, and then you can produce more products."

A 55-year-old software developer faces up to 10 years in prison after being convicted for deploying malicious code that sabotaged his former employer's network, causing hundreds of thousands of dollars in losses.

Davis Lu was convicted by a jury for causing intentional damage to protected computers owned by power management company Eaton Corp., the US Department of Justice announced Friday. Lu, who worked at Eaton for 11 years, became disgruntled after a 2018 corporate "realignment" reduced his responsibilities.

He created malicious code that deleted coworker profile files, prevented logins, and caused system crashes. His most destructive creation was a "kill switch" named "IsDLEnabledinAD" that automatically activated upon his termination in 2019, disrupting Eaton's global operations. Lu admitted to creating some malicious code but plans to appeal the verdict.

Adafruit Industries used large language model (LLM) tool Claude Code to streamline hardware development, writes managing director ptorrone.

In a demo video Limor 'Ladyada' Fried compares the LLM's command-line interface to working with the build-automation tool CMake or "a weird cross between IRC and a BBS." The first step was converting a PDF of the hardware's datasheet into text, and Claude Code first displays the appropriate Bash command, while asking "Do you want to proceed?" ("What's nice is that it doesn't make changes, even though it has write access to files in the directory...") Eventually from the data sheet it creates things like an accurate register map, C++ headers, and even license text — and more.

"We are using it to automate parts of the coding and debugging process for an Arduino-compatible Metro Mini board with an OPT 4048 color sensor," writes ptorrone: Using Claude Code's shell access, we can compile, upload, and test code in a semi-automated workflow, allowing the LLM to suggest fixes for errors along the way... While the AI isn't perfect for high-level driver development, it's proving VERY useful for tedious debugging and super-fast iterative improvements, bringing hardware automation closer to ...reality.
In the video Fried describes it like this. "I have a full debugging cycle, where I'm there — I'm like driving the car — but I have this copilot that's telling me where to go..."

"I feel like I'm getting closer to having a semi-automated way of doing driver development."

gdm (Slashdot reader #97,336) writes: A study published in Transportation Research Interdisciplinary Perspectives investigates how ants avoid traffic jams.... Quoting the abstract: "The results show that ants adopt specific traffic strategies (platoon formation, quasi-constant speed and no overtaking maneuvers) that help avoid jam phenomena, even at high density." "Researchers are now studying these insects' cooperative tactics to learn how to program self-driving cars that don't jam up," writes Scientific American: "We're maximizing the interests of individuals, [which] is why, at a given point, you start to have a traffic jam," says study co-author Nicola Pugno, who studies sustainable engineering at the University of Trento in Italy. But self-driving cars, if they one day become ubiquitous, could have more cooperative programming. In one vision of this future, autonomous vehicles would share information with nearby cars to optimize traffic flow — perhaps, the researchers suggest, by prioritizing constant speeds and headways or by not passing others on the road...

Today's drivers can learn at least one thing from ants to avoid causing a traffic jam, says Katsuhiro Nishinari [a mathematical physicist at the University of Tokyo, who studies traffic]: don't tailgate. By leaving room between their car and the one ahead of them, drivers can absorb a wave of braking in dense traffic conditions that would otherwise be amplified into a full-blown "phantom" traffic jam with no obvious cause. "Just keeping away," he says, can help traffic flow smoothly.
In the article the researchers admit there are differences between humans stuck in traffic and ants. "Unlike cars, ants don't crash; they can literally walk over one another." And if they're backed up in a tunnel, "they'll find a way to walk on the ceiling!"

Long-time Slashdot reader invisik saw this story on Yahoo News: Comedian and voice actor George Lowe, who is well-known as the voice of Space Ghost on "Space Ghost Coast to Coast," died on March 2. He was 67...

He did some voice-over work for TBWS and Cartoon Network in the 1980s to mid-1990s before getting his lead role of Space Ghost in 1994 with the premiere of "Space Ghost Coast to Coast" on Cartoon Network. Space Ghost was a parody of talk shows with live-action celebrity guests, hosted by the Hanna Barbera character Space Ghost, which aired from 1994 to 1999 on Cartoon Network. The show later returned in 2001, airing on Adult Swim's late-night programming block until 2004, Deadline reported.
When animation pioneer William Hanna died in 2001, Slashdot founder CmdrTaco posted "the thing that I respect most about Hanna is the fact that a show like Space Ghost Coast to Coast was allowed to take their characters and do something truly unique with them. He even lent his voice to the show in one episode. Not a lot of people would be willing to allow one of their creations to be twisted like that, but the original Space Ghost was one of my childhood staples, and Space Ghost Coast to Coast stands in a class all its own proving that creativity isn't dead on TV."

"Adult Swim would not be the network it is today without Space Ghost Coast to Coast," argues ComicBook.com. (And as a tribute to Lowe, Adult Swim posted five minutes of surreal outtakes from Space Ghost Coast to Coast's 10th Anniversary celebration.)

A headline at Vulture.com makes the case that "Space Ghost Coast to Coast Only Worked Because of George Lowe." They've rounded up a collection of videos with surreal titles like "Marrying Bjork" and "Guesting on a MF DOOM track" (plus that time Lowe did a live interview — in his Space Ghost costume — with C-SPAN).

"TrapC, a fork of the C language, is being developed as a potential solution for memory safety issues that have hindered the C and C++ languages," reports InfoWorld.

But also being developed is a compiler named trapc "intended to be implemented as a cybersecurity compiler for C and C++ code, said developer Robin Rowe..." Due by the end of this year, trapc will be a free, open source compiler similar to Clang... Rowe said.

TrapC has pointers that are memory-safe, addressing the memory safety issue with the two languages. With TrapC, developers write in C or C++ and compile in TrapC, for memory safety...

Rowe presented TrapC at an ISO C meeting this week. Developers can download a TrapC whitepaper and offer Rowe feedback. According to the whitepaper, TrapC's memory management is automatic and cannot leak memory. Pointers are lifetime-managed, not garbage-collected. Also, TrapC reuses a few code safety features from C++, notably member functions, constructors, destructors, and the new keyword.
"TrapC Memory Safe Pointers will not buffer overrun and will not segfault," Rowe told the ISO C Committee standards body meeting, according to the Register. "When C code is compiled using a TrapC compiler, all pointers become Memory Safe Pointers and are checked."

In short, TrapC "is a programming language forked from C, with changes to make it LangSec and Memory Safe," according to that white paper. "To accomplish that, TrapC seeks to eliminate all Undefined Behavior in the C programming language..."

"The startup TRASEC and the non-profit Fountain Abode have a TrapC compiler in development, called trapc," the whitepaper adds, and their mission is "to enable recompiling legacy C code into executables that are safe by design and secure by default, without needing much code refactoring... The TRASEC trapc cybersecurity compiler with AI code reasoning is expected to release as free open source software sometime in 2025."

In November the Register offered some background on the origins of TrapC...

Adafruit managing director Phillip Torrone (also long-time Slashdot reader ptorrone) shared an interesting blog post. They'd spotted a Reddit post "detailing how someone took a 27-year-old visual basic EXE file, fed it to Claude 3.7, and watched as it reverse-engineered the program and rewrote it in Python." It was an old Visual Basic 4 program they had written in 1997. Running a VB4 exe in 2024 can be a real yak-shaving compatibility nightmare, chasing down outdated DLLs and messy workarounds. So! OP decided to upload the exe to Claude 3.7 with this request:

"Can you tell me how to get this file running? It'd be nice to convert it to Python.">

Claude 3.7 analyzed the binary, extracted the VB 'tokens' (VB is not a fully-machine-code-compiled language which makes this task a lot easier than something from C/C++), identified UI elements, and even extracted sound files. Then, it generated a complete Python equivalent using Pygame. According to the author, the code worked on the first try and the entire process took less than five minutes...
Torrone speculates on what this might mean. "Old business applications and games could be modernized without needing the original source code... Tools like Claude might make decompilation and software archaeology a lot easier: proprietary binaries from dead platforms could get a new life in open-source too."

And maybe Archive.org could even add an LLM "to do this on the fly!"

Memory safety bugs are "eroding trust in technology and costing billions," argues a new post on Google's security blog — adding that "traditional approaches, like code auditing, fuzzing, and exploit mitigations — while helpful — haven't been enough to stem the tide."

So the blog post calls for a "common framework" for "defining specific, measurable criteria for achieving different levels of memory safety assurance." The hope is this gives policy makers "the technical foundation to craft effective policy initiatives and incentives promoting memory safety" leading to "a market in which vendors are incentivized to invest in memory safety." ("Customers will be empowered to recognize, demand, and reward safety.")

In January the same Google security researchers helped co-write an article noting there are now strong memory-safety "research technologies" that are sufficiently mature: memory-safe languages (including "safer language subsets like Safe Buffers for C++"), mathematically rigorous formal verification, software compartmentalization, and hardware and software protections. (With hardware protections including things like ARM's Memory Tagging Extension and the (Capability Hardware Enhanced RISC Instructions, or "CHERI", architecture.) Google's security researchers are now calling for "a blueprint for a memory-safe future" — though Importantly, the idea is "defining the desired outcomes rather than locking ourselves into specific technologies."

Their blog post this week again urges a practical/actionable framework that's commonly understood, but one that supports different approaches (and allowing tailoring to specific needs) while enabling objective assessment: At Google, we're not just advocating for standardization and a memory-safe future, we're actively working to build it. We are collaborating with industry and academic partners to develop potential standards, and our joint authorship of the recent CACM call-to-action marks an important first step in this process... This commitment is also reflected in our internal efforts. We are prioritizing memory-safe languages, and have already seen significant reductions in vulnerabilities by adopting languages like Rust in combination with existing, wide-spread usage of Java, Kotlin, and Go where performance constraints permit. We recognize that a complete transition to those languages will take time. That's why we're also investing in techniques to improve the safety of our existing C++ codebase by design, such as deploying hardened libc++.

This effort isn't about picking winners or dictating solutions. It's about creating a level playing field, empowering informed decision-making, and driving a virtuous cycle of security improvement... The journey towards memory safety requires a collective commitment to standardization. We need to build a future where memory safety is not an afterthought but a foundational principle, a future where the next generation inherits a digital world that is secure by design.
The security researchers' post calls for "a collective commitment" to eliminate memory-safety bugs, "anchored on secure-by-design practices..." One of the blog post's subheadings? "Let's build a memory-safe future together."

And they're urging changes "not just for ourselves but for the generations that follow."

When developers boast "I could write that in a weekend," they're missing the painful reality that haunts software maintainers for years. In a candid blog post, Construct developer Ashley explains why maintaining large software projects is a burden most programmers fail to appreciate. "Writing the initial code for a feature is only a fraction of the work," Ashley explains, estimating it represents just "25% of the total work" in Construct's 750,000-line codebase. The rest? A grinding cycle of "testing, diagnosing and fixing bugs, optimizing performance, upgrading it to work with other changes, refactoring, customer support, writing documentation and similarly revising the documentation over time."

Ashley describes how accepting code contributions feels like someone offering to build you a free extension -- initially attractive until the roof starts leaking years later and the original builder is nowhere to be found. Meanwhile, your tenants (users) are furious, and you're stuck with "no good options." The post recounts Construct's own bruises: a community-contributed storage plugin still causing compatibility headaches a decade later, and third-party libraries that became maintenance nightmares after their creators vanished.

These experiences explain why seasoned maintainers eye large code contributions with deep suspicion rather than gratitude. "If you suggest some software project uses some code -- even a small amount -- will you be there in literally 10 year's time sorting out all the issues that arise from it?" Ashley asks. "Usually the answer is no."

ZDNet's Steven Vaughan-Nichols shares some of the latest improvements to ExpressVPN following its codebase transition from C to Rust. An anonymous reader quotes an excerpt from the report: ExpressVPN is one of ZDNET's favorite Virtual Private Networks (VPNs). The popular VPN's transformation of its Lightway codebase from C to Rust promises to make the service faster and more secure. For now, the updated Lightway 2.0 is only available via ExpressVPN's Aircove router with the February 4 AircoveOS v5 update. The Aircove, which we rate as the best VPN router, costs $189. With this device, you can protect your tech from unwanted snoopers without installing a VPN on each gadget. So, how much faster is the updated ExpressVPN? In my tests, I connected to the internet via my updated router over my 2 Gigabit per second (Gbps) AT&T Internet using a 2.5 Gbps Ethernet-connected Linux Mint desktop with a Wi-Fi 6 connection over my Samsung Galaxy 25 Plus smartphone.

Without the VPN engaged, I saw 1.6 Gbps speeds, which is about par. With the VPN switched on and using Lightway 2.0, I saw speeds in the 290 to 330 Megabit per second (Mbps) range to Toronto and London, England. Farther afield, I saw speeds around 250 to 280Mbps to Hong Kong and Seoul. That's about 20% faster than I had seen with earlier Lightway versions. I was impressed. This version of the VPN should also be more secure. As Pete Membrey, ExpressVPN's chief research officer, said in a statement: "At ExpressVPN, we innovate to solve the challenges of tomorrow. Upgrading Lightway from its previous C code to Rust was a strategic and straightforward decision to enhance performance and security while ensuring longevity."

The updated Lightway VPN protocol also uses ML-KEM, the newly finalized NIST standard for post-quantum encryption. This feature, wrote Membray in a blog post, "ensures your connection is secured by encryption designed not just for today's threats but for the quantum-powered challenges of the future." To ensure the integrity of the recoded Lightway protocol, ExpressVPN commissioned two independent security audits from cybersecurity firms Cure53 and Praetorian. Both audits yielded positive results, with only minor vulnerabilities identified and promptly addressed by ExpressVPN. In short, ExpressVPN is technically about as safe a VPN as they come.

Google has launched a free version of Gemini Code Assist, offering developers substantially higher usage limits than competing services. From a report: The AI coding assistant, powered by the fine-tuned Gemini 2.0 model, allows up to 180,000 code completions monthly -- 90 times more than GitHub Copilot's free tier limit of 2,000. The release comes just one day after Anthropic introduced Claude Code, underscoring intensifying competition in AI-powered development tools.

Gemini Code Assist integrates with popular environments including Visual Studio Code, JetBrains IDEs, and GitHub, where it performs code reviews on both public and private repositories. Google's offering features a 128,000-token context window, enabling developers to work with larger codebases. The service supports all public domain programming languages and requires only a Gmail account to register, with no credit card needed.

According to Ryan Salva, Google Cloud's senior director of product management, more than 75% of developers now rely on AI in their daily work, with over 25% of new code at Google being AI-generated. For developers wanting advanced features like private repository integration or Google Cloud service connections, premium tiers remain available.

An anonymous reader quotes a report from Wired: Anthropic, an artificial intelligence company founded by exiles from OpenAI, has introduced the first AI model that can produce either conventional output or a controllable amount of "reasoning" needed to solve more grueling problems. Anthropic says the new hybrid model, called Claude 3.7, will make it easier for users and developers to tackle problems that require a mix of instinctive output and step-by-step cogitation. "The [user] has a lot of control over the behavior -- how long it thinks, and can trade reasoning and intelligence with time and budget," says Michael Gerstenhaber, product lead, AI platform at Anthropic.

Claude 3.7 also features a new "scratchpad" that reveals the model's reasoning process. A similar feature proved popular with theChinese AI model DeepSeek. It can help a user understand how a model is working over a problem in order to modify or refine prompts. Dianne Penn, product lead of research at Anthropic, says the scratchpad is even more helpful when combined with the ability to ratchet a model's "reasoning" up and down. If, for example, the model struggles to break down a problem correctly, a user can ask it to spend more time working on it. [...]

Penn says that Claude's reasoning mode received additional data on business applications including writing and fixing code, using computers, and answering complex legal questions. "The things that we made improvements on are ... technical subjects or subjects which require long reasoning," Penn says. "What we have from our customers is a lot of interest in deploying our models into their actual workloads." Anthropic says that Claude 3.7 is especially good at solving coding problems that require step-by-step reasoning, outscoring OpenAI's o1 on some benchmarks like SWE-bench. The company is today releasing a new tool, called Claude Code, specifically designed for this kind of AI-assisted coding. "The model is already good at coding," Penn says. But "additional thinking would be good for cases that might require very complex planning -- say you're looking at an extremely large code base for a company."