惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

C
CERT Recently Published Vulnerability Notes
U
Unit 42
T
The Blog of Author Tim Ferriss
H
Hackread – Cybersecurity News, Data Breaches, AI and More
B
Blog RSS Feed
Microsoft Azure Blog
Microsoft Azure Blog
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
S
Securelist
L
Lohrmann on Cybersecurity
Blog — PlanetScale
Blog — PlanetScale
Recorded Future
Recorded Future
D
DataBreaches.Net
Spread Privacy
Spread Privacy
T
Threat Research - Cisco Blogs
I
Intezer
P
Palo Alto Networks Blog
Simon Willison's Weblog
Simon Willison's Weblog
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
I
InfoQ
宝玉的分享
宝玉的分享
Security Latest
Security Latest
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC
T
Threatpost
Cisco Talos Blog
Cisco Talos Blog
P
Proofpoint News Feed
博客园 - 司徒正美
H
Hacker News: Front Page
Y
Y Combinator Blog
爱范儿
爱范儿
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
NISL@THU
NISL@THU
月光博客
月光博客
有赞技术团队
有赞技术团队
Cloudbric
Cloudbric
酷 壳 – CoolShell
酷 壳 – CoolShell
G
Google Developers Blog
A
Arctic Wolf
博客园 - 【当耐特】
W
WeLiveSecurity
V
Visual Studio Blog
Exploit-DB.com RSS Feed
Exploit-DB.com RSS Feed
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
cs.CV updates on arXiv.org
cs.CV updates on arXiv.org
V
V2EX
C
Cyber Attacks, Cyber Crime and Cyber Security
S
SegmentFault 最新的问题
The GitHub Blog
The GitHub Blog
The Cloudflare Blog
Stack Overflow Blog
Stack Overflow Blog

DEV Community

Authentication Security Deep Dive: From Brute Force to Salted Hashing (With Java Examples) Why AI Systems Don’t Fail — They Drift Spilling beans for how i learn for exam😁"Reinforcement Learning Cheat Sheet" I Replaced Chrome with Safari for AI Browser Automation. Here's What Broke (and What Finally Worked) How Python Borrows Other People's Work The $40 Architecture: Processing 1 Billion API Requests with 99.99% Uptime Vibe Coding: A Workflow Guide (From Zero to SaaS) Most webhook security guides protect the wrong side. The scary part is delivery. Headless CMS for TanStack Start: Build a Blog with Cosmic EU Age Verification App "Hacked in 2 Minutes" — What Actually Happened Comfy Cloud’s delete function does not actually remove files Running AI Models on GPU Cloud Servers: A Beginner Guide Event-driven media intelligence with AWS Step Functions and Bedrock I scored 500 AI prompts across 8 quality dimensions — here's what broke How to Call Google Gemini API from Next.js (Free Tier, No Backend Needed) The Portal Protocol: Reclaiming Human Connection in the Age of AI How to Fix Your Team's Scattered Knowledge Problem With a Self-Hosted Forum Intro to tc Cloud Functors: A Graph-First Mental Model for the Modern Cloud Designing Multi-Tenant Backends With Both Ownership and Team Access I Built a Neumorphic CSS Library with 77+ Components — Here's What I Learned PostgreSQL Performance Optimization: Why Connection Pooling Is Critical at Scale Cómo construí un SaaS multi-rubro para gestionar expensas en Argentina con FastAPI + Vue 3 🚀 I Built an Ethical Hacking Scanner Tool – Open Source Project I Replaced /usage and /context in Claude Code With a Single Statusline A Pythonic Way to Handle Emails (IMAP/SMTP) with Auto-Discovery and AI-Ready Design I Collected 8.9 Million Polymarket Price Points — Here's What I Found About How Markets Really Move EcoTrack AI — Carbon Footprint Tracker & Dashboard Everyone's Using AI. No One Agrees How. 5 self-hosted ebook managers worth trying in 2026 Building Your First AI Agent with LangChain: From Chatbot to Autonomous Assistant Common SOC 2 Failures (Real World) Stop Vibe-Checking Your AI App: A Practical Guide to Evals How to Use SonarQube and SonarScanner Locally to Level Up Your Code Quality Your Next To-Do App Is Dead — I Replaced Mine with an OpenClaw AI Sign a Nostr event in 60 lines of Python using coincurve — no nostr-sdk, no nbxplorer, no rust toolchain ITGC Audit Explained Like You’re in Big 4 Patch Tuesday abril 2026: Microsoft parcha 163 vulnerabilidades y un zero-day en SharePoint Stop scraping everything: a better way to track competitor price changes Listing on MCPize + the Official MCP Registry while routing payments OUTSIDE the marketplace — how I kept 100% of my x402 revenue Building an AI-Powered Risk Intelligence System Using Serverless Architecture Why We Ripped Function Overloading Out of Our AI Toolchain Testing AI-Generated Code: How to Actually Know If It Works SaaS Churn Is Killing Your Business. Here Is What to Do About It (Without a Support Team) The Speed of AI Is No Longer Linear - And Self-Improving Models Are Why How to Implement RBAC for MCP Tools: A Practical Guide for Engineering Teams From Standard Quote to Persuasive Proposal: AI Automation for Arborists I built a CLI that scaffolds complete multi-tenant SaaS apps Axios CVE-2025–62718: The Silent SSRF Bug That Could Be Hiding in Your Node.js App Right Now The dashboard that ended our friendship Data Pipelines Explained Simply (and How to Build Them with Python) The Hidden Cost of AI Systems Nobody Talks About. undefined vs undeclared, and how typeof behaves Switching from file-based jobs to NATS/Kafka in Rust without changing code io_uring Adventures: Rust Servers That Love Syscalls Why Agentic AI is Killing the Traditional Database The POUR principles of web accessibility for developers and designers Quantum Neural Network 3D — A Deep Dive into Interactive WebGL Visualization How To Install Caveman In Codex On macOS And Windows Automation Pipeline Reliability: Why Your Workflow Breaks When Nobody Is Watching I Built an 'Open World' AI Coding Agent — It Works From ANY Folder From Freelancing to Product: A Tech Service Company's SaaS Transformation China's AI Giants: Adding Tencent Hunyuan & ByteDance Doubao to AI University (74 Providers) On the Vibe Coders and Their Lies clerk: Auto-Summarize Your Claude Code Sessions AI Weekly — 2026/04/10–04/17 | The Model Lockdown Is Here, but the Toolchain Is the Real Battleground AI 週報 — 2026/04/10–2026/04/17 模型封鎖潮來了,但工具鏈才是真戰場 Maybe this is how Open-Source apps are born... 🚀 Fine-Tune LLMs with LoRA and QLoRA: 2026 Guide tRPC v11 + Next.js App Router: End-to-End Type Safety Without the Boilerplate ShadCN UI in 2026: Why I Stopped Installing Component Libraries and Started Owning My Components SaaS Billing in React Server Components: Stripe + Supabase Without a Single `useEffect` Join our DEV Weekend Challenge — $1,000 in Prizes Across TEN winners! Submissions Due April 20 at 6:59 AM UTC. Implementing FSRS Spaced Repetition in Flutter + Supabase — Adding Memory Science to an AI Learning App "I Texted My Localhost From the Train — Claude Code Fixed the Bug Before I Got Home" I Built a Sales Prep AI and It Went Deeper Than Expected Design to Code #2: One JSON, Eleven Outputs Solving the 100M-Row Problem: A Summary Table Pattern for High-Volume Push Notification Logs Flutter Web With Wasm: What Actually Changes For Developers I Built 50 Royalty-Free Soundtracks for My Side Project in a Weekend Using AI Music Generation The Vibe Coding Security Checklist: 7 Things to Check Before You Ship Stop Letting Googlebot Guess Fix Your React App's SEO Right Desconstruindo o Streaming do LinkedIn: Como Criar um Engine de Extração de Vídeo de Alta Performance com HLS e FFmpeg (EDA Part-1) EDA (Exploratory Data Analysis) Explained With Real Life — Why Looking at Your Data Is the Most Important Step in Machine Learning Brand Relationship Management at Scale: Our 4-Touch Outreach System for 200+ Brands Why String.fromEnvironment() Might Return an Empty String in Dart JGuardrails 1.0.0 — Hardening Java LLM Apps Against Jailbreaks, Toxicity, and Prompt Injection Plan and Schedule a Full Week of Threads Content From One Claude Conversation Coding Cat Oran Ep3, Five Tables Changed Everything Updated: BFF Pattern I'm done watching freelancers get buried by 200 proposals. So I'm building the alternative. This is my first post BFS Algorithm in Java Step by Step Tutorial with Examples Tracking LLM Pricing Monthly: An Open Dataset for 22 AI Models How We Measure Content ROI on a Comparison Site: Revenue Attribution Without Perfect Data Introducing Nova AI Ops: The AI-Native Operating System for SRE Teams I built a free desktop video downloader for Windows — Grabbit How Talkie OCR Helps Vision-Impaired & Dyslexic Users Read the World Around Them VRCFaceTracking安装和iPhone面捕配置教程,有bug Even CrowdStrike Can't See Your Agents The Automation Gold Rush: What n8n Workflows and Claude Are Opening Up for Developers Right Now
AI Agents Don't Fail at Code. They Fail at Learning.
Nagarjuna Ye · 2026-05-03 · via DEV Community

Part 1 of 5 in The New Engineering Contract — what it means to lead engineers when AI is doing more of the coding.

SWE-CI tested 18 AI models across 71 consecutive commits. Most broke something on commit 47 they'd already broken on commit 1. That's not an intelligence problem. That's a learning system that isn't learning.


A paper made me uncomfortable this month.

Not because of what it found about AI. Because of what it revealed about how I think about my own work.

The paper is SWE-CI, published March 4, 2026 by researchers at Sun Yat-sen University and Alibaba Group. It tested 18 AI models across 100 real codebases — not single bug fixes, but 71 consecutive commits of genuine evolution. The core finding: most state-of-the-art models have a zero-regression rate below 0.25. Three out of four times, the agent fixed something and silently broke something else downstream.

I read that and thought: that's a learning problem, not a coding problem.


What the paper actually tests

Most benchmarks ask: can an AI fix this bug? SWE-CI asks a harder question.

"SWE-CI moves beyond fixing individual bugs and instead focuses on the evolutionary trajectory between two commit versions."

SWE-CI paper, Chen et al., 2026

The benchmark covers 100 tasks, each spanning an average of 233 days and 71 consecutive real commits. Agents must navigate a full CI loop — generating requirements, modifying source code, running tests — iteratively, not in a single shot. That's the difference between a sprint task and a six-month project. The paper is evaluating the second thing.

SWE-CI benchmark framework and dual-agent workflow
Figure 1 from the paper: SWE-CI's Architect–Programmer dual-agent evaluation protocol. The agent must execute a CI-loop across 71 consecutive commits — not patch a single bug in isolation.


I have one signal I've used for years to tell whether someone on my team is actually growing: are they making different mistakes?

Make the same mistake twice and I'm concerned. Three times and I have a conversation — not a performance conversation, a diagnostic one. I want to understand the mechanism. Did the signal not reach them? Did they receive it and not act on it? Did they act on it and still land in the same place?

The answer changes everything I do next. A signal that didn't reach someone is an infrastructure problem — maybe they're out of the right post-mortems, or the runbook is wrong. A signal received but not acted on is a motivation or attention problem. A signal acted on but still producing the same failure is a mental model problem — they changed the surface behaviour without touching the root cause.

Ten times the same mistake, none of those explanations hold. That's carelessness or disengagement, and I treat it differently.

The same mistake twice is entropy. A new mistake is evidence of a mind moving forward.

I didn't always run this diagnostic. At Medibuddy, we had a recurring 401 issue — users being logged out mid-flow in the webview even when they were still logged into the native app. The code review instruction was explicit: handle 401 universally, refresh the token, add exponential backoff, apply it regardless of whether the user came from Android, iOS, or web. One engineer fixed it in the obvious flow. I reviewed the PR, it looked right, and moved on. Three weeks later, the same incomplete pattern surfaced in a different flow. Same 401. Different screen.

I had reviewed the output, not diagnosed the understanding. They'd absorbed the instruction for one case. The mental model hadn't transferred. That's not a skill failure. That's a learning failure. It has a specific shape.


AI agents have the same shape

Now look at most AI agents. They fail the same way on commit 47 that they did on commit 1. There's no diagnostic conversation. No signal-to-action loop. No mechanism to distinguish "I didn't receive the signal" from "I received it and didn't know what to do with it." The agent just proceeds. Same failure pattern, new commit.

The paper formalises this with EvoScore:

"Good maintenance not only ensures functional correctness of current code, but minimizes difficulty of keeping code correct."

SWE-CI paper, Chen et al., 2026

EvoScore doesn't ask whether an agent passes tests. It asks whether passing today's tests makes tomorrow's tests easier or harder. An agent that hardcodes an assumption — true right now — passes commit 1 and silently poisons commit 12. An agent that fixes the underlying abstraction makes the next three commits cleaner.

That's the same thing I'm measuring when I track whether an engineer makes different mistakes — are their decisions compounding toward something, or just recurring?

SWE-CI model leaderboard — EvoScore results across 18 models
Figure 2 from the paper: Model leaderboard measured by Average Normalized Change (ANC). Only the Claude Opus series exceeds a 50% zero-regression rate. Every other model falls below 25%.

I've been building against this failure mode for years. At Medibuddy, we made a deliberate platform shift: migrate from AngularJS to React, move away from native apps toward a unified web layer — an NX monorepo with shared libraries owning the hard parts. Authentication flows. The native-web bridge. Event contracts. The component layer. Every product team built on those blocks rather than rebuilding them. The kind of investment big tech formalises as internal developer platforms or design systems. We called it Web LEGO. The design principle wasn't elegance. It was familiarity. If something breaks, it breaks the same way for everyone. Familiar failures get diagnosed faster. Familiar failures get fixed faster. The platform aged well not because it was clever, but because it stopped surprising us.

But I couldn't tell you that as a number. I could feel it — maintenance windows stopped appearing in my calendar, teams stopped fearing release Fridays — but I had no score. No rate. No proof.

The clearest signal came from outside engineering entirely. After one performance optimisation, our CMO passed feedback to our CTO, who passed it to me: "The Android app feels faster." My dashboard showed nothing. API response times flat. Error rate flat. Crash rate flat. But a user felt something, and that feeling traveled through the C-suite before it reached the people who built it.

That is the measurement gap. The best systems earn trust so thoroughly they bypass your instruments entirely.


The question SWE-CI is asking

The paper has limits. 100 repositories, Python only, no human baseline. Lehman's Laws — which it cites as foundational — were social observations from IBM's OS/360 system in 1980, and Lehman himself later clarified they should be read as social-science laws, not physical constants. EvoScore will be gamed — or transcended. As agentic coding shifts from single-shot generation to continuous autonomous loops across commit timelines, the next wave of models will be optimised for exactly this trajectory. The benchmark becomes the floor, not the ceiling. The same pattern played out with SWE-bench, compromised within 18 months of release. That evolution won't dissolve the learning problem. It will make it harder to see.

But the question it's asking is the right one.

Michael Truell, CEO of Cursor, posted this in January 2026:

"We built a browser with GPT-5.2 in Cursor. It ran uninterrupted for one week. It's 3M+ lines of code across thousands of files... It kind of works!"

Michael Truell on X, January 14, 2026

The Register called it shoddy code at scale. Both descriptions are accurate. It passed commit 1. Nobody knows what it looks like at commit 47 — because it was never built to reach commit 47. That's not a failure of AI capability. That's a failure of what we decided to measure.

You can't fix what you aren't tracking. I learned that watching engineers make the same mistake twice.


The uncomfortable truth

Here's the uncomfortable truth I can't argue my way around.

Most SOTA models have a zero-regression rate below 0.25. That number hasn't moved significantly across the frontier models I use today. Which means if I take my hands off the wheel — merge code I haven't read, deploy features I haven't traced the assumptions on — I'm accepting a 75% chance of silent breakage downstream.

That's not a reason to stop using AI. It's a reason to stay in the loop.

I use it to draft TRDs — not to write them, but to surface the assumptions I'd have held silently. I use it as a sounding board before committing to a direction. I use it to prototype fast, then review every prototype for what it assumes before it goes near production. Fast code carries fast assumptions. Speed and carelessness travel together.

The loop isn't friction. It's the only thing converting AI's output speed into engineering quality.

Blind AI coding isn't a productivity strategy. It's entropy at machine speed.


One changed question

After reading this paper, I changed one question in how I review AI-generated code.

Before: does this pass the tests?
After: what does this fix assume — and will that assumption still hold after the next three features?

That question isn't in most PR templates. It should be — for AI-generated code. And honestly, for human-written code too.

The difference is that a person, over time, can internalise that question and start asking it themselves. The learning compounds. AI agents right now don't have that mechanism. Every commit is day one. The agent that fixed the 401 in flow A has no memory of flow B. No diagnostic loop. No compounding.

That's what SWE-CI is measuring. Not whether AI can write code. Whether it can write code that compounds.

I've been trying to build that — in systems, in teams, in how I develop engineers — for years. The unit of measurement changes. The failure mode doesn't.

I still can't measure it precisely.

But when it's working, a user updates their app and feels something they can't name. That feeling travels up through your CMO. It reaches you.

That's the score that matters. And it's the one most AI governance conversations aren't yet designed to reach.


In Part 2: what happens when two engineering organisations face this at scale — and respond differently. Amazon instrumented AI across millions of orders. Stripe built 6 billion test runs a day. Same tools. What each organisation chose to trust, and how much, is the whole story.


Further reading