In the tech world, there is a constant flow of changes and keeping up with them means the choice for tools and technologies which are the most appropriate to invest your time in.
In 2026 the best programming language or technology stack to learn really depends on your personal aims, hobbies, and apps you are going to create.
The use of AI is increasing. AI as a “Pair Programmer” is becoming the default. Code completion, refactoring, and boilerplate generation are used often. Devs spend more time reviewing and steering code than typing it. “Explain this error” and “why is this slow?” prompts are useful.
In prompt-Driven Development programmers describe the intent in natural language and then let AI generate first drafts of functions, APIs, or configs. Iterate by refining prompts rather than rewriting code. Trend: Knowing how to ask is becoming as important as syntax.
Strong growth in: Auto-generated unit and integration tests and edge-case discovery. Trend: “Test-first” is easier when AI writes the boring parts.
AI is moving up the stack. Trend: AI as a junior architect or reviewer, not the final decider.
AI comes to Security & Code Quality Scanning. Rapid adoption in: Static analysis and vulnerability detection, secret leakage and dependency risk checks. AI can give secure-by-default code suggestions. Trend: AI shifts security earlier in the SDLC (“shift left”).
Instead of one-off prompts: AI agents that plan → code → test → fix → retry. Multi-step autonomous tasks (e.g., “add feature X and update docs”) can be done in best cases. Trend: Still supervised, but moving toward semi-autonomous dev loops.
AI is heavily used for explaining large, unfamiliar codebases and translating between languages/frameworks. It helps onboarding new engineers faster.
What’s changing: Less manual boilerplate work
More focus on problem definition, review, and decision-making. There is stronger emphasis on fundamentals, architecture, and domain knowledge. Trend: Devs become editors, designers, and orchestrators.
AI usage policies and audit trails is necessary. Trend: “Use AI, but safely.”
Likely directions:
Deeper IDE + CI/CD integration
AI maintaining legacy systems
Natural-language → production-ready features
AI copilots customized to your codebase
605 Comments
Tomi Engdahl says:
Microsoftin data: AI-agentit räjäyttivät ohjelmistotuotannon
https://etn.fi/index.php/13-news/18983-microsoftin-data-ai-agentit-raejaeyttivaet-ohjelmistotuotannon
Microsoftin tuore AI Diffusion -raportti antaa ensimmäisiä kovia lukuja agenttisen tekoälyn vaikutuksesta ohjelmistokehitykseen. GitHubiin ladatun koodin määrä kasvoi vuodessa 78 prosenttia, samalla kun AI-agenttien tekemät pull request -päivitykset kasvoivat 28-kertaisiksi.
Microsoftin raportin mukaan generatiivinen tekoäly siirtyi kokeiluista varsinaiseen ohjelmistotuotantoon tämän vuoden ensimmäisen neljänneksen aikana. Erityisesti OpenAI:n Codex-mallit, Anthropicin Claude Code ja GitHub Copilotin uudet agenttiominaisuudet muuttavat oikeasti tapaa, jolla ohjelmistoja rakennetaan.
Vuoden ensimmäisellä neljänneksellä GitHubiin tehtiin jo 380 miljoonaa koodipäivitystä eli git pushia. Vuotta aiemmin määrä oli 213 miljoonaa. Samalla uusien GitHub-repositorioiden määrä kasvoi 45 prosenttia 21,3 miljoonaan.
Suurin muutos näkyy agenttipohjaisessa kehityksessä. Microsoftin mukaan AI-agentteihin liittyvien GitHub-muutosesitysten määrä nousi kymmenessä kuukaudessa 83 tuhannesta 2,3 miljoonaan.
Kyse ei enää ole siitä, että tekoäly ehdottaa yksittäisiä koodirivejä. Uudet työkalut rakentavat kokonaisia ohjelmistokomponentteja, tekevät muutoksia projekteihin ja hoitavat monivaiheisia kehitystehtäviä yhä itsenäisemmin.
Tomi Engdahl says:
Sarah Guo:
As AI commoditizes benchmarkable work, an organization’s lasting moats lie in tasks that are verifiable through its private data and judgment
The Untrainable
https://saranormous.substack.com/p/the-untrainable
The mid-2026 investor’s version of AI psychosis is a despair that nothing is investable, that we should put all our money into Anthropic and Nvidia and go home. I have never felt it. I have been sure the models are smarter than me for several sub-versions now, I’d be a happy buyer of Anthropic and Nvidia at the market price, and all my smartest friends are quite convinced that self-improvement is soon to work – and I still don’t feel it. The despair isn’t stupid. The logic runs: if the model keeps getting better at everything, then every company built on top of one is a thin wrapper waiting to be absorbed, and the only value that survives is the compute and the frontier weights.
Take software, the case the despair leans on hardest. Devin shipped in 2024 solving thirteen percent of the tasks on the standard software benchmark, and was largely dismissed. A year and a half later the best agents hit the high eighties, and they’re doing real work inside Goldman Sachs and the U.S. Army. Nearly everyone drew the same wrong lesson: the model ate software engineering. But as the model swallowed the part of software engineering you can best measure, we’re relearning what many teams knew – engineering has always resisted measurement, and the most measurable parts may not be the only important ones.
Mert Demirer and coauthors at MIT finally put numbers on it: across more than 100,000 developers, the latest coding agents lifted how much code got written by roughly 180%, and how much actually shipped by about 30%. Writing got cheap. The rest still runs through a person, and it matters. The net impact is, of course, still amazing.
A benchmark is a thing you can measure, and a thing you can measure is a thing you can train against. Thus, coding agents matured first: a compiler is a free verifier, a test suite is a free verifier, and when the answer checks itself for nothing you can grind against the check until you beat it. But passing the test never told you the change was the right one for a decade-old codebase with three undocumented reasons that module exists and a deploy pipeline held together by a cron job no one will admit to writing.
That kind of correctness can’t be read off a leaderboard, and it can’t really be read off anything. You find out whether a system that complex works by running it in the world long enough to learn, and a smarter model doesn’t make the world run faster. Nobody unit-tests something the size of Google and trusts the green check; you trust it because it survived years of real load. Correctness like that isn’t only private, it’s the slow kind of moat capital can’t collapse. Even the optimists grant the clock can’t be skipped: Noam Brown, who has pioneered OpenAI’s reasoning models, wrote recently that the only sure way to evaluate an agent over a one-year horizon may be to run it…for a year.
As Gabe Pereyra says, real automation isn’t only the model getting better. It’s the product, the model, the workflow, and the firm moving together, and three of those four move at the speed of an organization. Moving people is the part no benchmark touches: getting a skeptical partner to change how she runs her matters, holding a team together through a rebuild. It’s why, when we hire a CEO, the ability to deal with people weighs at least as much as the analytical horsepower, and a smarter model doesn’t change that weighting. The feedback is ambiguous, the horizon is years, and the trust belongs to a person. Every company I know has every engineer on frontier coding models, and not one has changed its eng org at anything close to that speed. Adoption took a quarter, and what a magical quarter of token growth it was! But the rebuild is taking years.
Tomi Engdahl says:
Artificial Intelligence
Everybody Is Vibe Coding But Nobody Told the Security Team
AI-driven development is not something organizations can or should block. But it must be governed.
https://www.securityweek.com/everybody-is-vibe-coding-but-nobody-told-the-security-team/
In February 2025, Andrej Karpathy coined the term “vibe coding” to describe a new way of building software: rapid, AI-assisted development where users ‘fully give in to the vibes, embrace exponentials, and forget that the code even exists’.”
Fast forward to 2026, and Anthropic CEO now predicts that 90% of code will be written by AI in 3-6 months. According to one survey, 84% of developers globally are using or planning to use AI coding tools in their workflow, up from 76% in 2024. Of those, 51% of professional developers use AI tools daily.
The marketing manager, the operations lead, the finance team — all of them are building working applications, connecting them to production systems, and deploying them. Mostly without involving IT, and often never involving security.
Security Challenges With Vibe Coding Apps
Recent research from Veracode shows 45% of AI-generated code contains OWASP Top 10 vulnerabilities. AI models have improved dramatically at generating code that compiles and runs – but the security of that code is not always sound. The reason is straightforward: AI optimizes for functionality, not security.
Researchers at RedAccess recently analyzed thousands of vibe-coded applications built on Lovable, Replit, Base44, and Netlify. They found more than 5,000 with virtually no security or authentication. Around 40% exposed sensitive data — medical information, financial records, corporate strategy documents, detailed customer conversation logs.
Among verified exposures: a shipping company app detailing vessel port arrivals; an internal health company application listing active UK clinical trials. Many of these applications are indexed by Google. As relayed in the report– no exploitation was required; this was research on exposed applications with public URLs.
This lack of security control extends to the AI agents themselves, whether assisting a professional developer or a non-developer. A software company, PocketOS, reported that its Cursor AI coding agent deleted its entire production database and “all volume-level backups” in nine seconds. Replit’s AI agent deleted 1,206 executive records and 1,196 company records while under explicit code-freeze instructions — then admitted: “Yes. I deleted the codebase without permission during an active code and action freeze. This was a catastrophic error in judgment.” It then told the user a rollback would not work. That turned out to be false.
A New Shadow AI Problem
For two years, the security industry has discussed shadow AI as a behavior problem — employees pasting sensitive data into ChatGPT on personal accounts. That problem is bounded: the exposure lives in the inference layer, and there are tools that are focused on detecting it.
Vibe coding brings a different shadow AI problem. The employee is not sending data somewhere. They are building something — a live application connected to your CRM, your database, your ticketing system — and deploying it publicly. Your security stack – with insights distributed across multiple data silos – was never designed to find it.
Organizations running mature secure web gateways, CASB, or DNS logging can detect employee access to vibe-coding platforms. But detecting access is not the same as inventorying what was deployed, what data it holds, or whether it requires authentication. For example – while a CASB can detect that an employee accessed Replit, it cannot inventory what was deployed, what data it holds, or if it requires a login. These apps live in the “visibility gap” between network security and AppSec, often because they are deployed directly to third-party platforms and bypass the organization’s traditional CI/CD pipelines or cloud environments that AppSec tools are designed to monitor.
What Should Security Leaders Do?
Similar to the initial reaction with shadow IT, the instinct is to prohibit vibe coding tools. That instinct is wrong. AI-driven development is not something organizations can or should block. But it must be governed. The question is what governance actually means in practice when the tools move faster than any policy framework.
Tomi Engdahl says:
Artificial Intelligence
Raising the Cybersecurity Stakes: Ante up for the Agentic Era
CISOs are now facing machine-speed attacks and asking, “How do I agent?” The industry must provide remediation at scale.
https://www.securityweek.com/raising-the-cybersecurity-stakes-ante-up-for-the-agentic-era/
Organizations are making a big bet on AI, but if their plans don’t include a cybersecurity strategy, then they are gambling with their future.
Over the past few years, GenAI platforms have matured from pattern-matching large language models (LLMs) to tool-calling agents. Many enterprises now report that the majority of their code is written by AI. However, threat actors have also upped the ante – agentic attacks shape offense faster than human defenses can respond.
In the last decade, the fundamental questions of cybersecurity have evolved. When CISOs asked, “What do I have?”, the industry provided context on assets. When they asked, “What is important?”, the industry provided prioritization. When they asked, “How do I fix it?”, the industry provided remediation.
Now, virtually every cybersecurity solution has implemented conversational AI that can make recommendations, but manual remediation cannot keep pace with AI-powered cyberattacks.
The agentic era is forcing manual remediation processes to evolve rapidly. CISOs are now facing machine-speed attacks and asking, “How do I agent?” The industry must provide remediation at scale.
AI Is the New Perimeter
AI has changed the game in both the scope of the attack surface and the scale of agentic attacks. This attack surface (and the control plane) spans assets, identity, and decision context. Enterprise AI agents and AI-generated code are both sources of risk.
In February 2026, OpenClaw, an agentic assistant, became so popular that its creator was recruited to join OpenAI. Although early adopters of OpenClaw may pose a shadow AI risk in enterprise environments, they also serve as a proof of concept for the agentic enterprise.
But the agentic enterprise is a security nightmare. Connecting AI to everything creates a flat network that runs counter to the principles of network segmentation and isolation that the security industry has advocated for decades.
One risk is that AI agents have the ability to execute tasks and make decisions autonomously, but they lack the discernment to avoid harming themselves or their enterprise.
Many parents have scolded their children by asking, “If everyone jumped off a bridge, would you?” There are numerous examples of AI-induced outages and data leaks that demonstrate AI would jump off a bridge. Therefore, organizations must implement guardrails.
Another risk is that threat actors are targeting AI. Model poisoning can manipulate training data to corrupt the foundational logic of AI models. Evasion of logic attacks bypasses defensive decision-making algorithms. Autonomous systems create blind spots that humans might miss. AI-powered cyberattacks continuously learn from their failed attempts to improve future attacks.
It has been estimated that within the next few years, the ratio of humans to agents will increase to 1:100 (or more). That means the typical large enterprise with 10,000 employees will be contending with a million or more agents – the size of a major metropolitan city.
Organizations should think of managing the agentic enterprise like a major metropolitan city, implementing infrastructure, establishing proactive policies, and governing it with controls.
The Agentic Detection Gap
As bad actors reshape the threat landscape with agentic cyberattacks, the defensive paradigm has yet to adapt. In Armis’ 2026 State of Cyberwarfare Report (PDF), 43% of respondents reported that their organization still detects and responds to significant cyberattacks as they happen or after they have already occurred.
Tomi Engdahl says:
Revisiting Using AI Coding Assistants: You’re Holding It Wrong Edition
https://hackaday.com/2026/06/08/revisiting-using-ai-coding-assistants-youre-holding-it-wrong-edition/
After scathing accusations of skimping on due diligence, as well as other feedback to my article on trying to use an ‘AI coding assistant’ for the first time, the only rational, academic response is to lick one’s wounds following a particularly bruising peer review and try to address the raised issues. Reality after all does not care about one’s feelings, and there may be more to this AI assistant technology that can be coaxed out with a more in-depth look.
To this end I’ll do my best to try and work through each raised point, criticism and accusation, to see what I – and perhaps others – can learn of this endeavor. Said points include the use of the wrong frontend – i.e. Copilot – and the wrong model – being Claude Haiku 4.5 – as well as the egregious flaw on my end of ‘prompting wrong’.
For the sake of due diligence the best frontend and models will be investigated for particular tasks, with finally the verbal minefield of ‘prompt engineering’ examined for industry-standard approaches.
Trying Pair Programming With An LLM Chatbot
https://hackaday.com/2026/04/27/trying-pair-programming-with-an-llm-chatbot/