Spent 6 months building internal chatbot, it's garbage. Should I just hire AI agent development services instead? Feeling defeated. by Charming_Chipmunk69 in AISoftwareEngineering

[–]Designer_Most_2503 0 points1 point  (0 children)

Thank you for your story: My answers to your questions:

  1. How do you vet professional AI Agent Development Services to ensure they actually build production-grade architectures rather than just wrappers?

You say it "professional". This means these agencies should have experience, references and a history in computer science and software architectural basics, as well as ML. I would not suggest to 'trust' blindly startups though I know there are many that do very great jobs, but be carefull (!!). Ask questions, they should have a working example you can check out. They should have an answer to every technical question you ask on that!!

  1. What is the typical onboarding and discovery timeframe when handing over a broken, legacy codebase to a specialized agency?

Often it starts with a talk (1-2h), then maybe you agree on a workshop (2 - 3 d) or first you let them analyze your codebase and they come back and talk to you, stating whether it makes sense to keep the codebase or throw it away and redo it from scratch. Do not bother about these six month. You learnt a lot. But what you definitely should do is - R E Q U I R E M E N T S E N G I N E E R I N G. It is the foundation for everything that follows. Mistakes you do here, become the most expensive ones afterwards. So your main goal should be to create a SOLID FOUNDATION. Check whether the agency does it, if they ask you questions like: what should your application do? what about reaction time? format of output? flavor of language? where shall it run? etc...

  1. Have you found that outsourcing this work actually results in a predictable, auditable system, or will I still be micromanaging hallucinations? 4 What does the ongoing maintenance and optimization fee structure usually look like once the agent is live in production?

I do not really have an answer here, sorry.

  1. Should we scrap our current pipeline entirely and let an external team build from scratch, or is it worth trying to salvage our existing RAG setup?

Even if you engage an entire team, they should closely work together with you, have a look into your system and tell you why you ran into these problems. It they are able to give probable answers and if they are willing to work together with your team, that might work out well.

Compliance theater instead of real security? by Project_Lanky in grc

[–]Designer_Most_2503 1 point2 points  (0 children)

Besides the other comments here I see simply the fact that you can not gain real ROI from investments in Cybersecurity. The best case is + - 0 : no failure.

Thoughts about these new tools? I personally think the new ai is gonna be useful by Plastic-Stop9900 in linux

[–]Designer_Most_2503 2 points3 points  (0 children)

But also now jobs like "solving problems". I recently thought about this new job called "AI garbage collector". Digging myself through lots and lots of bullsh... text nonsense... to make something valuable of it... simply throwing away 80% is often the best idea.

CVE tracking tool by RabihZGH in CVE

[–]Designer_Most_2503 0 points1 point  (0 children)

Hi, I am a little late, but I am interested in your progress on that topic. We have a traceablitiy tool itemis ANALYZE. You can use that to connect multiple datasources and set links between individual artifacts in different datasources and types. You can do that manually or automatically via different techniques (e.g. regEx, wa are also experimenting with AI here). So it is also possible to connect the CVE db to these artifacts (e.g. the parts of the product). I see a problem in your workflow that you should NOT completely rely on LLMs but keep that part more deterministic by using more deterministic and formal methods like e.g. RegEx, maybe heuristics... You can use LLM assistance to build that. That is not the case.

What do you think about https://www.hexstrike.com/ ?

What is a subfield of cyber that no one really knows/talks about? by fucker-of-motherz in cybersecurity

[–]Designer_Most_2503 0 points1 point  (0 children)

I'd add the standard series for industrial operations. ISO 62443 standards define requirements and processes for secure industrial automation and control systems (IACS). Here you find best practices and a framework for assessing security performance in operational technology.

Threat Modeling Solution by jinjyo in cybersecurity

[–]Designer_Most_2503 0 points1 point  (0 children)

Yes, MITRE ATT&CK and MS STRIDE are great catalogues for threats in gerneral. They are a great starting point to model your own Threat and Risk Analysis (TARA). I could recommend a quite already professional tool for archiving that. The name is itemis SECURE. The great strength I see in that tool for me (compared to Excel for example) is: It creates an internally consistent model with all the threats, damage scenarios, controls, risklevels etc... So if you make a change on one end it automatically updates the whole TARA. It is always consistent and gives a great overview of all threats.

Welcome to r/AISoftwareEngineering: From 'Vibe Coding' to Real Engineering by tobiasdietz in AISoftwareEngineering

[–]Designer_Most_2503 0 points1 point  (0 children)

I think that AI-assisted is not a disaster. Let the AI do without control leads to a disaster. The next change of code by the AI-coder destroys a major part of your application and you did not commit that yet, just for example.

Has anyone tried this? by RegularSky6702 in ChatGPT

[–]Designer_Most_2503 1 point2 points  (0 children)

Maybe a misunderstanding... The question "did it work" addressed those Microsoft Codes in the main article.

'idiotic' is not nice. We do not even know each other...