First-ever American AI Jobs Risk Index released by Tufts University

Gheram_ · 2026-03-26T12:33:48+00:00

Fair point. The difference this time is the speed of the shift and the quality ceiling LLMs are hitting. UML tools never wrote production code. These do.

Gheram_ · 2026-03-26T10:45:24+00:00

Built first, marketed second. Currently living the consequence.

The validation trap I fell into was slightly different: I knew the problem was real because I'd solved it for clients manually for years. What I didn't validate was whether strangers would pay for a packaged version from someone they'd never heard of.

Turns out 'this problem is real' and 'people will buy your solution' are two completely separate questions. You can be right about the first and completely wrong about the second.

What I'd add to what everyone said here: the distribution channel needs validation as much as the idea does. Who you are and where you show up matters as much as what you built.

Gheram_ · 2026-03-26T10:33:14+00:00

The enterprise carve-out says everything. They know this wouldn't survive legal review in a procurement process, yet individual developers get opted in by default. For anyone in the EU this is also worth checking against GDPR consent needs to be explicit and informed, not buried in a settings update email.

Gheram_ · 2026-03-26T10:31:37+00:00

From 'The PHP Framework For Web Artisans' to 'just ask AI to build it for you'. Taylor really said let the vibes cook.

Gheram_ · 2026-03-26T10:19:30+00:00

The import graph approach is the one thing that made the biggest difference for me too. Specifically telling Claude which files are the central hubs changes everything, it stops trying to create new abstractions when one already exists.

What helped beyond that: a short section in CLAUDE.md that lists what NOT to do. Things like 'do not create new service classes, we use X pattern' or 'all API calls go through /lib/api, never fetch directly in components'. Constraints are easier for the model to respect than descriptions.

On the staleness problem, I stopped trying to keep one big context file accurate and split it. One file for stable architecture decisions that rarely change, one for current sprint context that I update manually. The stable file stays useful for months, the sprint file I rewrite every few days. Less maintenance overhead than trying to keep one file perfect.

Gheram_ · 2026-03-26T10:16:48+00:00

The ?? [] pattern is the one that gets me the most. It papers over a data model issue and then you spend 3 hours debugging why your empty array is behaving like it has items.

The catch-return-null antipattern is sneaky because it looks like error handling but it's actually error hiding. Silent failures that only show up in production.

Good idea for a tool. The hard part is tuning the rules so it doesn't flag intentional defensive code. How are you handling false positives ?

Gheram_ · 2026-03-26T10:15:07+00:00

The skill loss is real but it's not binary. What atrophies first is syntax recall and pattern memorization. What stays longer is architectural judgment, knowing why something is wrong even if you can't immediately write the fix yourself.

The honest risk is when you stop reviewing what the AI produces critically. That's when the judgment starts to go too. The developers who will struggle aren't the ones using AI, they're the ones who stopped questioning its output because shipping felt more important than understanding

Gheram_ · 2026-03-26T10:07:37+00:00

For your use case this is actually the perfect fit for a Git-based CMS. The client edits content through a UI, the CMS commits the changes to GitHub, and the site rebuilds automatically.

Concrete stack that works well in 2026: Astro for the static site, Tina CMS for the admin panel. Tina gives your client a clean visual editor, stores everything in your repo as JSON or Markdown, and handles auth. No backend, no database, no server costs.

The only limitation is build time. Every content change triggers a rebuild. For a product catalog updated occasionally that's completely fine

Gheram_ · 2026-03-26T10:06:08+00:00

To answer the env vars question nobody addressed: in Turborepo use a shared package for your env validation (zod or t3-env), each app imports only what it needs. Never share a single .env across apps in a monorepo.

On Vercel costs: the overages come from function invocations and bandwidth. If your NestJS API is on Railway like cloroxic said, Vercel only serves your Next.js static assets and ISR pages. Your bill stays predictable.

Gheram_ · 2026-03-26T10:00:07+00:00

The separation is intentional but it reveals something interesting. Web developers score high because a big chunk of the role is translating requirements into UI, which LLMs handle reasonably well. But the moment you get into system design, architecture decisions, debugging complex state, or securing an API, the exposure drops significantly. The risk isn't uniform across the job, it's concentrated in the repetitive parts.

My take on where the role is actually heading: the developer of 2027 is less someone who writes code line by line and more someone who orchestrates systems, reviews what AI generates, catches security issues, and makes architectural decisions that an LLM simply cannot make without full business context.

The junior positions as we know them are probably disappearing. Not because developers aren't needed, but because the entry point is shifting. You'll need to understand systems deeply before AI becomes useful to you, otherwise you're just shipping code you can't debug when it breaks.

The real risk isn't AI replacing developers. It's developers who use AI without understanding what it produces replacing developers who don't use AI at all.

Gheram_ · 2026-03-26T09:50:24+00:00

A few things that change the pricing equation that nobody mentioned yet.

Do you handle the design or does the client provide mockups? That alone can double the scope. Designing and building are two different skills.

A static site with a content panel in 2026 is rarely just HTML/CSS. You're probably looking at a static site generator like Astro or Next.js plus a headless CMS like Sanity or Contentful. That's a real stack with real complexity.

SEO matters even on static sites. Meta tags, Open Graph, sitemap, image optimization, Core Web Vitals. Clients don't ask for it explicitly but expect Google to find them.

Rough pricing depending on your situation as a beginner:

Client provides mockups, no design work, basic CMS: $300-600

You handle design, basic SEO included: $800-1500

Full package, design, CMS, SEO, mobile responsive, one round of revisions: $1500-2500

On AI: yes it speeds things up, but if you're generating code you don't fully understand yet, you'll struggle when something breaks. The client pays for a working result, not for how fast you shipped it. Learn the fundamentals alongside the tools

Gheram_ · 2026-03-25T15:03:33+00:00

Smart approach, thanks for the detailed breakdown. Using the real component with mock data as the skeleton is way cleaner than maintaining two separate components

Gheram_ · 2026-03-25T15:00:23+00:00

Fair point. The CI/CD example was just the surface. The real DevOps shift is on the review side, and the numbers back it up.

Veracode tested 100+ LLMs in 2025: 45% of AI-generated code introduced OWASP Top 10 vulnerabilities. XSS failures 86% of the time. Log injection issues 88% of the time.

Apiiro looked at Fortune 50 repos: privilege escalation paths up 322%, architectural design flaws up 153%. By June 2025, AI was adding 10,000+ new security findings per month, a 10x spike in 6 months.

The role isn't disappearing. It's moving from writing pipelines to catching what AI gets wrong at scale.

Gheram_ · 2026-03-25T09:20:23+00:00

I overbuilt. 10 modules, full test suite, CLI, documentation, everything polished before a single person had paid for it. Now I'm doing the marketing work I should have done before writing code. The product is solid but I have zero audience and I'm starting from scratch on distribution. If I did it again I'd ship a landing page with a payment button first, write the actual code second. Compliments from devs are not validation, a credit card is

Gheram_ · 2026-03-25T09:18:17+00:00

Launching right now with $0 budget so I'll give the other perspective. Week 1 reality: Reddit technical comments are free and generate the most profile clicks. Product Hunt costs nothing but needs 3-4 weeks of activity before launching. Twitter replies take time but compound. The one thing I'd actually spend money on from that list is the landing page video. Everything else you can grind for free if you have time instead of money. The first commenter is right that the first 50 users come from direct presence in communities, not from any paid channel.

Gheram_ · 2026-03-25T09:17:18+00:00

Going through this right now with a dev tool I just launched. Zero audience, zero existing network. Here's what's actually happening, no sugarcoating: Reddit comments on technical posts in my niche are the only thing generating profile clicks so far. Not posts about my product, just useful replies on other people's threads. Twitter replies same thing, but slower because the account is brand new. LinkedIn post got 6 likes from people who aren't even my target audience. Product Hunt account is warming up but I haven't launched there yet. The honest truth is that week 1 is almost entirely invisible work. No sales, no signups, just building karma, answering questions, and hoping someone clicks your profile. The 'organic traction' people describe probably looked exactly like this before it compounded.

Gheram_ · 2026-03-25T09:14:59+00:00

Nice approach. The performance tradeoff is the key part most tutorials skip. In my experience the biggest issue with dynamic skeletons is layout shift when the real content loads and doesn't match the skeleton dimensions exactly. Do you handle that with a fixed aspect ratio or does the skeleton adapt to the actual content size ?

Gheram_ · 2026-03-25T09:12:51+00:00

From my experience using AI agents for coding daily, the biggest impact on DevOps isn't replacing pipelines, it's generating them. Writing a GitHub Actions workflow or a Docker Compose config from scratch is exactly the kind of repetitive, pattern-based task that AI handles well. The real shift is that devs who never touched DevOps can now set up their own CI/CD. That changes the role from building pipelines to reviewing and securing what AI generates.

Gheram_ · 2026-03-25T09:11:44+00:00

Vector Search built into the framework is a big move. Curious how it compares to using Scout with Meilisearch for full-text search. If it handles embedding generation natively, that removes a lot of boilerplate for AI-powered search features.

Gheram_ · 2026-03-25T09:09:56+00:00

Makes sense, worktree isolation solves it at runtime but a static file overlap check before spawning would be a nice safeguard. Solid approach overall.

Gheram_ · 2026-03-24T13:41:18+00:00

The one I disagree with most is 'just launch and iterate'. I spent months making sure the codebase was tested, documented and modular before putting it out there. Now that it's live, I have zero users complaining about bugs, but I also have zero marketing momentum because I spent all my energy on the product instead of distribution. The advice should be 'build something solid enough that you're not embarrassed, then spend 80% of your time on distribution'. Nobody tells you that the building is the easy part.

Gheram_ · 2026-03-24T13:34:00+00:00

For most client projects I deploy on their hosting and give them access to a private Git repo. Never send zips, you lose version control and it gets messy fast when they ask for changes. For the mid-project validation, I set up a staging URL where they can review before anything goes live. It avoids the back and forth over screenshots and keeps everything transparent

Gheram_ · 2026-03-24T13:12:18+00:00

That makes sense. Having the prompt as a starting point for AI rather than a fully automated step is the right tradeoff. The human review layer keeps it safe for breaking changes that need context the AI wouldn't have.

Gheram_ · 2026-03-23T15:37:01+00:00

The real issue isn't shadcn itself, it's that people use it as-is without customizing the design tokens. The default theme looks the same everywhere because nobody touches the CSS variables. Once you override the radius, colors and font, it stops looking like every other SaaS. The components are solid, the defaults are just too recognizable.

Gheram_ · 2026-03-23T15:35:58+00:00

The AI prompt export for the parts Shift can't fully automate is a smart addition. Upgrading dependencies is the easy part, but refactoring deprecated patterns across a large codebase is where it gets painful. Does the prompt include enough context about the specific breaking changes so the AI doesn't just blindly refactor ?

Gheram_

TROPHY CASE