The promise of AI coding tools has been nothing short of astonishing. AI will replace your need to hire software developers, and transform your existing developers into 10x engineers. According to this commonly believed view, AI will revolutionize software development productivity across the board, making the entire world better. But is this truly a potential reality? A new report from GitClear paints a very different picture. After studying over 2,000 developer-weeks of data, the report shows…

The promise sounds compelling: write what you want in plain English, let AI translate it into working code, and watch your application come to life in minutes instead of days.  This is "vibe programming”. Vibe programming is the practice of using AI to generate production code from natural language descriptions. Proponents claim it will democratize software development and reduce the need for traditional professional developers. The reality is far different and far more troubling. Vibe progr…

We’ve all seen it. You’re creating a new account on a website, and instead of filling out yet another registration form, there’s that tempting blue button: “Sign In with Google.” One click, and you’re in. No password to remember, no confirmation email to wait for, just instant access. It seems like the perfect solution to our password fatigue problem. And in many ways, it is convenient. Sites like Medium, Spotify, Figma, and thousands of others have embraced this pattern, allowing users to aut…

AI is everywhere. It’s on the news, in the boardroom, and on the lips of every product manager with a quarterly roadmap to fill. Whether the push comes from investor pressure, competitive FOMO, or just nervous executives who don’t want to be “left behind,” the demand for an AI strategy is real. And this demand is landing squarely on your desk. As a software architect, you’re right in the middle of this storm. Your job isn’t just to build systems; it’s to translate business goals into techni…

In this episode of the Software Architecture Insights podcast, we explore the evolving landscape of conversational AI with Kylan Gibbs, the CEO and founder of InWorld AI.  We focus on the evolving landscape of software architecture, focusing on the role of AI in modern applications. I think you'll enjoy this episode. Have a listen!

You’ve heard it many times: ““Sure, I Can Do That.”” AI always wants to be your friend. Ask an AI assistant for help and it’s quick to reply: “Sure!” “Absolutely!” “Of course I can do that!” And it really sounds like it can. The problem? Too often it can’t. And instead of saying, “I don’t know,” it just makes something up. “Confidently…“Politely…“And completely wrong.””” The “Yes, and…” Problem We’ve built AI systems that act like the world’s most agreeable intern. Always nodding, never cha…

It’s hard not to admire confidence in marketing. Take Fortra, for example. Fortra is the new parent company of GoAnywhere, a Managed File Transfer (MFT) solution that’s been around for years. The Fortra website proudly declares, “We break the attack chain.” Catchy, right? Except… “break” might have been a little too on the nose. Because that’s exactly what happened recently: their security response came to a screeching halt. On September 11th, a new critical vulnerability (CVE-2025-10035) was d…

Igor Debatur, the founder of Uploadcare, joins us to discuss the complexities and challenges of file management in modern applications. Uploadcare specializes in making the file upload experience seamless for users. Igor shares how their journey started from being an agency that built products for clients to creating a comprehensive solution for file management that addresses the needs of engineers today. We delve into the intricacies of file uploads, which may seem straightforward but are frau…

It seems like AI has become suddenly important to Software Architects in nearly all industries. It’s the latest and greatest technology in a world of fast moving technologies. Actually, AI is not “suddenly” important. AI has been around for as long as software has been around, dating back as early as the 1950s. In the 1970’s, AI technology in the form of Lisp software systems, were believed to be a very promising but just a bit out of reach “silver bullet” solution to every problem. But the “si…

Michi Kono, the CTO of Garner Health, joins us to discuss the intersection of technology and healthcare. Garner Health leverages advanced data management techniques to help employers find the best healthcare providers for their employees. Michi shares insights from his extensive background in the financial sector, where he led significant tech initiatives, and explains how those experiences inform his current work in healthcare. We explore the complexities of the U.S. healthcare system, includi…

Welcome to the first episode of the Software Architecture Insights new podcast! The landscape of software development has notably transformed in 2024, with 62% of developers now leveraging AI in their workflows. While this integration has significantly boosted productivity, it has also raised concerns regarding code quality and complexity. The discussion reflects on findings from the recent 2025 GitClear AI Code Quality Research report, which analyzed over 211 million lines of code and reveale…

It's 2025. AI is no longer a novelty. It’s a fact of life. Generative AI models have matured, multimodal systems can process text, images, and speech relatively seamlessly, and AI-powered copilots have found their way into developer tools, office suites, and even design platforms. And yet… the hype hasn’t gone away. If anything, the AI hype is getting louder. Every product launch announcement now must include a phrase like “Now with AI!” Investors want to know what your “AI strategy” is. Com…

Not all applications are created equal. Some are built to process transactions and maintain state, while others focus on delivering content, data, or experiences to users. For software architects and engineering leaders, distinguishing between these core application types is critical for making sound decisions about scalability, infrastructure, security, and data management. Why? Because how you design, build, construct, and operate your application is different based on your customer use pat…

Another critical principle in maintaining a safe and secure application running in the cloud is understanding the Principle of Least Privilege. The Principle of Least Privilege is an industry-standard security principle widely known to reduce the impact of bad actor attacks. The idea behind the principle of least privilege is to: 1. Grant an entity the minimum permission it absolutely needs to perform its operations. 2. Grant no more permissions than that. This principle applies to cloud infra…

If you’ve ever spoken out to your iPhone and said “Hey Siri, what’s the weather in Seattle, WA”, or spoke to an Amazon Echo device and said “Alexa, turn on the bedroom lights”, you’ve given an AI a set of instructions for it to execute. You’ve given an AI a prompt. In the Alexa case, the phrase is converted from an audio snippet into text, and that text is sent to an AI system — Amazon Alexa in this case — for it to determine the desired actions. The output of that process is a set of actions …

As modern applications grow more complex and valuable, their security becomes increasingly critical. Yet many organizations still operate with a flat security model—one breach and attackers gain access to everything. This approach is like building a house with a reinforced front door but paper-thin walls. How can you improve your application security to reduce your risk of attack? Use isolation zones. Isolation zones aren’t just a best practice—it’s the difference between a minor security incid…

Both you and your cloud provider have a critical role in keeping your application safe. It’s a principle of security known as the Principle of Shared Responsibility. It describes a model for assigning ownership of various security aspects between the cloud provider and you. It’s a principle that has been championed heavily by AWS, but it applies to all cloud providers in all situations. The key to the principle is an agreed-upon set of responsibilities for keeping the application safe for eac…

The software development landscape has shifted dramatically. In 2024, a whopping 62% of professional developers use AI in their development process. This has done wonders for the productivity of an average software developer, and has led many people to assume this means that either we need fewer software developers or, more likely, we can get more and better software developed with existing staff. However, there are issues with this shift. Last year, I read and loved the 2024 GitClear AI repo…

Cloud-native applications make heavy use of services and microservice architectures. Distributed applications provide many benefits to modern application development processes and lend themselves particularly well to applications deployed in the public cloud. But microservices can also create additional and unwanted vulnerability points that bad actors can leverage to compromise your application. A single compromised service, no matter how small, can lead to vulnerabilities that can be exploit…

In my previous article, I discussed five best practices for managing configurations in cloud-native applications. This article expands those recommendations by giving strategies for how to manage large scale configuration systems for large modern applications. The Configuration Explosion ProblemRemember when our simple applications had a single configuration file? Those days are long gone. Today’s applications don’t just have more configuration—they have exponentially more complex configuration…

Managing configuration information in a complex, cloud-native application can be daunting. There is seemingly configuration everywhere. • There’s configuration describing the network interconnections in your system, including routing rules and port blocking. • There’s configuration for your load balancers, determining where to send traffic destined for your service. • There’s configuration for security permissions needed for databases, caches, servers, third-party applications, and other system…

Software architects hold a unique and influential position in the product development lifecycle, guiding technical decisions that shape the product's future. Let me be clear - architects aren't just technical decision makers, they're risk managers who shape your entire product's future. I've seen this firsthand in my years at AWS, New Relic and other enterprises. When you're operating at scale, every architectural decision carries both opportunity and risk. Technical debt isn't just a burden - …

“Ready to pull the ripcord on VMWare? On Nov 6, join my friends over at CAST and AWS to learn how software intelligence can speed up and derisk the move to best-fit cloud services. Register today!” In the complex ecosystem of software development, the role of a software architect is critical in shaping the direction and success of product development. Software architects wield significant influence that extends well beyond writing code or making isolated technical decisions. Software architect…

In world of software development, the role of a software architect often appears to stand at the top of the technical leadership ladder. With that responsibility comes an even greater need for continuous learning and adaptation. As someone who's spent years in the trenches of cloud architecture, I can tell you that the moment you stop learning is the moment you start becoming obsolete. The Shifting Sands of Technology Let's face it: the tech landscape is changing faster than ever before. What…

Migrating to the cloud can be daunting, especially when dealing with complex applications, which can have a life of their own. These applications can act in seemingly random ways when exposed to unexpected stimuli, such as moving from a stable data center environment to a more chaotic cloud environment. This inherent complexity makes migrating to the cloud risky, but there are ways to mitigate the risk. Piecemeal MigrationProper pre-migration preparation is critical to a successful cloud migrat…

As the world of software development continues to evolve at a rapid pace, organizations are increasingly turning to tools such as Kubernetes to deploy, scale, and manage their containerized applications. Kubernetes and containers have, in particular, revolutionized how we build and deploy applications, but with this power comes the responsibility of ensuring our systems' health, performance, and reliability. This is where effective monitoring comes into play. I've spent years working with comp…

As someone who has spent decades at the forefront of the tech industry, I've seen firsthand how emerging technologies can disrupt the status quo. With the rapid advancement of artificial intelligence (AI), it's natural to wonder about its potential impact on the job market, particularly for roles that rely on uniquely human skills. However, I believe that most human-centric jobs, including writers, actors, and lawyers, will not only survive but thrive in the age of AI. The recently released St…

In the rapidly evolving world of artificial intelligence (AI), getting caught up in the hype is easy. After all, computer intelligence appears poised to surpass human intelligence in every domain. However, despite the remarkable progress AI has made in recent years, there are still areas where humans maintain a clear advantage. According to Stanford University's AI Index report for 2024, AI systems continue to lag behind human performance in tasks that require complex cognitive abilities, such…

The world of artificial intelligence (AI) is undergoing a profound transformation, and at the heart of this change is the rise of open-source AI models. According to Stanford University's AI Index report for 2024, a remarkable 65.7% of the 149 foundation models released in 2023 were open-source, up from 44.4% in 2022 and 33.3% in 2021. This shift towards open-source AI is not just a passing trend; it's a movement that is redefining the very nature of AI development and deployment. Open-Source A…

In all the different ways we know in order to migrate an application to the cloud, the lift-and-shift strategy is often the first method organizations attempt. It’s a simple concept: take your existing applications and move them, as is, to the cloud. But simplicity can be deceptive. I’ve seen firsthand how this approach can lead to a host of issues, particularly when it comes to the underutilization of dynamic cloud resources. Migrating to the cloud using lift-and-shift may be the most expensi…