diffray

Your system prompts aren't secret. Neither is your RAG data if you're missing tenant isolation. OWASP just updated their LLM Top 10 for 2025. Two new entries. Both terrifying for anyone building AI apps. We broke down all 10 with real vulnerable code patterns and how to fix them. https://lnkd.in/d_GscZSb

AI identifies a "critical bug" in your pull request, leading to a 20-minute investigation. However, the bug turns out to be nonexistent. After experiencing this 3-5 times, trust in the tool diminishes, even when it is accurate. The data is concerning: - 29-45% of AI-generated code contains security vulnerabilities. - 19.7% of package recommendations are entirely fabricated. - Developer trust in AI accuracy has plummeted from 43% to 33% within a year. On a positive note, layered mitigations can reduce hallucinations by 96%. We explored the research on why large language models (LLMs) hallucinate and what effective solutions exist. For more insights, check out the full article here: https://lnkd.in/dmjtV8Vm

Your tests pass. Your code works. But 6 months later a one-day feature takes a week. → 200-line methods → God Objects with 40 dependencies → 6 levels of nested if-statements No build ever broke. Technical debt just quietly compounded. New: Refactoring Advisor — catches code smells in every PR before they become a rewrite project. https://lnkd.in/dE939w94

Adding more context to an AI can make it DUMBER. Sounds wrong, right? But research from Stanford, Google, and Meta proves it: → 13.9-85% accuracy drop as context grows → GPT-3.5 performed WORSE with 20 documents than with zero → 11 out of 12 models crashed below 50% at just 32K tokens The culprit? Context Dilution. LLMs don't "read" your entire prompt equally. They suffer from a U-shaped attention curve—great at beginnings and endings, terrible in the middle. Dumping your whole codebase into ChatGPT isn't smart. It's sabotage. We wrote a deep-dive with 15+ research papers explaining why—and what to do instead. 📖 https://lnkd.in/efquB64A

Your code passes tests and your build succeeds, but what happens when your page isn't indexed? You might find out weeks later through Search Console that: - Meta description is empty, leading Google to show random text. - Open Graph image returns a 404, resulting in broken links in Slack. - Canonical still points to staging. No tests failed, and no builds broke, yet you silently lose 3 weeks of organic traffic. To address this, we are excited to announce the launch of SEO Expert — diffray's 10th AI agent. This tool identifies SEO issues in every pull request, ensuring problems are caught before merging and deploying, ultimately protecting your rankings. Here’s what SEO Expert checks for: - Missing or duplicate meta tags - Broken OpenGraph images - Incorrect canonical URLs - Missing structured data (JSON-LD) - Heading hierarchy issues - Accidental noindex tags Good SEO is crucial for AI search. Tools like ChatGPT, Perplexity, and Claude rely on Google and Bing for information. If you don’t rank, AI tools won’t cite you either. One optimization can enhance your visibility across two discovery channels. Full details below. Full details 👇 https://lnkd.in/eRv3vZB5

ChatGPT's inconsistent code reviews highlight a significant issue in AI evaluation. When an entire pull request is inputted into a language model with the prompt "review this code," several problems arise: - Signal drowns in noise - Critical files get buried in the "lost middle" - False positive rates range from 60-80% The solution isn't simply larger context windows; it's about implementing structured rules. At diffray, we establish clear guidelines that instruct the AI on: - What to look for - Where to look - How to report findings With the same code and the same rules, the AI delivers consistent findings every time. This post illustrates why determinism is superior to "vibes-based" AI review. 👇 https://lnkd.in/eDBU-mJS

Why do developers ignore 78% of AI code review comments? Because most tools are one AI trying to check security, performance, bugs, and style all at once. Attention spreads thin. Critical issues get lost. We built diffray differently — 9 specialized agents, each an expert in their domain. Meet the team that reviews your PRs: https://lnkd.in/ewYab69u

 More context ≠ better AI performance.  New research confirms what we've seen in production: LLMs start failing at ~25-30k tokens — far below advertised context windows.  Key findings:  → Fewer, curated documents beat large context dumps by 10-20%  → "Lost in the middle" problem causes U-shaped performance degradation  → Agentic retrieval outperforms static context injection by 7x  For AI code review, this means precision over volume. A focused security agent with relevant context beats a general model drowning in irrelevant files.  That's why we built diffray on multi-agent architecture — each agent gets exactly the context it needs, nothing more.  Read the full article: https://lnkd.in/e-2QS_xh  #AICodeReview #LLM #SoftwareEngineering #DevTools #AI

Most AI code reviewers get ignored. 20 comments per PR. Developers read 2, disable the tool, move on. The problem isn't AI — it's single-agent AI trying to do everything at once. We built diffray differently: multi-agent architecture. Security, Performance, Bugs, Architecture — each agent focused on one thing, running in parallel. Then deduplication kills duplicates. Confidence scoring filters the guesswork. 20 comments → 3 comments. 3 ignored → 3 fixed. That's the difference between a tool developers disable and a tool they actually use. Free for open source. 2-minute GitHub setup. https://diffray.ai/