The highest ROI of an LLM is not writing code; it is reading code. An AI can scan 5,000 lines of logic for an obscure ReDoS vulnerability in three seconds.
1The Polite Problem
OpenAI and Anthropic spend millions of dollars fine-tuning their models (RLHF) to be helpful, agreeable, and polite. If you ask 'How is my code?', the AI's highest probability response is 'Your code looks great! Here are a few minor tweaks.' This is useless for software engineering. You must break this alignment. You must explicitly command: 'Do NOT be polite. Do NOT praise me. Act as a Ruthless Principal Engineer and tear this code apart.'
2Framework Injection
Do not ask the AI to 'look for bugs'. That is too vague. You must inject specific analytical frameworks into the prompt's Context layer. Command the AI to review the code specifically against the 'OWASP Top 10', 'SANS CWE 25', or 'Big O Time/Space Complexity constraints'. By naming the specific framework, you activate the LLM's deep training data on those exact academic subjects.
3The Self-Review Loop
A secret of elite AI engineers is the Self-Review Loop. Generate a complex function in Chat Window A. Copy it. Open Chat Window B. Give the AI the Ruthless persona, and ask it to find the flaws in the code from Chat Window A. Because it is evaluating the code as an input rather than generating it as an output, it will almost always find edge cases or vulnerabilities that it completely missed during the initial generation.
