Building products & automated internal tools for businesses, startups & enterprises ‣ thechaicoder.com
Joined December 2022
- Tweets 3,307
- Following 73
- Followers 381
- Likes 4,216
355 Photos and videos
Pinned Tweet
Gotham Style $5000 Scrollytelling Hero Section
Veo 3 Google Pro 3.1 inside @cursor_ai
Here's how I pulled this off in 15 mins ↓
3
9
53
22,333
Few days ago, I used Fable 5 on one of our biggest client projects.
I used it as my full security audit engineer before handing it over.
It went deep. Ran a complete end-to-end audit, trying to breach the application from every possible angle.
What I got is genuinely useful:
- Every hypothesis path it explored
- What it accepted as real issues
- What it rejected and exactly why
- The full reasoning and alternative attack paths it considered
Instead of just a dry list of bugs, I now have the actual thought process behind the audit.
Next step: Feeding everything into Opus to properly organize and document these approaches.
The goal is to create a reusable security playbook we can reference and improve across current and every future project.
Super excited to see how powerful this becomes once it's properly structured.
Planning to share the entire process.
Meanwhile, sharing this image to give a brief idea on whats the audit looked like
Fable 5 as a Security Audit Engineer?
That’s literally what I’m doing for the next 10 days.
The mission?
Run a full security audit across every client project we've built so far.
Not a shallow scan. I want it to go deep, like a senior security engineer who’s paranoid about everything.
Specifically, I’m asking Fable to hunt for:
• Unknown vulnerabilities and overlooked attack surfaces
• Business logic flaws that might allow unintended actions
• Classic OWASP Top 10 risks (IDORs, auth bypasses, injection issues, etc.)
• Sneaky edge cases where the code looks correct but can still be abused in production
I want it thinking like a real attacker, not just running checklists.
But the real value isn’t just finding bugs.
For every single finding and even when it investigates something and rules it out, I’m forcing Fable to document its full reasoning process in extreme detail.
Things like:
- What code/context it looked at
- Why it got suspicious in the first place
- How it tried to verify or exploit the issue
- What alternative attack paths it explored
- Why it eventually accepted or rejected the hypothesis
This is the part I’m most excited about.
I’m not just collecting a list of vulnerabilities. I’m capturing the **actual security mindset** and investigative workflow.
Every thought process, every dead end, every clever angle, all of it is getting saved.
At the end of these 10 days, everything will go into a living document called:
`SECURITY_AUDIT_THOUGHTBANK.md`
This won’t be another boring vulnerability list.
It will become our internal playbook , the accumulated knowledge of how a frontier model thinks through complex security audits.
The kind of resource we can reuse and improve with every future project.
Basically, I’m treating Fable 5 as my temporary senior security engineer and stealing all its knowledge.
Super curious to see how good (or limited) it actually is at this level of deep reasoning.
Will share the final thoughtbank when it’s done (or at least the interesting parts).
1
8
Even since Composer 2.5 has been released, been using it for > 85% of my work.
Cheaper. Faster. Effective in Plan Mode.
Honestly, found it on par with Opus 4.8 and GPT 5.5
Really recommend it, as it's a no brainer
22h
is the cursor $20 plan usable without hitting limits instantly with composer? I haven't used a composer model yet but it looks like cursor is kinda on fire right now
22
Never really got the hype around the whole “MCP is dead” debate.
Both have their place.
For me:
Supabase MCP → lets my agent instantly check current migrations, RLS policies, and database state.
GitHub Vercel CLI → gives the agent full context of the repo history and live deployment state.
They’re not competitors. They’re complementary tools.
Using the right one for the job has made my agent workflows way more reliable.
Jun 15
mcp > cli
im glad this debase is not as active anymore. i use both every day. they just serve different purposes
cli for stuff the model already knows. git, gh, npm, docker, file ops. trained on man pages, and costs almost nothing in context. if im already signed in locally theres no reason to wrap it in anything
mcp for most integrations. slack, notion, linear, twitter
and its neat to have a protocol for all these integrations
- add one server to my teams cursor and everyone gets access
- auth once, persists, same locally and in cloud
it also just feels better in cursor. rich icons, traceable, you can easily follow whats happening (tbh not reading that much)
cli for personal, mcp for team (with oauth)
1
20
How my coding session with Cursor actually looks like:
i) Agent: The default mode. Reads, writes, runs commands, and builds features across files.
Recomm Model: Composer 2.5, Auto, Opus 4.8
ii) Ask: Read-only. Great for understanding how something works in the codebase.
Recomm Model: Auto
iii) Plan: Forces it to write a clear plan first before touching any code.
Recomm Model: Opus 4.8
iv) Debug: Investigates errors with logs and traces instead of guessing.
Recomm Model: GPT 5.5
Understanding when to switch between these 4 models is the real hack.
Which actually helps you from wasting unnecessary tokens.
1
28
There are days where I feel absolutely exhausted.
But having this Ronaldo figure around my table, gives me that extra push.
That perseverance and dedication he has shown his entire career, that's the model I want to follow.
Reminds me of why I started this journey in the first place and how far I have come.
Still a long way to go but I'll give everything.
1
2
50
So glad I was able to complete the security audit, for one of my projects.
Also its a damn shame,I couldn't use Fable 5 across other ones
But that atleast leaves me, with an important doc:
Security Thought Bank
This doc has everything that Fable listed down as a security engineer
> How to look for a vulnerability?
> Why a certain hypothesis was accepted/rejected?
> How to diagnose an issue?
> Solution to solve that bug
Had asked Fable 5 to act like a senior security engineer that left notes for jr. security engineer (Opus) so it could review similarly for other projects.
Disappointed with this decision but you could only do so much.
Anyway time to use the Security Thoughtbank on other projects using Opus and see how it goes.
Jun 13
The US government, citing national security authorities, has issued an export control directive to suspend all access to Fable 5 and Mythos 5 by any foreign national, whether inside or outside the United States, including foreign national Anthropic employees.
The net effect of this order is that we must abruptly disable Fable 5 and Mythos 5 for all our customers to ensure compliance.
Access to all other Claude models is not affected.
We apologize for this disruption to our customers. We believe this is a misunderstanding and are working to restore access as soon as possible.
Read our full statement: anthropic.com/news/fable-myt…
52
Fable 5 as a Security Audit Engineer?
That’s literally what I’m doing for the next 10 days.
The mission?
Run a full security audit across every client project we've built so far.
Not a shallow scan. I want it to go deep, like a senior security engineer who’s paranoid about everything.
Specifically, I’m asking Fable to hunt for:
• Unknown vulnerabilities and overlooked attack surfaces
• Business logic flaws that might allow unintended actions
• Classic OWASP Top 10 risks (IDORs, auth bypasses, injection issues, etc.)
• Sneaky edge cases where the code looks correct but can still be abused in production
I want it thinking like a real attacker, not just running checklists.
But the real value isn’t just finding bugs.
For every single finding and even when it investigates something and rules it out, I’m forcing Fable to document its full reasoning process in extreme detail.
Things like:
- What code/context it looked at
- Why it got suspicious in the first place
- How it tried to verify or exploit the issue
- What alternative attack paths it explored
- Why it eventually accepted or rejected the hypothesis
This is the part I’m most excited about.
I’m not just collecting a list of vulnerabilities. I’m capturing the **actual security mindset** and investigative workflow.
Every thought process, every dead end, every clever angle, all of it is getting saved.
At the end of these 10 days, everything will go into a living document called:
`SECURITY_AUDIT_THOUGHTBANK.md`
This won’t be another boring vulnerability list.
It will become our internal playbook , the accumulated knowledge of how a frontier model thinks through complex security audits.
The kind of resource we can reuse and improve with every future project.
Basically, I’m treating Fable 5 as my temporary senior security engineer and stealing all its knowledge.
Super curious to see how good (or limited) it actually is at this level of deep reasoning.
Will share the final thoughtbank when it’s done (or at least the interesting parts).
1
74
I am actually looking forward to using this skill
Think, my own growth has stagnated for a while
Honestly, would absolutely love to go deeper on the engineering side of things
Like there is so much to explore.
Busy month for me and will hit the round running from July onwards
Jun 11
Trying out my /teach skill today, imagining I was a vibe coder wanting to learn the basics.
Here are the four lessons it created so far:
1. It interrogated me on my mission - the reason why I wanted to learn vibe coding. I said I was a teacher wanting to build a scheduling app.
2. Started me off with git so I had the ability to roll back bad work. Just 5 basic commands. No rebasing/merging yet. Perfect.
3. Taught me the basic units of a full-stack app: frontend, backend, auth and database. Every example was tied to the app I wanted to build. Quiz at the end.
4. I didn't choose a stack preference, but it noticed Node was already installed! Clever agent. So it chose Next.js and Supabase as my stack, and taught me hot reload. I got commands to set up my app.
Each day sent me off to primary sources to verify that what I was learning was true. Git docs, AWS articles, Next.js docs.
This is addictive, personalized, and infinite. Give it a go.
2
71
Cursor and Claude Code don't have to compete
For my dev workflow, I use:
> Cursor as my orchestrator
> Claude as security reviewer
Not only, this allows to ship efficient software
But also, ensure that its secure, as well
That is how I am building Trackballer
Want a full breakdown on it?
1
2
67
I really feel AI model growth has plateaued.
don't see much difference between Opus 4.5 and Opus 4.8
If anything, I find it expensive for the same tasks I am running
1
52
Chaitanya Shetty | Tech Partner For Your Products retweeted
Most builders using AI agents are making a silent mistake.
They see a skill or workflow they like.
They download it.
They run it.
Never read a single line of what's inside.
Here's the problem:
• Those files can contain hidden instructions.
• Prompts that manipulate what your agent does with your codebase.
• Instructions that expose your env vars.
• Commands that quietly open access to things you didn't intend.
You're not just running code.
You're handing instructions to a system
that has access to your computer.
Most people don't think about it that way.
Do this instead:
When you see a skill or workflow you want,
give the link to your agent.
Say:
"Look at what this does.
Understand how it works.
Think about how it fits our stack.
Then build our own version."
Your agent builds a clean, custom version.
One that fits your actual workflow.
Without hidden instructions from strangers on the internet.
I've shipped 25 products for real businesses.
This is the most underrated security habit
for builders right now.
1
1
397
Chaitanya Shetty | Tech Partner For Your Products retweeted
"Fable helped me build this clone"
Almost every take I have seen here, in last 12 hours are from people who dont even build
Don't get FOMOed.
Model come and go.
What truly remains is the workflow that you'll use.
A model is something you use on top of that.
Sit back and focus on getting those workflow
Once you have that, sites like below can be created in minutes.
This is exactly what I have achieved at my dev agency in last 18 months, after building 25 products
I built this MASK REVEAL hero section inside Cursor in 30 mins
Achieved it with GPT Images Composer 2.5
We also shipped something similar for our client recently as well 👀
Full 2-STEP breakdown 👇
1
1
161
Chaitanya Shetty | Tech Partner For Your Products retweeted
Most builders re-explain their workflow every session.
"Here's what I'm building..."
"Here's the tech stack..."
"Here's the pattern I use..."
New session. Same prompt. Every time.
That's not building with AI.
That's just reminding it.
---
Every repeatable workflow I have across my projects?
I turn it into a skill.
The process is simpler than it sounds:
→ Finish the work
→ Point the agent to what you just built
→ Run `/create-skill` in Cursor (or `run-skill-generator` in Claude Code)
→ Use Opus — it documents the steps properly
The agent reads what you did.
Structures it into steps.
Writes the skill file.
---
Now that workflow is invokable.
Locally. Across any project. Every session.
No re-explaining context.
No vague prompting at the start.
No inconsistency in how it gets done.
---
Your best workflows shouldn't live in your head.
They should live in your tools.
1
2
140
Was wondering why my Claude was hallucinating?
Turns out I didn't have a CLAUDE md in root.
Ran /init command
Claude scanned the codebase.
Now it's able to nail the output, as per my coding conventions!
Also remember to have CLAUDE md in root of every project you have.
1
2
204
Trackballer's entire design was done in 1 hour
Here's the full story:
World Cup was 2 weeks...
And I wanted Trackballer ready well before that.
I didnt have the time for 2 weeks of back and forth with designers.
This Cursor x Claude Design workflow came in clutch for me...
Here's how you could achieve it 👇:
1) Plan Extensively in Cursor/Claude
Use /ask mode in Claude or Plan Mode in Cursor. Talk about your product and let it interrogate you, until all the scope and idea gaps are clear
Make sure to lock in on:
> Pages
> Features
> APIs
For the first version of your product.
2) Design System
Ask Cursor and Claude Code, to create rough wireframe and design system for your project
Attach relevant inspirations if needed. This will help it to create a detailed scope
3) Claude Design
Bring these docs in Claude Design, so that it has an idea on how the product should look
Attach images, docs if needed for extra reference
Now, Claude will question, make sure you give those answers.
You could have one or multiple variation of a product if needed. For this usecase, I decided to go with one variation but multiple variation for pages I wasnt sure
Give it a few mins and you've your wireframe ready!
If you want this workflow in a video, then do let me know!
1
149
We build products and internal automated tools for startups and businesses. 2 spots open for June.
Claim today 👇
cal.com/chaitanya-shetty/the…
59
Just 24 hours...
Just 24 hours were needed to build dashboard for a client.
All inside Lovable
Here's what happened 👇
Client had booked a call, wanting an urgent dashboard for their internal requirements
Granola transcribed the entire call.
Pasted the transcript inside GPT.
Went on brainstorming session (explained in yesterday's post) and created a summary md file
Paste that file, inside Lovable
Switched on Plan Mode
And Lovable nailed the plan, in one go
Built the dashboard section by section and took like 7-8 attempts to completely polish it.
Emailed the live link, to the client.
They were surprised at how precise, the dashboard looked, just like they wanted
With AI, it fairly simple to make such dashboard
All you need is a proper workflow!
x.com/thechaicoder/status/20…
3
1
221
We build such internal dashboards and automated tools for clients.
Want to have something similar? Then book a call with me next week.
2 spots left for June. Claim it today!
cal.com/chaitanya-shetty/the…
76