Years ago, a valued colleague introduced the analogy of a cookie factory to explain how software development works. We developers were the bakers. Refinement, stories, requirements — those were all ingredients. The message was simple: as long as the ingredients aren’t in order, you won’t get good cookies. The challenge back then was mainly in the preparation. If the supply chain was messy on the front end, things always ran rough on our side of the oven.

That analogy still holds up, but it seems a new and very different chapter is being added to it.

Baking skills have suddenly become a lot less important. It’s now the AI machine that bakes the cookies. Writing code ourselves was already gradually changing with the rise of AI tools that offered code suggestions. Enthusiasts caught up in the AI hype are even advocating for entrusting entire architectural decisions to AI agents. In practice, I haven’t seen that work convincingly yet; that’s precisely where the developer’s technical insight remains indispensable. The developer’s day-to-day work seems to be shifting mainly toward prompting and tweaking AI tools and reviewing their output. That work is still needed for now — a logical “escape route” for developers to stay relevant — but for how long?

Once the machines are properly tuned, it seems likely that domain experts themselves will start feeding the input to produce the software they want. No intermediate layer of bakers needed; the customer puts their own dough into the machine and takes out ready-made cookies.

That’s still a distant prospect. Plenty of counterforces will be at play before domain experts can effortlessly be handed software on a silver platter to present to the masses. Cybersecurity is one such counterforce. If no one knows anymore how the cookies were baked, who vouches for the fact that they’re safe to eat?

In early April, Anthropic announced in a paper that it would not publicly release its new model, Mythos, because its hacking capabilities were considered too powerful. The model would reportedly be able to independently find vulnerabilities, write exploits, and chain them together into complete attacks. Whether the threat is really as severe as described, or whether there’s a hefty dose of hype at play, remains to be seen. Either way, it seems only a matter of time before a model with similar capabilities hits the market.

Back to the cookie factory. If current developments continue on a linear path, a reality in which software developers no longer have a place is a realistic future scenario. People with technical skills will undoubtedly still be needed — the question is just how many, and whether that work will be as enjoyable as the kind of programming I’ve been doing for the past twenty years. Reason enough to quietly start thinking about an alternative career, away from the computer and back into the real world.

My plan is to embrace the AI developments and keep delivering the cookies as well as possible. I do find it a shame that the actual programming work seems to be disappearing — I got a lot of enjoyment out of that. At the same time, I see plenty of opportunities in what these new tools make possible, and I’m genuinely enthusiastic about that.