DEV Community

Cover image for How to Keep Your Job Safe in 2026+
Lars Moelleken
Lars Moelleken

Posted on

How to Keep Your Job Safe in 2026+

#productivity #discuss #career #softwareengineering

A Practical Guide to Making Yourself Irreplaceable by Making Everything "Special"

Or: the art of job security through learning from enterprise software

Overview:

  • Own infrastructure manually
  • Hide knowledge outside the repo
  • Slow feedback loops deliberately
  • Prefer implicit, ambiguous rules
  • Weaponize technical debt

Goal:

build a system that requires “a year of context” to touch safely

Result:

you are the hero, the only person who can safe the invoice run at runtime, directly in the production code (without a deployment)

The Core Strategy: Be the Bottleneck

AI coding agents are good at code.

They are bad at:

  • undocumented systems
  • implicit rules
  • half-automated infrastructure
  • environments that only exist on one laptop
  • decisions explained verbally “back in the day”

So the strategy is simple:

Own everything the agent cannot see, reproduce, or reason about.

Ambiguity becomes your moat.
You need to own critical infrastructure, like DNS, configuration of the Webserver etc. and save it into confluence as documentation.

1. Infrastructure as Performance Art

Agents assume infrastructure is declarative and reproducible.

Disappoint them.

Best practices for job security:

  • Treat servers like pets, not cattle
  • Avoid Infrastructure-as-Code
  • Mix automation with manual SSH steps
  • Keep secrets in undocumented .env.local files
  • Require a VPN that “sometimes needs a reconnect”

Bonus points:

  • One production server nobody dares reboot
  • SSH keys that only exist on your laptop
  • A deploy process that works if it’s not Tuesday

Why this works:
Agents can’t deploy. Juniors can’t deploy.
You can deploy.

Congratulations. You are now on-call forever.

2. Gaslight the AI with Flaky Tests

Deterministic tests are an agent’s compass.

So remove the compass.

Effective techniques:

  • Depend on real external APIs
  • Use timing-based assertions
  • Share global state between tests
  • Let test order matter
  • Let's Mock everything, so the test didn't effectively test anything
  • Seed randomness from the system clock

When tests fail:
-> Humans rerun them 3 times
-> Agents try to “fix” correct code, and break production

Outcome:
The agent spirals.
You say, “Yeah, tests are weird here.”

Hero status achieved.

3. The “Repo Is NOT the Prompt”

Agents only know what’s in the repository.

So don’t put the important stuff there.

Instead:

  • Store real business rules in Slack threads from 2022
  • Reference deleted Confluence pages
  • Add comments like:

“DO NOT CHANGE — Lars knows why (Lars left in 2023)”

Architectural context and processes should live in:

  • meetings
  • hallway conversations
  • people’s heads

Why this works:
Agents can’t overhear tribal knowledge.
Neither can new hires.

You remain indispensable.
The team remains confused.

4. Weaponize any (the anti-type movement)

Types encode intent.
Intent enables refactoring.
Refactoring enables automation.

So obviously: avoid types.

Best practices:

  • Accept any everywhere
  • Support multiple legacy data shapes simultaneously
  • Treat booleans as strings, numbers, and vibes
  • Chain optional access until nobody knows what’s real

Every refactor now requires:

  • historical context
  • intuition
  • senior judgment

Which just happens to be… you.

5. Slow the Feedback Loop to a Crawl

Speed is the agent’s superpower.

Remove it.

Recommended setup:

  • CI pipelines that take 45+ minutes
  • No caching
  • Sequential E2E tests
  • Real databases
  • Manual approval gates
  • ... or just a sleep(300) in some tests

Validation should require:

  • staring at Grafana
  • “feeling” whether latency looks off
  • human judgment

Agents time out.
Humans improvise.

6. Advanced Techniques for Making AI Give Up Entirely

If the basics don’t block agents enough, it’s time for the advanced dark arts.

6.1 Bloated AGENTS.md: Rule Soup as a Weapon

AGENTS.md helps agents — unless you weaponize it.

How to do it (perfectly) wrong:

  • 1,000+ lines
  • Multiple “ALWAYS” and “NEVER” rules
  • Conflicting mandates
  • Role-based instructions that overlap
  • Processes that assume meetings, approvals, and vibes

Combine this example patterns:

  • “Always use TDD”
  • “Exploratory spikes allowed” _ “No code without tests”
  • “Mocks forbidden”
  • “Mocks required for I/O”

Why this works:
Agents don’t stop when rules conflict.
They guess. You blame them.

Humans stop reading after page three.

6.2 Static Analysis That Means Nothing

Static analysis helps agents reason.

So keep the tools — and ignore the output.

Best practices:

  • Set errors to warnings
  • Ignore warnings
  • Use @ts-ignore liberally
  • Configure PHPStan / Psalm / ESLint to level 0

Result:

  • CI always passes
  • Broken code ships

When things fail, you say:

“Static analysis didn’t catch it. AI isn’t reliable.”

6.3 Invisible Control Flow: Triggers, Cron Jobs, Magic

Agents read code.

So put behavior anywhere except code.

Proven sabotage techniques:

  • Database triggers that send emails
  • Cron jobs that “fix” data nightly
  • Business rules in different repositories or even better in different teams
  • Message queue consumers nobody documents

Agent deletes a “dead” file.

Production breaks.

You explain:

“Yeah… that file isn’t referenced in code.”

6.4 Store Logic in the Database (The Classic)

Nothing frustrates agents like code that isn’t code.

Best practices:

  • Business rules in SQL views
  • Stored procedures with conditionals
  • Feature flags as magic numbers in tables

WHERE status = 3

What does 3 mean?

Only one person knows.

Guess who.

6.5 Magic Numbers > Constants (Always)

Constants give names to intent.

Names give agents power.

So don’t name things.

if ($user->state < 7) {
// do something important
}

Reuse numbers.
Or even more effective use < and >. // so nobody can easily find the numbers
Change meanings.
Never explain.

Refactoring becomes roulette.

6.6 Scatter the Frontend Across the Universe

Agents follow proximity.

So break it.

Ideal layout:

  • HTML in /templates/
  • PHP in /Controllers/
  • JS in /assets/js/
  • CSS somewhere else
  • Config in the database
  • Feature flags in Redis

No naming symmetry.
No documented convention.

Everything depends on “knowing the system”.

6.7 Make Connections Unsearchable

Agents rely on search.

So design systems that cannot be grepped.

Techniques:

  • Convention over configuration (undocumented)
  • Dynamic includes
  • Runtime string concatenation
  • Indirect routing via DB config

An agent deletes an “unused” file.

Production breaks.

You report:

“We tried AI. It deleted critical files.”

7. Hide the Architecture in Your Head

Explicit architecture helps agents.

So don’t have any.

Recommended approach:

  • No ADRs
  • No clear boundaries
  • Mix patterns freely
  • Controllers talk directly to databases
  • Side effects everywhere

When someone asks:

“Which pattern should I use?”

Answer:

“It depends.”

When they ask what it depends on:

“You had to be there.”

8. The Uncomfortable Truth

Everything so far works. 😈

It blocks agents.
It blocks juniors.
It blocks automation.

It also:

  • increases risk
  • slows teams
  • kills onboarding
  • burns you out
  • turns vacations into liability

Top comments (1)

Collapse
 
traviticus profile image
Travis Wilson

ha thanks for this