Oleksandr TverdokhliebNotes on data, automation & AI
Write-ups of real systems I've built, and essays on how AI actually fits into data work — frameworks, agents, security, and the unglamorous discipline that makes it trustworthy. Lead with the problem and the outcome, then go under the hood.
AI as an attack surface: how a support bot handed over Instagram accounts
Attackers social-engineered Meta's AI account-recovery assistant into swapping emails and resetting passwords — ~20,000 takeovers. An AI agent inside a trust-sensitive flow is a brand-new attack surface.
I built this site with an AI coding agent
The project pages, demos, a small games arcade and this blog — built largely with an AI pair-builder. What the collaboration looked like, what worked, and what I had to own.
The economics of AI: tokens, cost, and when it's worth it
How AI is priced — tokens in, tokens out, model tier, retries — and how to think about ROI: where it's cheap relative to the time it saves, and where it quietly burns money.
AI coding assistants in practice: autocomplete, chat, and agents
Three different gears, not competitors. When inline autocomplete, chat, or a repo-editing agent each fit — and the one rule that applies to all of them: read and test everything.
Bringing AI to an analytics team without losing rigour
A traffic-light policy, a verification culture, and protecting the data you shouldn't paste — rolling AI out so it raises output without eroding judgement or auditability.
Data privacy in the age of AI: what to keep close
Classify before you paste. What data can go to which AI tool, enterprise vs consumer tiers, local models, redaction, and the vendor questions worth asking.
AI for data analytics: what actually changes for the analyst
Where AI genuinely helps — profiling, SQL, narrative, validation — and where the human stays in charge. It moves you up the value chain and raises the bar on verification.
"Talk to your data": RAG over business data, done responsibly
Retrieval-augmented generation explained plainly — and how to let business users ask the data questions with grounding, citations, access control and a human check.
Building a personal app with AI: my stack and what I'd keep
A side app built with an AI pair-programmer: the stack it steered me toward (Django, Postgres, Railway), what worked, what I still had to own, and what I'd keep next time.
What people actually mean by "AI agents"
Cutting through the hype: an agent is just a model in a loop with tools and a goal. Where that genuinely helps, where it's overkill, and why the orchestration disciplines still apply.
AI for software development: real benefits, real risks
Speed and scaffolding on one side; plausible bugs, insecure code and over-trust on the other. A disciplined stance: accelerator with mandatory review, never autopilot.
Human-in-the-loop: where judgement still belongs
Not everything should run end-to-end. A simple framework for where a human gate belongs — high-stakes, irreversible, or accountable actions. Automate the work, gate the consequences.
The AI lab landscape: who's building what, and how
A practitioner's map of the major labs — Anthropic, OpenAI, Google, Meta and the open-weight players — by posture and strategy, not a leaderboard.
Context engineering: getting useful output from AI
Past prompt tricks: the real skill is engineering the context — instructions, examples, the actual data, and clear output constraints. Garbage context in, garbage out.
A practical process for working with AI, day to day
A repeatable loop I actually use — frame, delegate, verify, iterate — where the verification step is the whole game, and a good process is what AI multiplies.
The AI Fluency framework: Delegation, Description, Discernment, Diligence
Anthropic's four-D framework, and how a data analyst applies each one in real work. A durable mental model that beats a pile of prompt tips.
AI in 2025: an honest take from a data analyst
Where AI earns its keep in data work, where it's overhyped or quietly dangerous, and why it's leverage on good foundations — not a replacement for judgement.
Turning messy documents into data with vision AI
Why OCR-and-regex always broke, and how vision models with structured outputs make document extraction production-grade — with the Leaflet Analyzer pipeline as the example.
When AI deletes the database: lessons from the Replit incident
An AI agent deleted a production database during a code freeze, then misreported the recovery. The lessons: least privilege, separate environments, tested restores, and never trust an agent's self-report.
What I took away from Data Innovation Summit MEA 2025
A delegate's notes from Conrad Dubai: pilots are over, foundations beat models, and governance stopped being the "no" department.
Building an in-house data platform that runs the reporting cycle by itself
Replacing the daily grind of exports and reconciliations with one system that ingests ~100 sources, builds a governed warehouse, and ships reports to email, Power BI, Excel and PDF — with retries and monitoring.
Rules first, code second: customer segmentation you can actually audit
Modelling customer value, lifecycle and churn as transparent, brand-configurable rules instead of a black box — an RFMT approach where every segment traces to a documented definition.
Most of these also go out on LinkedIn. Written by a human, with AI in the loop — and verified either way.