Fortifying the Digital Vault: A Wee Guide to AI Privacy

In a nutshell (TL;DR)...

The widespread use of generative AI tools introduces major security risks for private and confidential company information. Sensitive data can leak when prompts are retained for logging/training, employees paste data into unmanaged "Shadow AI" accounts (the "Copy/Paste Blind Spot"), or malicious "Prompt Injections" trick the model. Consequences are severe, including regulatory fines (GDPR/HIPAA), data breaches, and loss of competitive advantage. To stay secure, organizations must:

• Anonymize sensitive data (PII) before using external LLMs.

• Prioritize vendors offering Zero Data Retention (ZDR).

• Banish "Shadow AI" by enforcing Single Sign-On (SSO).

• Upgrade to action-centric Data Loss Prevention (DLP) that monitors copy/paste actions.

Apply the principle of least privilege and keep a human in the loop for critical actions.

The AI Privacy Guide: How to Keep Your Confidential Data Safe in the Age of LLMs

The company I work for has drummed into me the perils of letting slip any confidential information when working with AI applications, but just how important is it? My employer specifically lists the AI applications we are allowed to use when working with confidential information, so it’s a really important thing to bear in mind. Let’s have a look at what the problems are and how we can protect ourselves, our customers and our employers…

Everyone is officially living in the era of Artificial Intelligence. From drafting emails to analyzing complex datasets, generative AI and Large Language Models (LLMs) have seamlessly integrated into our daily workflows. In fact, nearly half of all enterprise employees are already using these tools. But amid all this newfound productivity, there is a crucial conversation we need to have: how are we protecting our private data and confidential company information?

While AI assistants are incredibly helpful, treating them like a private diary or a secure company vault can lead to serious risks. Let’s break down exactly how sensitive information can slip through the cracks, what the consequences are, and the best practices you should adopt to stay secure.

How Does Confidential Information Actually Go Public?

When you type a prompt into an external LLM, that data is processed by a third-party provider. If you aren't careful, sensitive information can be exposed in a few common ways:

Logging and Training Contamination

Many AI providers retain user prompts for a certain period to monitor for abuse, debug their systems, or even train future versions of their models. If you paste confidential data into a prompt, it could end up stored on the provider's servers or, worse, replicated in the model's future outputs.

The Copy/Paste Blind Spot

A staggering 77% of employees paste data directly into generative AI tools, and the vast majority of this activity happens on unmanaged personal accounts. Because this bypasses official corporate channels, IT and security teams have no visibility into what is being shared, creating a massive "Shadow AI" blind spot.

Prompt Injections

Malicious actors can use "prompt injections", carefully crafted inputs designed to manipulate the AI's behavior to trick the model into revealing sensitive information. This can lead to the AI accidentally exposing personally identifiable information (PII), confidential business strategies, or even system credentials. I’ve made a note to dig deeper on this subject for a later post…

The Uncomfortable Consequences of Data Leaks

The fallout from exposing sensitive data to an LLM is rarely a minor hiccup. When PII or corporate secrets leak, the consequences can be severe.

Regulatory Penalties

Mishandling personal data violates strict data protection regulations like GDPR and HIPAA. Failing to comply with these laws can result in massive legal and financial penalties.

Data Breaches and Loss of Trust

If a customer service chatbot or an internal AI tool inadvertently reveals private user details or passwords, it can lead to full-scale data breaches. This erodes user trust and severely damages your organization's reputation.

Loss of Competitive Advantage

Exposing proprietary business data or intellectual property can directly result in a loss of your competitive edge in the market.

Best Practices for Handling Sensitive Information with AI

Fortunately, you don't have to abandon AI to keep your data safe. By implementing a few strategic best practices, you can enjoy the benefits of LLMs while minimizing your risk.

1. Anonymize Before You Analyze

Before sending a prompt containing sensitive data to an external LLM, scrub the text of any PII. You can use automated tools to detect and replace names, emails, and phone numbers with generic placeholders (e.g., swapping a real name for [PERSON] or [EMAIL]). This allows the AI to understand the context of your prompt without ever seeing the raw, sensitive data.

2. Demand "Zero Data Retention" (ZDR)

If you are procuring AI tools for your company, prioritize vendors that offer "Zero Data Retention" agreements. Under a ZDR policy, the AI provider processes your prompt and immediately returns the response without writing your data to any persistent storage, logs, or training queues. This ensures your data exists only in memory for the duration of the request. I think this is what my employer might have in place for the applications I am allowed to use.

3. Banish "Shadow AI" and Enforce SSO

Employees often use unmanaged personal accounts to access AI tools, completely bypassing enterprise security. To regain control, organizations must restrict the use of personal accounts for business-critical apps and enforce Single Sign-On (SSO) across all corporate logins.

4. Upgrade Your Data Loss Prevention (DLP)

Traditional Data Loss Prevention tools are heavily focused on file uploads, but today's sensitive data usually leaks when employees copy and paste text directly into AI prompts. Organizations need to shift to "action-centric" DLP policies that monitor file-less data transfers and enforce controls directly at the web browser level.

5. Keep a Human in the Loop and Limit Privileges

Finally, never give an AI unchecked autonomy. Apply the principle of "least privilege" by ensuring your AI applications only have access to the specific data sources they absolutely need. For high-impact actions, like modifying files or handling highly sensitive records, always require human approval before the AI can proceed.

AI is a powerful collaborator, but it is ultimately up to us to set the boundaries. By treating generative AI platforms with the same security rigor as any other enterprise tool, we can innovate quickly without putting our most valuable data on the line.

Next week let’s take a shifty at this “prompt injection” malarky and see how we can protect ourselves from that…

The Rise of Swarm Intelligence and Agentic AI Architecture

 

TLDR

The AI industry is rapidly shifting from the copilot model (Generative AI) to Agentic AI (autonomous execution of complex workflows) using Swarm Intelligence. This new architecture replaces monolithic models by distributing tasks across specialized, collaborative sub-agents (e.g., Research, Execution, and Critique Agents). This multi-agent orchestration enables planning, debating, and self-correction, drastically increasing reliability and allowing for end-to-end task completion, such as autonomously building and testing software applications.

Throwing back to my post a few weeks ago where I suggested the end of Prompt Engineering, one topic that cropped up was “Swarm Intelligence”. It took a wee look at what that might mean in the world of AI…

From Copilots to Swarm Intelligence: How Autonomous Agents are Redefining AI

For the past few years, our relationship with Artificial Intelligence has been defined by the "copilot" model. In this paradigm, AI acts as a highly capable but passive assistant: you prompt it to draft an email, write a snippet of code, or summarize a document, and it generates a response. It was a revolutionary step, but it still required a human to manually drive every interaction, piece together the outputs, and execute the final task.

Today, that era is rapidly fading. The industry has decisively shifted from Generative AI (creating content) to Agentic AI (executing workflows). We are no longer just interacting with conversational copilots; we are deploying autonomous agents capable of planning, verifying, and executing complex, multi-step workflows end-to-end.

At the heart of this transformation is a radical change in how AI systems are architected: the death of the monolithic model and the rise of "Swarm Intelligence."

The Death of the "Single God Model"

Previously, the prevailing approach was to rely on a "Single God Model"—one massive, monolithic AI expected to handle everything from creative writing to complex mathematics and code deployment. However, forcing a single model to act as a jack-of-all-trades inevitably led to bottlenecks, logical breakdowns, and "hallucinations," especially when managing long-horizon tasks that require deep reasoning.

To solve this, the industry pivoted to Swarm Intelligence (or multi-agent orchestration). Instead of relying on one model to do it all, tasks are distributed across a network of specialized sub-agents that work collaboratively. By dividing responsibilities, these agents emulate real-world human teams, communicating, debating, and self-correcting to achieve a shared objective.

In a typical swarm architecture, a complex problem is broken down and assigned to specialized roles:

• The Research Agent: Dedicated to information gathering. It navigates external databases, scrapes the web, or searches internal documents to pull the exact context needed.

• The Execution Agent: The "doer" of the group. This agent takes the research and uses tools to take action, whether that means writing a script, drafting a comprehensive report, or configuring a server.

• The Critique (or Evaluator) Agent: The quality control layer. This agent independently reviews the Execution Agent's output, running tests, analyzing for logical flaws, and providing structured feedback for iterative refinement before any human ever sees the result.

Working in concert, these specialized sub-agents drastically reduce hallucination rates and solve problems that would overwhelm a single model.

A Tangible Example: Building Software with Agent Swarms

To understand how this looks in practice, let's look at Vibe Coding that I discussed previously, which is the process of building software applications through natural language rather than manual typing.

Imagine you want to build a full-stack Customer Relationship Management (CRM) application. In the old "copilot" days, you would prompt an AI to write the frontend code, copy-paste it, prompt it again for the database schema, manually wire them together, and spend hours debugging the inevitable integration errors.

Under a multi-agent orchestration platform (like Emergent or ChatDev), the process looks entirely different. You simply provide the high-level goal: "Build a CRM with a contact list, a pipeline view, and a database."

From there, the swarm takes over:

1. The Meta-Planner Agent receives your goal and breaks it down into a hierarchical task list, delegating work to subordinate agents.

2. The Design/Frontend Agent starts building the user interface components (like the contact list and pipeline dashboard).

3. The Backend/Execution Agent simultaneously spins up the database schema and writes the API routes to connect to the frontend.

4. The Critique/Testing Agent acts as an adversarial reviewer. It generates unit tests against the new code. If a database query fails or a security vulnerability is detected, the Critique Agent sends the error log directly back to the Execution Agent with instructions on how to fix it.

This multi-agent debate and refinement loop, where agents critique each other to expose errors and enforce self-correction, continues autonomously until the tests pass. The system ultimately delivers a fully functional, deployed application. You didn't write the code, nor did you have to guide the AI step-by-step; you acted as the high-level director while the swarm managed the execution.

The Future: Agent Meshes and Scalable Oversight

The shift toward Swarm Intelligence provides a framework for true reliability. By assigning agents to constantly verify and critique work, businesses can deploy AI with built-in guardrails against cascading errors. Pre-internet me says “That’s the theory anyway!”

Looking ahead, we will see the rise of standardized "agent meshes"—interconnected networks of agents that securely handle planning, memory, tool routing, and supervision across entire enterprise workflow. As these agentic systems mature, they will fade into the background infrastructure of our daily work, evolving from simple assistants you chat with into highly productive digital teammates that autonomously bring your ideas to life.

Beyond the Prompt: Context Engineering

 

TL;DR

Context Engineering is the new discipline replacing traditional prompt engineering. Instead of massive, static prompts that lead to "context rot" and high costs, Context Engineering architects dynamic systems to feed Large Language Models (LLMs) only the necessary information at the right time. This is achieved through techniques like Query Rewriting, Active Memory Management (for key facts), and standardized tools like the Model Context Protocol (MCP) for connecting to external APIs. The focus shifts from talking to a model to building the world it lives in.

Apologies for the absence of a post last week, the day job and family holidays got in the way! In my previous a couple of weeks ago I waffled on about Vibe Coding, which is only one aspect of AI that seems to be placing “prompt engineering” as a thing of the past. If vibe coding is how we interact with the output of AI, Context Engineering is how we manage the input.

Context Engineering is the discipline of designing the architecture that feeds an LLM the right information at the right time. It is not about changing the model itself, but about building the bridges that connect it to the outside world, retrieving external data, connecting it to live tools, and giving it a memory.

From Prompts to Context

I’ve heard it mentioned in a few articles on this matter that "if your prompt is a recipe, the model is your kitchen".

In traditional prompt engineering, you tried to cram everything into the recipe. You would write a massive prompt containing the persona, the task, the rules, and all the reference text. But models have a limited "context window" (i.e. their working memory). Overloading this window increases costs, slows down response times, and causes models to suffer from "context rot," where they forget important instructions.

Context engineering solves this by treating the prompt as a dynamic, living ecosystem. It acts like the mise en place for a chef, gathering only the exact ingredients and tools needed for the immediate task before cooking.

A Real Example

The Old Way (Static Prompting)

From yester-year, as far back as 2024! We would employ a workflow where we try to solve the AI's lack of knowledge by cramming everything into a single, massive text box.

• The Process: You build a 5,000-word system prompt that includes the persona instructions, the entire 50-page company return policy, and the complete transcript of the user's last 20 messages.

• The Bottleneck: This approach relies on a static "retrieve, then generate" pipeline. As the conversation grows, the "context window" (the AI's active working memory) becomes overloaded. The model suffers from "context rot" or "context distraction", it begins to forget instructions buried in the middle of the prompt, hallucinations increase, and your API costs skyrocket because you are paying to process thousands of irrelevant tokens on every single turn.

The New Way (Context Engineering Ecosystems)

In this new workflow, instead of a single prompt, we architect a dynamic ecosystem:

• Query Rewriting: A frustrated user types, "How do I make this work when it keeps failing?" Instead of feeding this vague complaint to your main AI, a background "Query Rewriter" agent intercepts it. It analyzes the session and rewrites the hidden search to: "API call failure, troubleshooting authentication headers, rate limiting". This ensures the database retrieves the exact technical manual needed.

• Active Memory Management: Instead of passing the entire chat history back to the model, an automated "Memory Manager" runs an ETL (Extract, Transform, Load) pipeline in the background. It extracts key facts (e.g., extracting the fact {"shoe_size": 10} from a long conversation), consolidates it by deleting the user's old size 9 preference to avoid conflicting data, and stores it in a Vector Database. On the next turn, the system only injects that single relevant fact into the prompt.

• Standardized Tools (MCP): Instead of writing custom integration code for every API your agent needs to touch, you use the Model Context Protocol (MCP). Dubbed the "USB-C for AI," MCP allows your agent to seamlessly connect to standardized servers. The agent uses a tool like process_refund(order_id) by outputting structured JSON, observing the result, and adjusting its plan without human intervention.

In summary…

Prompt engineering hasn't disappeared; it has just been absorbed into something much bigger.

We have transitioned from being "prompters" who talk to a model, to architects who build the world the model lives in. Whether you are vibe coding a new application into existence with natural language, or context engineering a sophisticated retrieval pipeline for an enterprise AI agent, the focus is no longer on hacking the AI with clever words. It is about orchestrating intent, memory, and data to create truly autonomous systems.

The End of Prompt Sorcery: Why We Are Engineering Systems, Not Sentences in 2026

 

Now this post might seem like a complete contradiction! Previously, I have been waxing lyrical on all sorts of prompting techniques from Zero-shot to One-shot, and the more involved Few-shot and Chain-of-thought prompts. Personally, I still think these are good frameworks for writing clear and unambiguous instructions, even outside in the real world.

However, if you are still obsessing over specific phrasing, "persona" hacks, or manually typing out examples to coax the perfect response out of an AI, you are playing a game that possibly started to decline during 2024. The era of treating Large Language Models (LLMs) like fragile genies, where one wrong word ruins the output is officially over.

The days of crafting meticulous zero-shot, few-shot, and Chain-of-Thought (CoT) prompts are rapidly fading. In their place is a new paradigm that shifts the focus from wordsmithing to system architecture. Here is a look at why traditional prompting is dying, what is replacing it, and the new concepts you need to survive in the 2026 AI landscape.

Why Traditional Prompting is Dead

1. The Death of Manual Chain-of-Thought (CoT)

In the past, adding "Let's think step by step" was a required magic phrase to unlock a model's reasoning capabilities. Today, this is obsolete. The rise of dedicated "reasoning models" like OpenAI's o-series (o1, o3) and DeepSeek-R1 means that advanced reasoning is now baked natively into the model's architecture via reinforcement learning. These models autonomously generate, critique, and revise their own internal chains of thought before outputting an answer. In fact, using manual CoT prompts on these models is no longer recommended and attempting to force them can even now violate some API usage policies.

2. Zero-Shot is Now Stronger Than Few-Shot

We used to rely on few-shot prompting to teach models complex logic. However, recent empirical studies on powerful models like the Qwen2.5+ series have revealed a surprising truth: Zero-shot is now frequently stronger than few-shot prompting. When advanced models are given an ideal, traditional CoT, they tend to allocate minimal attention to the examples and rely instead on their intrinsic reasoning abilities. In 2026, the primary function of few-shot examples is simply to align the output format (like enforcing JSON structures), not to teach the model how to think.

What is Replacing Prompt Engineering?

The discipline has not disappeared; it has matured into software engineering. Here is how the industry is shifting:

1. Automated Prompt Optimization (APO)

Why spend hours trying to guess the perfect words to tell an AI what to do when a computer can figure it out for you?

At the time of writing, these new concepts only seem to exist in scientific papers, so I think the jury is out on how widespread they exist in implementation, but they indicate a direction of travel at least.

Stanford University have developed a programming framework called DSPy (Declarative Self-improving Python) which completely changes how we talk to AI.

The process of typing out very long instructions involves a lot of "trial and error" to find what works best. With DSPy, you don't have to do that. Instead, it uses special built-in helpers called "teleprompters". Think of them as smart coaches automatically testing out different rules and examples to find the absolute best combination for the AI. Basically, it trains the AI to get the highest score possible on a task, all by itself.

Taking this a step further, frameworks like MemAPO (Memory-driven Automatic Prompt Optimization) allow models to self-evolve their prompts across tasks. MemAPO uses a "Dual-Memory Mechanism"—a Correct-Template Memory to store reusable reasoning strategies, and an Error-Pattern Memory to track and avoid past hallucinations and failures.

Imagine it as the AI having two notebooks:

The Winner's Playbook (Correct-Template Memory)

Whenever the AI successfully solves a problem, it writes down the exact steps and strategies it used. The next time it sees a similar problem, it doesn't have to guess what to do; it just pulls out its winning strategy and uses it again.

The Mistake Diary (Error-Pattern Memory)

Whenever the AI gets something wrong, it doesn't just forget about it. It figures out why it messed up and writes down a specific rule—like a warning label—so it never falls for the same trick or makes that specific mistake again.

Letting a human manually tweak a prompt in 2026 is like trying to manually tune a car engine with a screwdriver when you have an onboard computer that does it better.

2. Context Engineering (RAG)

I’ve heard numerous Youtubers recently claiming that "Context is the new Prompting". Instead of writing a 50-page prompt detailing every rule, success now depends on highly tuned Retrieval-Augmented Generation (RAG) pipelines. The modern approach involves feeding the model the exact, real-time data, files, and historical context it needs. You are no longer engineering the instruction; you are curating the environment. I’ll maybe dive into “RAG” for a future post and see what this entails for 2026 and beyond…

3. The "Agentic" Shift

We have moved from chatbots that generate text to autonomous agents that execute workflows. In this agentic era, you no longer write a 1,000-word instruction. You define a high-level goal, and the agentic system breaks it down, uses tools (like web search or code execution), and self-corrects. These solutions are built with GUI applications such as n8n.io

New Concepts You Need to Know

There’s a lot of technical geeky substance to drill into right there, possibly in some later posts. They are no doubt focused more on a programmer than a regular user like myself. So let’s lighten the mood and look into some new things to research in 2026, where you need to transition your skills:

1. Outcome Engineering and "Vibe Coding"

The need to micromanage an AI's specific words or syntax is fading, replaced by "Outcome Engineering". Instead of figuring out how to instruct the model to do a specific task, your focus shifts to defining the high-level goals and desired outcomes. This has popularized "vibe coding" or intent-based architecture, where you act as the director curating the vision and logical flow, while the AI agents autonomously handle the underlying syntax and execution.

2. Agentic AI and Swarm Intelligence

AI has evolved from simple conversational "copilots" into autonomous agents capable of planning, verifying, and executing multi-step workflows end-to-end. You will need to move beyond relying on a single, monolithic AI model and instead understand "Swarm Intelligence" or multi-agent orchestration. This involves coordinating specialized sub-agents—such as dedicating one agent to research, another to critique, and a third to execution—that work together to solve complex problems and reduce errors.

3. Context Management over Model Selection

For business and everyday use, the specific foundation model you choose is becoming the least important variable. What truly matters is the system you build around the model. You need to learn how to curate the AI's environment by plugging it into the right knowledge bases, real-time data, and internal documents. Feeding the AI the correct context is what prevents hallucinations and makes it a reliable tool.

4. Human-in-the-Loop Symbiosis

While AI agents are becoming more autonomous, total independence is rarely the goal. Agency is now understood as a "spectrum of delegated control" rather than a binary property. You must learn to design workflows that include explicit human oversight, keeping a "human-in-the-loop" at key risk points. AI should be viewed as a tool for symbiosis that augments your workflows rather than functioning as a complete substitute.

5. Setting Guardrails and Observability

Because AI agents can now take actions on their own, setting boundaries is critical. Businesses and individuals who succeed with AI will be those who know how to redesign processes to include strict guardrails, policy controls, and observability. You must learn how to define clear limits to prevent runaway costs, secure the system against misuse, and ensure the AI remains aligned with your overall objectives

Let’s look into these new concepts in some future posts and make them a little more tangible…

Summary

So it definitely feels like we are moving into a new era where you no longer need to feel the pressure of having to craft the "perfect" prompt to get good results from AI. Instead of treating AI like a fragile tool where one wrong word ruins the output, modern models have developed a much stronger ability to understand your natural, everyday language and infer your true intent. The focus is shifting away from "prompt engineering" toward simply telling the AI what your high-level goal is and allowing the system to autonomously figure out the best steps to get you there.

A major part of this positive shift comes from how modern applications are being designed to help you. Software is now abstracting complex prompts away entirely, baking them directly into intuitive buttons and menus. In applications like NotebookLM, you do not need to write a massive, meticulously formatted instruction manual to generate a study guide, a tailored report, or an audio podcast; the application's interface does that heavy lifting for you. The complex, hand-crafted prompts definitely feel like they are hidden in the background and completely invisible to the user, freeing you to focus purely on your ideas and the content itself.

Behind the scenes, new technologies like MemAPO (Memory-driven Automatic Prompt Optimization) make the experience even smoother for non-technical users by allowing the AI to learn and improve on its own. If an AI makes a mistake, MemAPO remembers the failure and automatically rewrites its own internal instructions so it avoids that specific error in the future. Quite how widespread this type of technology is, is well beyond me but there’s a whole lot of new technologies like this that are definitely lessening that requirement for prompt engineering.

But I would continue with the effort of writing and constructing prompts to avoid any ambiguity on what you are asking of it. It’s a discipline that is still very useful and relevant in all walks of life, from writing emails and business reports to any kind of document that will be read by another fellow human.

In future posts I will dive more into these core concepts such as Swarm Intelligence and Outcome Engineering...

Architecting Logic: The Chain-of-Thought Prompting Guide

Building on our exploration of Zero-Shot and Few-Shot techniques, Chain-of-Thought (CoT) prompting is the natural next step for tackling tasks that require deep logic. While standard few-shot prompting is excellent at teaching a model what format to output, it often fails at teaching the model how to process a complex problem.

Here is a detailed overview of Chain-of-Thought prompting, why it is critical, and how to implement it effectively.

What is Chain-of-Thought Prompting?

Chain-of-Thought prompting is a technique designed to improve the reasoning capabilities of Large Language Models (LLMs) by forcing them to generate intermediate reasoning steps before providing a final answer. Instead of treating the AI as a "black box" that spits out an immediate conclusion, CoT guides the model to mimic human problem-solving by "talking through" the problem step-by-step.

Why is it Important?

CoT is vital for several reasons:

• Overcoming Few-Shot Limitations: Standard few-shot prompting provides the final answer but skips the underlying logic, meaning the model fails to learn the process. CoT bridges this gap, allowing models to succeed on complex arithmetic, common-sense, and symbolic reasoning tasks.

• High Impact, Low Effort: It is a highly effective way to boost performance using off-the-shelf LLMs without the need for expensive fine-tuning.

• Interpretability: Because the model outputs its reasoning, you gain transparency into its "thought process." If the model hallucinates or makes a mistake, you can read the steps to identify exactly where the logic broke down.

• Robustness: CoT prompts tend to experience less performance drift when migrating between different LLM versions compared to standard prompts.

Solid Examples of CoT in Action

To understand CoT, let's look at a classic mathematical failure and how CoT fixes it.

Standard Prompt (The Failure):

Prompt : When I was 3 years old, my partner was 3 times my age. Now, I am 20 years old. How old is my partner?

Output: 63 years old.

(The model blindly multiplies without reasoning through the age gap).

1. Zero-Shot Chain-of-Thought

You can trigger CoT without providing any examples simply by appending a specific instruction, most commonly "Let's think step by step".

Prompt : When I was 3 years old, my partner was 3 times my age. Now, I am 20 years old. How old is my partner? Let's think step by step.

Output :

1. When I was 3 years old, my partner was 3 * 3 = 9 years old.

2. That is an age difference of 6 years.

3. Now I am 20 years old, so my partner is 20 + 6 = 26 years old.

4. The answer is 26.

2. Few-Shot Chain-of-Thought

For even better results, you can combine CoT with few-shot learning by providing examples where the reasoning process itself is mapped out in the demonstration.

Prompt :

Q: When my brother was 2 years old, I was double his age. Now I am 40 years old. How old is my brother? Let's think step by step.

A: When my brother was 2, I was 2 * 2 = 4. That's an age difference of 2 years. Now I am 40, so my brother is 40 - 2 = 38.

Q: When I was 3 years old, my partner was 3 times my age. Now, I am 20 years old. How old is my partner? Let's think step by step.

A: 10

Use Cases for Implementation

Generally, any task that a human would solve by "talking it through" is a great candidate for CoT.

Specific use cases include:

• Mathematical and Logical Reasoning: Solving complex word problems, physics questions, or symbolic logic puzzles where jumping straight to the answer causes hallucinations.

• Code Generation and Debugging: Breaking a software request down into functional steps before mapping those steps to specific lines of code.

• Synthetic Data Generation: Guiding a model to systematically think through the assumptions and target audience of a product before writing a description for it.

Are There Downsides to This Technique?

While powerful, CoT is not a silver bullet and comes with several notable downsides:

Increased Cost and Latency

Because the model must generate the intermediate reasoning text before delivering the final answer, it consumes significantly more output tokens. This means your predictions will cost more money and take longer to generate.

Strict Temperature Requirements

CoT relies on "greedy decoding"—predicting the most logically probable next word. To use CoT effectively, you must set the model's temperature to 0 (or very low), which limits its use in creative tasks.

Diminishing Returns on the Newest Models

Recent research indicates that highly advanced foundation models (like Qwen2.5 or DeepSeek-R1) have been exposed to so much CoT data during training that they have internalized these reasoning patterns. For these extremely strong models, adding traditional CoT exemplars often fails to improve reasoning ability beyond standard zero-shot prompting, as the models simply ignore the examples and rely on their internal knowledge.

API Policy Restrictions

For newer, dedicated "reasoning models" (like OpenAI's o-series), the models handle the chain of thought internally. Attempting to manually extract or force CoT reasoning through prompts is often unsupported and can even violate Acceptable Use Policies 14.

Chain-of-thought (CoT) prompting remains a cornerstone of LLM interaction, but its role has shifted from a "magic trick" that fixes everything to a specialized tool that must be used strategically.

Relevancy and usefulness of CoT today

In the current landscape of 2026, the relevance of CoT depends entirely on whether you are using a Reasoning Model (like OpenAI’s o1/o3 or Gemini Flash 2.5) or a Standard Model (like GPT-4o or Claude 3.5 Sonnet).

1. For Standard Models (GPT-4o, Claude 3.5, Gemini 1.5 Pro)

CoT is still highly useful but inconsistent. Recent studies show that "thinking step-by-step" provides a significant boost on complex logic, but can actually degrade performance on simple tasks.

• The "Thinking" Tax: Using CoT increases latency by 35% to 600% and scales token costs proportionally.

• Performance Gains: Models like Claude 3.5 Sonnet still see accuracy improvements of roughly 10–12% on complex reasoning tasks when prompted with CoT.

• The Inconsistency Risk: Paradoxically, Gemini 1.5 Pro and GPT-4o sometimes perform worse (-17% in some benchmarks) when forced to use CoT on "easy" questions they would have otherwise answered correctly via intuition.

2. For Reasoning Models (OpenAI o1/o3, Gemini 2.0/2.5)

CoT prompting is becoming redundant. These models have "Internal CoT" baked into their architecture—they reason before they speak by default.

• Diminishing Returns: Explicitly adding "think step by step" to a model that is already designed to think (like o3-mini) yields marginal gains (often <3%) while significantly increasing the time-to-first-token.

• Conflict of Logic: In some cases, forcing an external chain of thought can interfere with the model’s internal reinforcement-learned reasoning paths, leading to "overthinking" errors.

Comparison: When to Use CoT

Task Type	Utility	Recommended Approach
Simple Extraction/Q&A	❌ Harmful	Ask for a direct answer to save cost and avoid "hallucinated" logic.
Complex Math/Coding	✅ Critical	Use CoT or, better yet, use a dedicated Reasoning Model.
Creative Writing	⚠️ Mixed	CoT can make the output feel "formulaic" or robotic.
Policy/Compliance	✅ High	Use CoT for explainability—it’s useful for auditing why a model made a decision.

The Modern "Best Practice"

Instead of the generic "Let's think step by step," the current trend is Structured CoT. Rather than letting the model wander, you define the "steps" you want it to take:

1. Analyze the user's intent.

2. Identify relevant variables/constraints.

3. Draft a logical solution.

4. Verify the solution against the constraints.

Summary

CoT is not a universal "better" button anymore. It is a precision tool. If you are using the latest reasoning models, you can likely retire the "step-by-step" prompt entirely. If you are using standard models for complex logic, it remains your best defense against "hallucinated" shortcuts—just be prepared to pay for it in latency and tokens.