Software 3.0
Andrej Karpathy's term for software in which the runtime is a Large Language Model) and the program is a prompt (in natural language, structured prose, or markdown). The model interprets the prompt against the current input and emits behavior, optionally calling tools to interact with the world.
Canonical version: Software 3.0.
Andrej Karpathy's term for software in which the runtime is a Large Language Model and the program is a prompt (in natural language, structured prose, or markdown). The model interprets the prompt against the current input and emits behavior, optionally calling tools to interact with the world.
Software 3.0 inverts the previous paradigms. In Software 1.0 a programmer writes instructions for a CPU. In Software 2.0 a training process produces weights for an inference engine. In Software 3.0 a user or developer writes English for an LLM, and the LLM is the universal interpreter.
Defining Properties
- The prompt is the source of truth for behavior, not the surrounding code.
- The runtime is opaque, large, and shared across many programs.
- Updates ship by editing the prompt, not by recompiling.
- The same prompt produces non-deterministic outputs; reliability becomes a statistical concern.
Examples
- A markdown file that installs software when handed to an LLM (Markdown-based Installation (MD Scripts)).
- A pure-LLM application with no business logic layer (Menugen Architecture Pattern).
- An LLM-maintained knowledge base that ingests, summarizes, and queries arbitrary sources (LLM Knowledge Bases Over Unstructured Data, LLM Wiki).
- An agent skill that the agent can discover, load, and execute.
Strengths
- Handles tasks that resist explicit specification.
- Authored in natural language; non-engineers can write usable Software 3.0.
- Composes naturally with Software 1.0 and Software 2.0 as tools.
- Capability improves automatically with each model release.
Weaknesses
- Non-deterministic; same input produces different outputs.
- Capability is jagged; see AI Verifiability as a Capability Ceiling.
- Costs are usage-based, not amortized over compile-once.
- Security boundary is the prompt; prompt injection is the new SQL injection.
Position in the Stack
Software 3.0 sits at the top of the modern AI stack, calling 2.0 models as tools and 1.0 code as actuators. The Agent-Native Product Decomposition argues that future products are deliberate mixes of all three layers, with the boundary drawn per task.
Related
- Software 1.0
- Software 2.0
- Andrej Karpathy
- Large Language Models (LLMs)
- Agent-Native Product Decomposition
- Agentic Engineering
- Agent Development Lifecycle (ADLC)
- Menugen Architecture Pattern
- Markdown-based Installation (MD Scripts)
- LLM Knowledge Bases Over Unstructured Data
- Prompt-driven development (PDD)
- Vibe Coding
About Sébastien
I'm Sébastien Dubois, and I'm on a mission to help knowledge workers escape information overload. After 20+ years in IT and seeing too many brilliant minds drowning in digital chaos, I've decided to help people build systems that actually work. Through the Knowii Community, my courses, products & services and my Website/Newsletter, I share practical and battle-tested systems.
I write about Knowledge Work, Personal Knowledge Management, Note-taking, Lifelong Learning, Personal Organization, Productivity, and more. I also craft lovely digital products and tools.
If you want to follow my work, then become a member and join our community.
Ready to get to the next level?
If you're tired of information overwhelm and ready to build a reliable knowledge system:
- 📚 KM for Beginners — 10+ hours of structured video lessons
- 🚀 Obsidian Starter Kit — Ready-made vault with 40+ templates
- 💼 Knowledge Worker Kit — Complete guides + lifetime community
- 🦉 1-on-1 Coaching — Personalized guidance
- 🎯 Join Knowii — Community + ALL courses & tools
Found this valuable? Share it with someone who needs it.