At Atomic, we offer a “Technical Due Diligence” service, often used by venture capital (VC) firms looking to fund startups. These engagements often include one or two developers who rapidly review a codebase and assess the overall health of a product or service. With tight deadlines—since funding decisions are often time-sensitive—we rely on our deep software development experience to quickly identify strengths, weaknesses, and potential risks. More recently, AI tooling has become an indispensable part of our workflow during these engagements.
Preparation and Kickoff
The process typically begins with a call from the interested VC, where we receive an overview of the business requirements and expectations. This is usually followed by a meeting with senior engineering leaders to gain a deeper understanding of the technical ecosystem. Whenever possible, it’s best to secure access to relevant repositories and documentation ahead of time. Early access allows for initial investigation and helps us prepare more targeted questions for the team.
Using AI to Accelerate and Enhance the Process
AI tooling has become an indispensable part of our workflow, helping us move faster and more effectively:
- Call Recording and Summarization: Recording kickoff and technical deep-dive calls, then using AI tools to summarize them, allows us to stay fully engaged in the conversation while ensuring we capture all critical details for later reference.
- Codebase Orientation: Large, unfamiliar codebases—especially those built with microservices—can be daunting. Leveraging AI (such as ChatGPT or code analysis tools) helps us quickly map out the architecture, prioritize which repositories or services to review first, and identify key areas of concern.
- Contextualizing with Documentation: Feeding client documentation and internal checklists (like Mike Marsiglia’s Application Audit Checklist) into AI tools helps tailor the analysis to the client’s context and our own standards. This also enables the AI to “think” more like an Atomic developer, surfacing issues that align with our values and best practices.
- Documentation Discrepancies: AI can help cross-reference code and documentation, flagging areas where the implementation diverges from what’s described. This is especially useful for identifying outdated or incomplete documentation.
Advanced AI Prompting Techniques
To get the most out of AI tools during technical due diligence, it’s not enough to ask generic questions. I’ve found that providing rich context—such as internal checklists, client documentation, and example reports—enables the AI to deliver much more relevant and actionable insights. For example, by sharing our own audit checklist and past deliverables, I can “prime” the AI to think like an Atomic developer, surfacing issues that matter most to our clients.
Example Prompts:
- Given this architecture diagram and documentation, what are the likely data flow bottlenecks?
- Compare this security policy to industry best practices. What’s missing?
- Rewrite this section to be objective and non-judgmental.
- Summarize the key strengths and opportunities for improvement in this codebase.
Modular, Section-by-Section Drafting
Rather than tackling the entire report at once, I break it down into logical sections (e.g., Authentication, Infrastructure, Testing, Security). I use AI to help draft and refine each section independently, which keeps the process manageable and allows for deeper focus on each area. This modular approach also makes it easy to update or expand sections as new findings emerge.
Synthesis and Benchmarking
AI tools are invaluable for synthesizing large volumes of information—like call notes, code comments, and policy documents—into concise, actionable summaries. I also prompt the AI to compare the client’s practices to both industry standards and our internal benchmarks, which helps highlight not just what’s present, but what’s missing or could be improved.
Maintaining Objectivity and Professionalism
When reporting on risks or “red flags,” I use AI to help ensure the language is objective and constructive, rather than alarmist. For example, I’ll prompt the AI to “rewrite this to be objective and non-judgmental,” which helps maintain a professional, solutions-oriented tone in the final report.
Efficient Note-Taking and Report Drafting
Given the time constraints, our primary goal is to capture all genuine observations and insights in a shared document. Organizing notes by section allows for a structured yet flexible approach—enabling us to jot down findings as we go, even if the notes are initially rough. Once all thoughts are collected, we use AI tools to help draft and refine the final report. We’re not hired for our prose, so we don’t need to write every sentence from scratch. Instead, we leverage past report examples and AI-powered writing assistants to ensure the final product is clear, professional, and consistent with Atomic’s brand and tone.
Pro Tips for Leveraging AI in Due Diligence
- Prime your AI with internal and client documentation for more relevant analysis.
- Use modular drafting to keep the process manageable.
- Ask for comparisons to best practices, not just summaries.
- Use AI to maintain a professional, objective tone in your reports.
- Provide example prompts to guide your own or your team’s use of AI.
Technical Expertise Plus the Power of AI
AI tooling doesn’t replace the need for experienced human judgment, but it dramatically accelerates the due diligence process and helps ensure nothing critical is overlooked. By combining our technical expertise with the power of AI, we deliver thorough, actionable insights to our clients on time and with confidence.