July 17, 2026
What My Own Codex Usage Data Says About the Company I’m Building
I pulled my usage stats instead of estimating them. The most-used plugin in my own workflow turned out to be the entire thesis of my…
By Ankit Das
3 min read
I pulled my usage stats instead of estimating them. The most-used plugin in my own workflow turned out to be the entire thesis of my startup.
Looking at the data instead of the story I'd tell
Founders tell a version of their building process in interviews and posts that's usually a little cleaner than reality — more intentional, more strategic, more "here's exactly why I did that." I wanted to check mine against something that couldn't be smoothed over after the fact: my own Codex account's actual usage data.
I'm building two products right now: LyraShield AI, still under development, and Lyrafin AI, which is in beta and live at lyrafinai.com. The numbers below cover that work.
The headline numbers are a lot, once you see them lined up: 6.8 billion lifetime tokens processed, 2,728 total chats, 1,513 skills used across 171 explored, an 18-day longest streak of daily use, and one single chat session that ran 13 hours and 4 minutes. I don't remember which session that was, specifically — which is its own small data point about how much of this work happens in a kind of flow state where you stop tracking time.
None of that surprised me much. What did was the plugin breakdown.
The plugin I didn't expect to be first
My single most-used Codex plugin, by a wide margin, is a security-review tool — 232 runs. Not a scaffolding generator or a UI component library — nothing to do with shipping features faster. Its entire job is to slow me down and make me look harder at code before I trust it.
Second and third on the list tell the same story: a change-verification plugin at 93 runs, and a code-review checklist at 89. Between the three of them, that's over 400 invocations of "check this before it goes anywhere" tooling — more than any feature-building plugin in my stack.
I didn't design my workflow to look like this on purpose. I never sat down and decided, "I should use security-review tooling more than anything else." It's just what happened, over months of actually building something. And the reason it happened is the most useful part of the whole exercise: I'm building a product whose entire premise is that AI writes code fast and most review processes haven't kept pace with that speed. Living inside that gap every day, on my own commits, apparently reshapes what tools you reach for — without you consciously choosing it.
What this says about the actual problem
There's a version of this post that just says "look how much I use AI, impressive numbers, moving on." That's not really the point. The point is narrower, and I think more useful: once you're deep enough into AI-assisted development to be producing real, shipping code at volume, the review step stops being optional. It becomes the thing your workflow organizes itself around, whether you intend it to or not.
That maps directly onto research I've cited in earlier posts here: developers using AI coding assistants write less secure code on average, and are simultaneously more confident that code is secure, than developers who don't use AI assistants at all. The confidence goes up. The care, left unchecked, goes down. My own plugin usage looks like an attempt, mostly unconscious, to fight that exact tendency in myself — reaching for verification and review tools more than anything else, specifically because I know what happens if I don't.
Most people building with AI coding tools right now aren't building a security company, so they don't have the same forcing function pushing them toward review-heavy tooling. That's not a criticism. It's an observation about incentives: if your product is a to-do app, nothing nudges your plugin usage toward "verify this more carefully." If your product is a security scanner, something absolutely does — and it shows up in data as mundane as a usage-stats page.
Why I'm sharing this before anything else
I'm about to properly announce the waitlist for LyraShield, and I wanted to post this first rather than lead with the pitch. Not because the usage stats are a marketing flex — 6.8 billion tokens doesn't make software good, and raw volume isn't a credential — but because the pattern underneath the numbers is a more honest answer to "why are you building this" than anything I could write as a mission statement.
I didn't set out to build a security-review habit into my own process. It showed up because the gap between "AI ships code fast" and "someone actually checked it" is real, and I'd been sitting inside that gap for months, on my own commits, before I ever tried building a product to close it for anyone else. The plugin usage data is just the paper trail of that gap mattering to me, long before there was anything to launch.
The waitlist itself is already live, quietly. This was the part I wanted to say before the proper announcement.