top | item 46447331

(no title)

manchicken | 2 months ago

You may be mistaken. There is a good (and growing) number of folks who have noticed that vibe-coding isn’t always the right fit. There have also been a number of instances where AI agents have destroyed production environments.

In your 4+ years of “experience,” have you acquired the experience necessary to protect anybody’s GitHub, slack, or any other enterprise systems from the numerous security concerns that you’re just hand-waiving away?

Not all “devs” use AI, and very few companies would trust a fully vibe-coded enterprise system plugin with no security team, no enterprise support, no GDPR documentation, and all fielded by a team with fewer than five years of experience.

That seems like the path to breaches, or to having an agent take destroy sensitive systems, or both.

discuss

akhnid|2 months ago

I haven't said that the app is fully vibe coded, i said we used AI. The app is not fully vibecoded but we have used AI assistance and i am aware of the security concerns that comes with github/ slack implementation. Its a question of how you use AI in your app the system is fully designed by us so we know how it exactly behaves and how the data and tokens are stored/ exchanged.

manchicken|2 months ago

You mention tokens, what else is in your threat model? Is your AI functionality a custom model?

I am concerned that you haven’t adequately explored and mitigated security and reliability risks involved here before asking folks to YOLO your app into their critical infrastructure.