[JohnMakin]

This is pretty reductive of the actual problem people typically complain about with vibe coding - It produces very workable prototypes fairly quickly and without a lot of hassle. Great! The problem is, and this is a great example (of many) where someone mistook the working prototype with a system that was ready for production. The JWT thing in particular is not really a mistake many people who work on that kind of thing would make.

People need more understanding of the risks of vibe coding and YOLOing to prod with these tools. They are powerful, but like all powerful tools, can be wielded irresponsibly.

[serf]

it's just incompleteness -- a human issue.

most in-use LLMs prompted with a simple "You're in charge of infrastructure security, let's review possible problem points" would have uncovered this.

I wouldn't fault a compiler for erring when someone left out a period; i'd tell the person to start including it -- but for some reason the expectation for LLMs is hands-off work ; I guess we're just in that phase of the hype at the moment.

[bccdee]

> I wouldn't fault a compiler for erring when someone left out a period

I'd fault it if it silently injected multiple serious vulnerabilities.

[akdor1154]

> for some reason the expectation for LLMs is hands-off work

The expectation is the same as the expectation for self driving: users expect it to be fully hands off, even when they are explicitly told they need to keep their hands on the wheel.

This is because it's tricky, tedious, and unejoyable to thouroughly vet the actions of a machine in realtime.

[floydnoel]

very interesting- i actually enjoy monitoring claude code and telling it when it is going the wrong way on something. i also don’t mind monitoring the car doing its lane keeping, perhaps it is an autism trait?

[bombcar]

Sorry to be the one to tell you, but you might be a born manager ;)