[lnenad]

> Welcome to the world vibe coding created.

Hard disagree. Vibe coding isn't responsible for people not doing the slightest due diligence when running this (pardon my French) shit. You can vibe code stuff and keep it at a much higher quality. And you can check who did the vibecoding and how they approached it, so the burden also falls on the person running the stuff to understand what they're running. This isn't an enterprise level application that has a full team behind it that had an issue. This is a pandora's box vibecoded overnight for fun, full of stuff we don't even know about, that was opened the moment you touched it with a stick.

[DrewADesign]

In my experience, most garden variety security problems stem from a) the developer not understanding the implications of something (maybe because they’re new, or operating outside of their usual domain,) or b) the developer not paying close enough attention to realize they did something they know is stupid. We’re only human.

Vibe coding obviously doesn’t make something insecure, per se, but saying it doesn’t reduce the attention paid to any given line of code, or encourage less knowledgeable people to write code, seems pretty dubious to me.

The Claude Code team is clearly competent and professional, yet they accidentally published the proprietary source code for one of the world’s hottest products. That’s like a Bank manager walking away with the keys in the door and alarm disarmed. When’s the last time you heard of a human team of developers doing that?

Again, I’m not saying that vibe coding necessarily creates unsafe code, but I don’t see how anyone could say vibe coding was devoid of security implications. I think this is an organizational/logistical problem that we’ll figure out at some point, but in think it’s going to be more of a C buffer overflow ‘figured out’ that never really goes away.

[lnenad]

Very reasonable take, I agree 100%. But I don't you're putting any responsibility with users of the such very vibe coded apps. OpenClaw was primarily marketed towards devs and people in touch with IT. They should know better.

[DrewADesign]

Sure. I reckon blaming the system for the intentional actions of a few is a great way to avoid individual accountability. Conversely, blaming many individuals for fundamental systemic or leadership problems is a great way to avoid accountability for leaders and systemic beneficiaries. It’s not rational to exclude either.

I’m also not sure that the distinction of dev makes much of a difference in this space because chatbot marketing works pretty damn hard to imply everybody is a prompt away from being a developer. How are those people going to know that they aren’t even qualified to make any given technical decision, let alone evaluate the output of a confident chatbot that’s magically writing programs for them?

[throwatdem12311]

Vibe coding means you don’t (or can’t) read the code. It does not mean anything an agent writes is vibe coded.. If you’re reviewing the code after the agent writes it, you aren’t vibe coding.

Steinberger has said he doesn’t look at (most) the code.

[whoamii]

“It’s not the cars! It’s not the guns! It’s not social media! It’s not vibe coding!”

Right. It’s always the people. They just tend to bodge things. All the time. So when there’s new foot guns, the inevitable will happen.