[OtherShrezzing]

>As an AI-native startup founder, your responsibility is to know what's in your codebase, understand any potential exposure vectors, and not ship obvious vulnerabilities to real users who are trusting you with their data.

This is fairly funny coming from the company whose employees report merging in hundreds of PRs per engineer per day, and accidentally leaked their own source code through a security misconfiguration in a package manager they own.

[supriyo-biswas]

> your responsibility is to know what's in your codebase, understand any potential exposure vectors, and not ship obvious vulnerabilities to real users

It seems like CYA; with all the marketing about how LLMs will solve all problems it was really surprising to see that, but legal probably told them to go easy on it.

[etoxin]

Hundreds of PR’s per engineer per day! They would have zero visibility of their code. Their AI’s would have no visibility of the million plus lines of code.

Sounds super stable and cool.

[geraneum]

Yeah this is a Mythos pitch.

[vovavili]

The best way to learn is from other people's mistakes.

[koe123]

100 PRs a day? I am sure this is hyperbole but otherwise you have a quote for me?

[owebmaster]

Here's your quote:

"employees report merging in hundreds of PRs per engineer per day"

[zingar]

100 feels low given I just saw dependabot do 8 in one hour. No AI required!

It matters a lot what size the PRs are, and this varies wildly from place to place. I spoke to someone who instituted a “no PRs over 500 lines” rule. I would refuse to even read something that big unless it was just a find and replace or boilerplate.

[koe123]

Who reviews these 100s of PRs tho? 100 PRs in an 8 hour workday = 1 PR every 4.8 minutes.

If I saw this happening in my org it would be a huge red flag, am I old?

[zingar]

It would matter a lot if there were 5 people reading/writing code or 100.