| > Vibe-coded software is simply not good. Let’s suppose that someone deploys an app and there’s a critical security vulnerability that allows a threat actor to, say, exfiltrate all their customer information. How would they know? And if they became aware of it (presumably because said threat actor exploited said vulnerability), how would they fix it? Is all non-vibe-coded software "good"? Are so-called real companies (with professional software development and IT staff) impervious to these threats? > Also, would the person who developed the app know that, under legislation like GDPR, they can be financially liable for data breaches? Because they would be! And the whole point of the financial penalty system (at least, with respect to GDPR) is to be dissuasive — to act as a deterrent to other people who would be cavalier with other people’s data. > I can very easily imagine a national data protection authority — like the UK’s ICO — giving someone a massive, massive fine in order to dissuade other people from deploying their own AI-generated, unvetted slop code. Thousands of companies have been hit with GDPR fines, including some of the biggest companies in the world. Why the apparent assumption that vibe-coders are any more cavalier about people's data than companies that in many cases exist solely to profit from it? I think you can make a legitimate argument that companies selling vibe coding dreams to laypeople are selling something generally unrealistic but the tone of this person's article seems like gatekeeper bait. It feels like he just doesn't like the idea that non-engineers might try to use tools (oversold or not) that allow them to do things he thinks non-engineers shouldn't do. It's very much a "keep out", "stay in your lane" vibe. |