←back to thread

We put a coding agent in a while loop

(github.com)
425 points sfarshid | 6 comments | 24 Aug 25 16:18 UTC | HN request time: 0.421s | source | bottom
Show context
ofjcihen ◴[25 Aug 25 03:09 UTC] No.45009836[source]
As a security professional who makes most of my money from helping companies recover from vibe coded tragedies this puts Looney Toons style dollar signs in my eyes.

Please continue.

replies(4): >>45009849 #>>45011422 #>>45011729 #>>45015658 #
1. torginus ◴[25 Aug 25 08:52 UTC] No.45011729[source]
Since the entire concept of Vibe Coding existed for a grand total of 5 months, how do companies reach the level of saturation with vibe coding, that it's not only prevalent, but makes sense to specialize in helping them recover from it?
replies(4): >>45011936 #>>45013475 #>>45013677 #>>45013889 #
2. ath3nd ◴[25 Aug 25 09:28 UTC] No.45011936[source]
AI slop don't sleep, AI slop don't stop. It's just garbage garbage garbage churned out constantly, everywhere, by everyone.

The profession of the future is a garbage man.

3. ofjcihen ◴[25 Aug 25 13:11 UTC] No.45013475[source]
My guess is tons of small/medium sized companies were enamored with the speed and ease of use that LLMs promised and very quickly found solutions that “just worked”.

Also we don’t really specialize in it since that’s not something you would really do. It’s just that the usual vulnerabilities are more common AND compounded.

4. thyristan ◴[25 Aug 25 13:33 UTC] No.45013677[source]
It only takes one tiny vibe-coded insecure extension to a pre-existing codebase (that might have been good secure code), to turn the whole thing into a catastrophe.

It's basically the same as in other parts of IT security: It only takes one lost root password, one exploited software/device/oversight, one slip, to let an attacker in (yes, defense-in-depth architecture might help, but nonetheless, every long exploit-chain starts with the first tiny crack in the armor).

5. hirako2000 ◴[25 Aug 25 13:55 UTC] No.45013889[source]
on the other juicing side, starting to see service companies like these popping up: https://perfect.codes/
replies(1): >>45017308 #
6. torginus ◴[25 Aug 25 18:36 UTC] No.45017308[source]
I shudder at the thought of some novice vibe coder giving me thousands of lines of AI-generated flaming poop, and insist that it's almost correct, I just need to fix it here and there.