Comment by Ucalegon
4 hours ago
>Every executive/leader I've shown Claude Cowork to has gone from 'what is AI' to 'vibecoding whole apps' in weeks.
Do you, and those executives, own the risks associated with that practice? Are those risks actually indemnified?
Its neat that 'anyone can do anything' but if they don't actually know what the risk to business or 3rd parties, why is this a good thing, especially in the enterprise where there are actors who are explicitly looking for this type of environment to exploit?
These are largely friends and peers, so they ultimately own their own risks. But I'm not saying it is good or bad. I'm just telling you what is happening in the real world. Every senior person I know, whether a high tech exec or a solo coffee bean importer, is vibing to some degree. Some will be more successful than others.
I've been working in tech since the late 90s. This is the biggest and most sudden change in company behavior I've ever seen. The only thing that comes close was the web 1.0 world in the 90s where everything suddenly became websites.
That creates tons of risks and opportunities. Good and bad. Maybe a great time to start a security company. But maybe a terrible time to be a small time web app developer when your clients can get 'good enough' in minutes for dollars on their own.
saying "every X i know" in all your comments is a bit ridiculous. None of them have anything different to say.
You comments read like reddit clickbait.
>But I'm not saying it is good or bad.
Wait, you exposed people to a technology, taught them how to use it, then you are not going to own the implications of that action without teaching them about the risks or telling them how they need to ensure they don't shoot themselves in the face or violate their duty of care?
Do you understand what you are saying and the implications of that in the real world relative to the insurance contracts that they have?
Your company is associated with HIPAA, you should have a much higher standard than this.
Play the ball, not the man, dude. Hectoring people on the Internet because you're stressed out about something isn't going to magically fix how you feel. Digging into their profile to make it personal is three steps too far.
13 replies →
You are assuming like 12 things that aren't true in this response.
1 reply →
What kind of risk do you see?
Depends on what types of apps are being built, what data they touch, and what those apps are exposed to from a network perspective. Ie; all of the fundamentals of information/network security. Generally speaking, most executives do not have an information/network security background but do have privileged access to extremely valuable information, even if an attacker just has access to their email.
> most executives do not have an information/network security background but do have privileged access to extremely valuable information, even if an attacker just has access to their email.
In a properly structured organization, of which there are many and who are required by regulations and/or best practices, senior executives tend to have need/role-based access to information, just like everyone else in the organization. So they may have access to strategic business information, but not patient records or payroll. They may have access to planning data, but not the financial records of individual or clients. Etc. etc.
Smaller or newer orgs may not have this compartmentalization, but in general I think the principle holds true for orgs over a certain number of folks in size.
1 reply →
What risks? You don't even known what they are building and you start the FUD train.
I found the Microsoft guy!
What does this even mean?
Just going on and on about compliance when you have no idea about the details. It’s a classic example of how IT fails most large orgs.
2 replies →