Comment by flumpcakes
8 hours ago
There's a lot of people writing bad code. With AI being forced top down (with the promise of turning people into 10x-ers), we're going to get a lot of people writing bad code 10x faster.
I really do worry - I especially worry about security. You thought supply chain security management was an impossible task with NPM? Let me introduce to AI - you can look forward to the days of AI poisoning where AIs will infiltrate, exfiltrate, or just destroy and there's no way of stopping it because you cannot examine the internals of the system.
AI has turbo charged people's lax attitude to security.
God help us.
Not security, but I ran into a related supply-chain issue recently. I needed a library to perform a moderately complex task, and found one in the ecosystem I was working with that had been around for a while, appeared reputable, and passed my cursory inspection. So I dropped it in, got the feature implemented, and moved on.
Some time down the line, I discover CPU being maxed out, which is showing up in degraded performance in other parts of the system. I investigate, and I trace the issue to a boneheaded busy loop in this library that no human with the domain expertise to implement the library would have written. Turns out I'd missed one deeply-buried mention in the README that maintenance was being done via AI now, and basically the whole library had been rewritten from the ground up from the reliable tool it used to be to a vibecoded imitation.
Yeah, yeah, sure, bad libraries existed before all this. But there used to be signals you picked up on to filter the gold from the dreck. Those signals don't work anymore.