Comment by OtherShrezzing
16 hours ago
>As an AI-native startup founder, your responsibility is to know what's in your codebase, understand any potential exposure vectors, and not ship obvious vulnerabilities to real users who are trusting you with their data.
This is fairly funny coming from the company whose employees report merging in hundreds of PRs per engineer per day, and accidentally leaked their own source code through a security misconfiguration in a package manager they own.
> your responsibility is to know what's in your codebase, understand any potential exposure vectors, and not ship obvious vulnerabilities to real users
It seems like CYA; with all the marketing about how LLMs will solve all problems it was really surprising to see that, but legal probably told them to go easy on it.
Hundreds of PR’s per engineer per day! They would have zero visibility of their code. Their AI’s would have no visibility of the million plus lines of code.
Sounds super stable and cool.
The best way to learn is from other people's mistakes.
Yeah this is a Mythos pitch.
100 PRs a day? I am sure this is hyperbole but otherwise you have a quote for me?
100 feels low given I just saw dependabot do 8 in one hour. No AI required!
It matters a lot what size the PRs are, and this varies wildly from place to place. I spoke to someone who instituted a “no PRs over 500 lines” rule. I would refuse to even read something that big unless it was just a find and replace or boilerplate.
Here's your quote:
"employees report merging in hundreds of PRs per engineer per day"