This one is pretty juicy
> "Coding agents cannot be trusted to design secure applications," Tenzai concluded. "They seem to be very prone to business logic vulnerabilities. While human developers bring intuitive understanding that helps them grasp how workflows should operate, agents lack this 'common sense.'"
> Databricks' AI Red Team found that self-reflection prompts can improve security by 60-80% for Claude and up to 50% for GPT-4o. The tools can find their own vulnerabilities when asked.
> But that is precisely the problem vibe coding was supposed to solve. The entire premise is that developers - or non-developers - can describe what they want and get working software. Requiring them to also know which security prompts to add defeats the purpose.
Awesome Agents
Vibe Coding Is a Security Catastrophe: 69 Vulnerabilities Found Across 5 Major AI Coding Tools
A systematic security audit of Claude Code, Codex, Cursor, Replit, and Devin found 69 vulnerabilities in 15 test applications - zero CSRF protectio...
I'm going to keep quoting until morale improves.
...and please don't get me wrong, I think the tech we are in front of is very powerful, and I'm not against it, nor am I a doomer, but we cannot just forget about privacy, security, and everything in between just because of the hype
View quoted note →
View quoted note →
