No shit Sherlock, anyone who vibe codes is asking for more intricate vulnerabilities that aren't so easily caught by the naked eye nor unit tests made by a human. You're playing with a fire not capable of comprehension.
You *aren't* an algorithm, meaning you *can't* pick up everything an algorithm might slip in. If you do not intricately understand not just every line, but every fucking character of the code you check in, congrats, you just embedded security vulnerabilities in your code. And the 3rd party
I do, and I know that LLMs have a tendency to create new and potentially dangerous things that look innocuous to both humans and human made algorithms. There is always a chance that something approved by experienced humans and even the best code checking algorithms is going to be vulnerable or
Poisoned by the LLM. Not to mention LLMs have somewhat predictable outputs, (not predictable by humans, but other algorithms). Meaning that while this may be unproblematic for a time, these patterns may be caught on by nefarious parties and exploited, making every vibe coded shit program vulnerable.
Comments
I review every line of code I check in.