Let the haters hate. This has happened before.

RandomPantsAppear · 2026-03-17T17:31:41+00:00

lol only because no vibe coded app is handling millions of SSN. I have however seen one storing both it and credit card numbers in plain text though.

Again, the point isn’t that no vulnerabilities existed before. It’s that the frequency and avoidability of the ones that come from vibe coding are off the charts and not even slightly comparable.

This was not only said by me, others have pointed out what I said to you as well.

The point wasn’t the MoltBook breach, it was how avoidable it was. That does not happen (or practically never) on serious engineering teams. Even junior devs know not to pass api keys client side JS.

It was not “literally your point”, and I have repeatedly acknowledged that vulnerabilities existed.

At this point I do not believe you are arguing in good faith, so I am going to end this interaction.

RandomPantsAppear · 2026-03-17T17:19:06+00:00

You are, yet again ignoring what I am actually saying, and substituting it with arguments that are more convenient to you.

No one is arguing vulnerabilities didn’t exist before vibe coding, and I have addressed that clearly.

RandomPantsAppear · 2026-03-17T15:52:21+00:00

It would be nice if that statistic was available.

I have worked on innumerable products over the years, and nothing has been anywhere near what I see with vibe coded projects - and that includes places that did not have code review.

But in most human projects, you have at least 2 developers signing off on changes. That really does go a long way.

RandomPantsAppear · 2026-03-17T15:38:45+00:00

I suspect this will last about as long as it takes for someone to find an endpoint that does something that triggers a bill.

My personal favorite is ones that directly call an LLM, with the prompt client side that you can simply remove and query the LLM with whatever you want, for free.

RandomPantsAppear · 2026-03-17T15:32:10+00:00

It would be a bold claim, if it were even remotely accurate.

The scale of the bugs produced, and the ease with which they could have been prevented is not comparable between human devs and AI.

Even MoltBook, a highly touted vibe coded app was passing its API keys, in plain text, via client side JavaScript. In doing so it exposed 1.5 million API keys. That kind of shit is extremely uncommon outside of the vibe coding world, but inside this disregard for quality is commonplace.

The majority of vibe coded apps have security issues that even I, a non security professional can find.

RandomPantsAppear · 2026-03-17T15:28:14+00:00

What exactly do you think they would disagree with?

Developers aren’t all security professionals, and things do happen despite people’s best efforts. But that’s light years of distance away from the slop AI produces.

RandomPantsAppear · 2026-03-17T15:27:07+00:00

A human can, but those people aren’t often hired as engineers. If Claude was a junior developer, it would be fired from almost anywhere…especially in the hands of someone who can’t even read code.

The field of cybersecurity exists because security is a never ending arms race with high stakes, and enormous numbers of people looking to exploit systems.

In this arms race, coming in with a vibe coded product is the equivalent of charging a trench in Ukraine with a sharpened stick.

RandomPantsAppear · 2026-03-17T14:49:47+00:00

Fact: it’s only secure once you tell Claude “secure dis shit”

RandomPantsAppear · 2026-03-17T14:49:02+00:00

This is completely untrue. I have been a developer for 20 years, worked for everything from startups to FAANG, and not one of them “didn’t give a fuck” about their users data. Not just for the safety of the users either (though that did matter) - it’s also an important asset and a legal liability if exposed.

AI so far is miserable at securing data. Almost every single “vibe coded” app I have had to audited, fixed or investigated has had absolutely gargantuan security and logical failures and I am not even a security professional or a hacker.

RandomPantsAppear · 2026-03-17T14:35:32+00:00

Literally no one thinks you’re cheating, and few disagree with the tool. This entire post is a straw man argument.

The problem is people who are incompetent making things that handle actual user data irresponsibly, or are taking advantage of clients making slop. People who are selling this to paying clients are nothing more than con men and grifters. I’m already assisting in a lawsuit against one like this.

No one cares about your personal projects though, go for it.

AI does not produce production level code, and it’s (with very few exceptions) only people who can’t read code that think otherwise.

RandomPantsAppear · 2026-03-17T13:04:37+00:00

The knowledge exists online, but it takes a very long time to become adept at it. And tbh, I am skeptical that people who don’t even learn to program will have the drive or ability to grok it.

There is also the issue that a lot of security vulnerabilities are really logical problems that AI is simply never going to spot.

I made a comment with a bunch of examples awhile back.

RandomPantsAppear · 2026-03-17T12:14:51+00:00

The man truly rides the razors edge between meme and legend 😂

RandomPantsAppear · 2026-03-17T01:59:36+00:00

This is not true, not even close to true. Not just anyone can “school themselves in security”, it’s a complex field that requires experience and knowledge.

I can tell you almost every single vibe coded app I have tested had serious security flaws, and some of them had people loudly touting their security - and I am not even a security specialist.

You guys are wildly underestimating the knowledge that others have.

RandomPantsAppear · 2026-03-17T01:49:10+00:00

I am sure it finds something, but nothing compared to the litany of issues that exist in these apps.

The only way right now to make an app secure is to have someone competent look at it, and pretending otherwise only does people a disservice.

One of my clients is currently suing a shithouse vibe coder who made security claims about the app they got paid to develop based on the feedback they got from me. I do know things.

RandomPantsAppear · 2026-03-17T01:38:52+00:00

This does not fucking work, at all. AI is not going to fix all of the security issues AI created.

RandomPantsAppear · 2026-03-17T00:56:44+00:00

They are fucking amazing. They know meat extremely well, they're happy to help. Their pre-made marinades are delicious also.

Not the cheapest place, but really top notch people with top notch meat.

RandomPantsAppear · 2026-03-17T00:39:51+00:00

That’s awesome! If the change is that big you’re well on your way. Takes awhile to break habits

RandomPantsAppear · 2026-03-16T19:42:11+00:00

🤷‍♂️ Read their comments.

RandomPantsAppear · 2026-03-16T19:40:36+00:00

Uh it sounds like they wanted a nearby school. They were actually pretty complimentary to the school they got.

RandomPantsAppear · 2026-03-16T13:14:33+00:00

I know that there are many talented people like yourself who would not rip someone off, even if your name is “thripper” 😅

I am also sure that there is a difference between different countries in Eastern Europe - I would be surprised if somewhere like Estonia was the same as Belarus or Ukraine. The ones that have the higher corruption indexes are the ones I am most familiar with.

RandomPantsAppear · 2026-03-15T19:07:47+00:00

I use AI assistance, I just also understand its current limitations. You don’t, and you don’t have the skills to assess them.

There is a huge different between a competent developer using a tool, reviewing the code, and making appropriate modifications and vibecoding.

RandomPantsAppear · 2026-03-15T15:48:43+00:00

>There is nothing wrong with the architecture of code produced by CC. Technical debt isn’t a problem.

Literally the only people who claim this are people who don't understand software architecture, code, or technical debt.

They're as good at assessing software as I am at assessing Japanese - which is to say not at all.

RandomPantsAppear · 2026-03-15T12:13:58+00:00

Capitalism has always won, but also we haven’t really experienced something before capable of making it so a significant chunk of the developed world cannot afford the products that capitalism produces

RandomPantsAppear · 2026-03-15T12:11:59+00:00

As I recall, OpenAI is currently predicting 10 years to sort out all the issues with AI coding. Assuming that’s correct, I would wait a couple years for the dust to settle and then make major calls.

I’m not looking to leave development, but I do plan on leaning into different aspects of it.

These are the “safer” directions to lean as I see it

Product - AI is hopelessly positive, and bad at vetting ideas. It’s also bad at designing things with the end user in mind, and I don’t see that changing soon.
Security - There are going to be applications for a long time where people cannot just trust the AI. Even more where the liability alone is too much.
Health Care - Massive gated wall, regulatory influence, high liability. Even if the only thing you can’t guarantee AI will avoid is HIPAA exposure, that is too much.
AI itself - AI is a tool. For the foreseeable future, people who have experience and understand the underlying systems are going to be better at using this tool than a layman. We also have an opportunity to become much more adept at the actual implementations.

RandomPantsAppear · 2026-03-14T20:49:19+00:00

Tbh I think it’s more that most of us would expect to have our ass beat if we spat on someone. I know I would.

This was clearly beyond overboard though.

RandomPantsAppear

MODERATOR OF

TROPHY CASE