2
PSA: People are trusting AI to write code without checking the security holes
I keep seeing devs on my team just copy-paste code from a model without a review, and we found a major data leak last week because of it. The AI suggested a database query that left a port wide open. Has anyone set up a good review step that actually works?
3 comments
Log in to join the discussion
Log In3 Comments
samjohnson21d ago
Honestly, I get the worry but this feels overblown. Tbh, a dev should know better than to blindly paste any code, AI or not. The real issue is skipping basic review, not the tool itself. I've used AI to draft simple stuff like form validators and it's fine after a quick look. Blaming the AI for a human not doing their job is just shifting the blame.
7
Man, that reminds me of a time our whole staging environment went down. Someone used an AI script that had a hardcoded delete command for a test table, but it targeted production instead.
6
the_joel22d ago
Wait they just ran an AI script straight on production? No testing at all? That's asking for trouble. Hard to believe someone would trust code they didn't write without checking it first. A delete command with no safety net is crazy. Stuff like that is why people are scared of these tools.
3