AI-generated code is shipping to production without security review. The tools that generate the code don’t audit it. The developers using the tools often lack the security knowledge to catch what the models miss. This is a growing blind spot in the software supply chain.
How do you write this whole article and come to the conclusion you can merge unread diffs?
There’s LLM apologists who actually believe that by reading code you’re becoming a liability because you get in the way of “shipping faster.” And there’s a whole class of C levels and their sycophants who just eat that up.
I hate to say it, but there’s a lot of “vibe coders” that use AI to write their code, then they (or someone else) use AI to review it. No human brains involved.
No shit. Why would they even say that?
Likely vibe-written and not audited