I vibecoded an app for my business and didn’t need any engineers and it is currently in use for our customers.
I think this is great for everyone to be a developer, the gatekeeping has now been removed and we will see a creative explosion of apps that everyone can build.
The security and maintenance aspect of apps is just a claude skill away to be a solved problem.
> "The security and maintenance aspect of apps is just a claude skill away to be a solved problem."
To think that someone on Hacker News actually wrote this seriously in 2026, after a couple of decades of CVEs, security breaches, and data thefts being in the news every single week and after 50+ years of the industry experiencing how arduous software maintenance is. I doubt even Anthropic or OpenAI would be brave enough to say that.
> I think you overestimate the ability of AI to write perfectly secure apps. Humans can't do it, and AI is trained on their work.
Ironically, AI tend to be better at securing code, because unlike the squishy human, it is much more cable of creating tons of tests and figuring out weaknesses.
Let alone the issue when lots of meatbags with different skill levels are working on the same codebases.
I have barely seen any codebase that has been in production for a long time, that did not have glaring issues.
But if you tried to do a code audit, your spending somebody their time (assuming this is a pro), for a long time. Where as a AI with the correct hints on what too look for, can do insane levels of work, testing, etc...
Ironically, when you try to secure test a codebase, and you use multiple different LLMs, you get a very interesting list of issues they can find. Many that are probably in tons of production level software.
But its up to you, as the instructor of that LLM codebase, to actually tell it to do regular security audits of the codebase.
> Ironically, AI tend to be better at securing code, because unlike the squishy human, it is much more cable of creating tons of tests and figuring out weaknesses.
Sentences like this make me think AI is honestly the best thing that happened for my imposter syndrome. AI is great for simulating test case, and that's it. If you leave it, it write the most basic, useless tests (i mean, half of them might be usefull when you refactor, but that's about it). It can't design reusable test components and have trouble with test double, which i would think is the easiest test case for AI. Even average devs like me write test double faster than AI, and i'm shit at writing tests.
AI is also extremely bad at understanding versionning, and will use a deprecated API for no reason except increasing the surface of attack.
AI is great for writing CLI scripts, boilerplate and autocomplete. I use it for frontend because i'm shit at it (even though i have to clean its shit up behind), and to rewrite small functionalities of some libraries i want to avoid loading (which allowed us to remove legacy dependencies). It's good at writing prototypes (my main use nowadays), and a very good way to use it is to ask it a plan to improve/factorize your code (it's _very_ bad at factorizing, but as it recognize patterns, it is able to suggest interesting refactors. Half the time it's wrong, so use the "plan" mode)
I'm on a network security and cybersecurity tooling team, i guarantee you AI is shit at securing the code (and at understanding network).
Frankly, i feel like the people downvoting my comment, are still using older LLMs. When Opus 4.5 entered the picture, there was a noticeable improvement in the way the LLM (for me), interacted with the code base, and the issues that it was able to find.
I ran Opus on some public source code, and lets just say that the picture was less rosy for the whole "human as security".
I understand people have a aversion to LLMs but it irked me the wrong way to see the amount of downvotes on here, because people disagree with a opinion. Its starting the become like reddit. As i stated before, its still your tasks as the person working with the LLM to guide it on security practices. But as somebody now 30 years in the industry, the amount of absolute crap i have seen produced as code (and security issues), makes LLMs frankly security wizards.
Stupid example: I have yet to see LLMs not use placeholders to prevent SQL injection (despite it being trained on a lot of bad code).
The amount of code i have seen, where humans just injected variables directly into the SQL... Yea, what a surprise that SQL database content get stolen like its nothing. When doing a security audit on some public code, one of the items always found by the LLMs, yep ... SQL injectable code everywhere.
A lot of practices are easy, but anybody can overlook something in their own code base. This is where LLMs are so great. You audit with multiple LLMs and you will find points that are weak or where you forgot something, even if you code security wse.
So yea, i have no issue doing discussions but the ridiculous downvotes on what seems to come from people with no clue, is amazing. Going to take a break from here.
I must only work with genius (or rather, extremely competent seniors) who keep their codebase very clean, because that never happened to me. Even in my worst job at a bank, with idiotic product dev who couldn't read a Java trace to save their lives, security was the only thing that mattered.
But like i said, this whole discussion on LLMs since Opus is out is _great_ for my ego. At first i thought i used it wrong, then my company made weekly meeting on "how to use AI" with devs who swore by it, now i'm confident I might be a bit above average after all.
Maybe it's different for tooling/network/security devs than for product devs, but i doubt our backend are _that_ complex.
Nobody gatekept anything. The software, tools, knowledgebase (MIT, Coursera, etc) were always there. It was a choice. Some of us chose it, rest didn't for whatever reason.
Agreed, the abundance of many apps and the fact that subscriptions and paid apps are going to zero means anyone can make an app for themselves or use an open source one.
I fear that these news publishers would come after RSS next as I see hundreds of AI companies misusing the terms of the news publishers's RSS feed for profit on mass scraping.
They do not care and we will be all worse off for it if these AI companies keep continuing to bombard news publishers RSS feeds.
It is a shame that the open web as we know it is closing down because of these AI companies.
You don't think "railway" at least conjures ideas about the company? It's not some random word. Not every company needs to be "helps you ship software quickly inc"
Possible empirical justification: Non-tech and more "typical" orgs (train companies...) don't spend lots of money on slick-sounding one-word .com domains.
Shell was originally very literal though. They sold seashells.
> The "Shell" Transport and Trading Company (the quotation marks were part of the legal name) was a British company, founded in 1897 by Marcus Samuel, 1st Viscount Bearsted, and his brother Samuel Samuel. Their father had owned an antique company in Houndsditch, London, which expanded in 1833 to import and sell seashells, after which the company "Shell" took its name.
reply