"The default reaction to vibe coding has been alarm - a default assumption that letting AI write large chunks of an application is going to flood production with vulnerabilities and undocumented behavior. That fear is doing as much damage as the bad code people are afraid of. Teams that freeze, ban the tools or push the work into the shadows end up with less visibility into how AI is actually showing up in their codebase, not more."
"AI-assisted development is a construction site, not a finished building - and construction sites are inherently messy. The job for engineering leaders isn't to keep the site spotless, it's to make sure the right safety systems, inspections and review steps are wrapped around the work that's happening anyway."
"Instead of trusting any single model, Merritt makes the case for using multiple AI assistants - Claude, Gemini and others - as a kind of cross-check, where one model reviews what another produced and pulls weaknesses to the surface before they hit a pull request. Pair that with the existing toolchain (SAST, dependency scanning, code review, tests) and the AI output starts to look more like any other developer's output: imperfect, but reviewable."
"The longer-term view is more optimistic than the headlines suggest. Merritt points out that no developer wakes up wanting to ship insecure code, and as these assistants get better at understanding context, security and intent, they have a real shot at making the secure path the easy path - turning today's messy reality into a faster, safer way of building software."
Fear of AI-written code flooding production with vulnerabilities leads teams to freeze, ban tools, or hide AI usage, reducing visibility into how AI affects codebases. AI-assisted development is treated as an active construction site rather than a finished building, requiring safety systems, inspections, and review steps around ongoing work. Using multiple AI assistants as cross-checks helps surface weaknesses before pull requests. Existing safeguards such as SAST, dependency scanning, code review, and tests make AI output reviewable like other developer contributions. Over time, improved context understanding can make secure development easier and faster, reducing insecure outcomes.
Read at DevOps.com
Unable to calculate read time
Collection
[
|
...
]