After scathing accusations of skimping on due diligence, as well as other feedback to my article on trying to use an ‘AI coding assistant’ for the first time, the only rational, academic response is to lick one’s wounds following a particularly bruising peer review and try to address the raised issues. Reality after all does not care about one’s feelings, and there may be more to this AI assistant technology that can be coaxed out with a more in-depth look.

To this end I’ll do my best to try and work through each raised point, criticism and accusation, to see what I – and perhaps others – can learn of this endeavor. Said points include the use of the wrong frontend – i.e. Copilot – and the wrong model – being Claude Haiku 4.5 – as well as the egregious flaw on my end of ‘prompting wrong’.

For the sake of due diligence the best frontend and models will be investigated for particular tasks, with finally the verbal minefield of ‘prompt engineering’ examined for industry-standard approaches.

Trying Pair Programming With An LLM Chatbot
https://hackaday.com/2026/04/27/trying-pair-programming-with-an-llm-chatbot/

CISOs are now facing machine-speed attacks and asking, “How do I agent?” The industry must provide remediation at scale.

https://www.securityweek.com/raising-the-cybersecurity-stakes-ante-up-for-the-agentic-era/

Organizations are making a big bet on AI, but if their plans don’t include a cybersecurity strategy, then they are gambling with their future.

Over the past few years, GenAI platforms have matured from pattern-matching large language models (LLMs) to tool-calling agents. Many enterprises now report that the majority of their code is written by AI. However, threat actors have also upped the ante – agentic attacks shape offense faster than human defenses can respond.

In the last decade, the fundamental questions of cybersecurity have evolved. When CISOs asked, “What do I have?”, the industry provided context on assets. When they asked, “What is important?”, the industry provided prioritization. When they asked, “How do I fix it?”, the industry provided remediation.

Now, virtually every cybersecurity solution has implemented conversational AI that can make recommendations, but manual remediation cannot keep pace with AI-powered cyberattacks.

The agentic era is forcing manual remediation processes to evolve rapidly. CISOs are now facing machine-speed attacks and asking, “How do I agent?” The industry must provide remediation at scale.

AI Is the New Perimeter

AI has changed the game in both the scope of the attack surface and the scale of agentic attacks. This attack surface (and the control plane) spans assets, identity, and decision context. Enterprise AI agents and AI-generated code are both sources of risk.

In February 2026, OpenClaw, an agentic assistant, became so popular that its creator was recruited to join OpenAI. Although early adopters of OpenClaw may pose a shadow AI risk in enterprise environments, they also serve as a proof of concept for the agentic enterprise.

But the agentic enterprise is a security nightmare. Connecting AI to everything creates a flat network that runs counter to the principles of network segmentation and isolation that the security industry has advocated for decades.

One risk is that AI agents have the ability to execute tasks and make decisions autonomously, but they lack the discernment to avoid harming themselves or their enterprise.

Many parents have scolded their children by asking, “If everyone jumped off a bridge, would you?” There are numerous examples of AI-induced outages and data leaks that demonstrate AI would jump off a bridge. Therefore, organizations must implement guardrails.

Another risk is that threat actors are targeting AI. Model poisoning can manipulate training data to corrupt the foundational logic of AI models. Evasion of logic attacks bypasses defensive decision-making algorithms. Autonomous systems create blind spots that humans might miss. AI-powered cyberattacks continuously learn from their failed attempts to improve future attacks.

It has been estimated that within the next few years, the ratio of humans to agents will increase to 1:100 (or more). That means the typical large enterprise with 10,000 employees will be contending with a million or more agents – the size of a major metropolitan city.

Organizations should think of managing the agentic enterprise like a major metropolitan city, implementing infrastructure, establishing proactive policies, and governing it with controls.

The Agentic Detection Gap

As bad actors reshape the threat landscape with agentic cyberattacks, the defensive paradigm has yet to adapt. In Armis’ 2026 State of Cyberwarfare Report (PDF), 43% of respondents reported that their organization still detects and responds to significant cyberattacks as they happen or after they have already occurred.

AI-driven development is not something organizations can or should block. But it must be governed.

https://www.securityweek.com/everybody-is-vibe-coding-but-nobody-told-the-security-team/

In February 2025, Andrej Karpathy coined the term “vibe coding” to describe a new way of building software: rapid, AI-assisted development where users ‘fully give in to the vibes, embrace exponentials, and forget that the code even exists’.”

Fast forward to 2026, and Anthropic CEO now predicts that 90% of code will be written by AI in 3-6 months. According to one survey, 84% of developers globally are using or planning to use AI coding tools in their workflow, up from 76% in 2024. Of those, 51% of professional developers use AI tools daily.

The marketing manager, the operations lead, the finance team — all of them are building working applications, connecting them to production systems, and deploying them. Mostly without involving IT, and often never involving security.

Security Challenges With Vibe Coding Apps

Recent research from Veracode shows 45% of AI-generated code contains OWASP Top 10 vulnerabilities. AI models have improved dramatically at generating code that compiles and runs – but the security of that code is not always sound. The reason is straightforward: AI optimizes for functionality, not security.

Researchers at RedAccess recently analyzed thousands of vibe-coded applications built on Lovable, Replit, Base44, and Netlify. They found more than 5,000 with virtually no security or authentication. Around 40% exposed sensitive data — medical information, financial records, corporate strategy documents, detailed customer conversation logs.

Among verified exposures: a shipping company app detailing vessel port arrivals; an internal health company application listing active UK clinical trials. Many of these applications are indexed by Google. As relayed in the report– no exploitation was required; this was research on exposed applications with public URLs.

This lack of security control extends to the AI agents themselves, whether assisting a professional developer or a non-developer. A software company, PocketOS, reported that its Cursor AI coding agent deleted its entire production database and “all volume-level backups” in nine seconds. Replit’s AI agent deleted 1,206 executive records and 1,196 company records while under explicit code-freeze instructions — then admitted: “Yes. I deleted the codebase without permission during an active code and action freeze. This was a catastrophic error in judgment.” It then told the user a rollback would not work. That turned out to be false.

A New Shadow AI Problem

For two years, the security industry has discussed shadow AI as a behavior problem — employees pasting sensitive data into ChatGPT on personal accounts. That problem is bounded: the exposure lives in the inference layer, and there are tools that are focused on detecting it.

Vibe coding brings a different shadow AI problem. The employee is not sending data somewhere. They are building something — a live application connected to your CRM, your database, your ticketing system — and deploying it publicly. Your security stack – with insights distributed across multiple data silos – was never designed to find it.

Organizations running mature secure web gateways, CASB, or DNS logging can detect employee access to vibe-coding platforms. But detecting access is not the same as inventorying what was deployed, what data it holds, or whether it requires authentication. For example – while a CASB can detect that an employee accessed Replit, it cannot inventory what was deployed, what data it holds, or if it requires a login. These apps live in the “visibility gap” between network security and AppSec, often because they are deployed directly to third-party platforms and bypass the organization’s traditional CI/CD pipelines or cloud environments that AppSec tools are designed to monitor.

What Should Security Leaders Do?

Similar to the initial reaction with shadow IT, the instinct is to prohibit vibe coding tools. That instinct is wrong. AI-driven development is not something organizations can or should block. But it must be governed. The question is what governance actually means in practice when the tools move faster than any policy framework.

The Untrainable
https://saranormous.substack.com/p/the-untrainable

The mid-2026 investor’s version of AI psychosis is a despair that nothing is investable, that we should put all our money into Anthropic and Nvidia and go home. I have never felt it. I have been sure the models are smarter than me for several sub-versions now, I’d be a happy buyer of Anthropic and Nvidia at the market price, and all my smartest friends are quite convinced that self-improvement is soon to work – and I still don’t feel it. The despair isn’t stupid. The logic runs: if the model keeps getting better at everything, then every company built on top of one is a thin wrapper waiting to be absorbed, and the only value that survives is the compute and the frontier weights.

Take software, the case the despair leans on hardest. Devin shipped in 2024 solving thirteen percent of the tasks on the standard software benchmark, and was largely dismissed. A year and a half later the best agents hit the high eighties, and they’re doing real work inside Goldman Sachs and the U.S. Army. Nearly everyone drew the same wrong lesson: the model ate software engineering. But as the model swallowed the part of software engineering you can best measure, we’re relearning what many teams knew – engineering has always resisted measurement, and the most measurable parts may not be the only important ones.

Mert Demirer and coauthors at MIT finally put numbers on it: across more than 100,000 developers, the latest coding agents lifted how much code got written by roughly 180%, and how much actually shipped by about 30%. Writing got cheap. The rest still runs through a person, and it matters. The net impact is, of course, still amazing.

A benchmark is a thing you can measure, and a thing you can measure is a thing you can train against. Thus, coding agents matured first: a compiler is a free verifier, a test suite is a free verifier, and when the answer checks itself for nothing you can grind against the check until you beat it. But passing the test never told you the change was the right one for a decade-old codebase with three undocumented reasons that module exists and a deploy pipeline held together by a cron job no one will admit to writing.

That kind of correctness can’t be read off a leaderboard, and it can’t really be read off anything. You find out whether a system that complex works by running it in the world long enough to learn, and a smarter model doesn’t make the world run faster. Nobody unit-tests something the size of Google and trusts the green check; you trust it because it survived years of real load. Correctness like that isn’t only private, it’s the slow kind of moat capital can’t collapse. Even the optimists grant the clock can’t be skipped: Noam Brown, who has pioneered OpenAI’s reasoning models, wrote recently that the only sure way to evaluate an agent over a one-year horizon may be to run it…for a year.

As Gabe Pereyra says, real automation isn’t only the model getting better. It’s the product, the model, the workflow, and the firm moving together, and three of those four move at the speed of an organization. Moving people is the part no benchmark touches: getting a skeptical partner to change how she runs her matters, holding a team together through a rebuild. It’s why, when we hire a CEO, the ability to deal with people weighs at least as much as the analytical horsepower, and a smarter model doesn’t change that weighting. The feedback is ambiguous, the horizon is years, and the trust belongs to a person. Every company I know has every engineer on frontier coding models, and not one has changed its eng org at anything close to that speed. Adoption took a quarter, and what a magical quarter of token growth it was! But the rebuild is taking years.

Microsoftin tuore AI Diffusion -raportti antaa ensimmäisiä kovia lukuja agenttisen tekoälyn vaikutuksesta ohjelmistokehitykseen. GitHubiin ladatun koodin määrä kasvoi vuodessa 78 prosenttia, samalla kun AI-agenttien tekemät pull request -päivitykset kasvoivat 28-kertaisiksi.

Microsoftin raportin mukaan generatiivinen tekoäly siirtyi kokeiluista varsinaiseen ohjelmistotuotantoon tämän vuoden ensimmäisen neljänneksen aikana. Erityisesti OpenAI:n Codex-mallit, Anthropicin Claude Code ja GitHub Copilotin uudet agenttiominaisuudet muuttavat oikeasti tapaa, jolla ohjelmistoja rakennetaan.

Vuoden ensimmäisellä neljänneksellä GitHubiin tehtiin jo 380 miljoonaa koodipäivitystä eli git pushia. Vuotta aiemmin määrä oli 213 miljoonaa. Samalla uusien GitHub-repositorioiden määrä kasvoi 45 prosenttia 21,3 miljoonaan.

Suurin muutos näkyy agenttipohjaisessa kehityksessä. Microsoftin mukaan AI-agentteihin liittyvien GitHub-muutosesitysten määrä nousi kymmenessä kuukaudessa 83 tuhannesta 2,3 miljoonaan.

Kyse ei enää ole siitä, että tekoäly ehdottaa yksittäisiä koodirivejä. Uudet työkalut rakentavat kokonaisia ohjelmistokomponentteja, tekevät muutoksia projekteihin ja hoitavat monivaiheisia kehitystehtäviä yhä itsenäisemmin.

The tool was the favourite inside the teams building Windows and Office.

Engineers were told to switch to GitHub Copilot CLI by 30 June.

The official reason is tidying up the toolset.

The real reason is the invoice.

Uber tried the same tools and burned its full 2026 AI budget in 4 months.

Every company that handed out these AI seats is now doing the same math.

Read more on TNW: https://thenextweb.com/news/microsoft-claude-code-retreat-ai-cost

Ohjelmistokehittäjä väittää Googlen Gemini -tekoälyassistentin poistaneen lähes 30 000 riviä tuotannossa ollutta koodia hänen ohjelmistostaan. Redditiin kirjoittamassaan julkaisussa koodari avaa, kuinka tekoälymalli järjesteli koodikantaa uudelleen. Sen ohjeistuksena oli säilyttää ohjelman ydintoiminnot. Gemini teki työtä käskettyä ja avasi pull requestin, joka lisäsi noin 400 riviä koodia, mutta poisti samalla liki 29 000 riviä. Koodin lisäksi avustaja poisti useita muita tiedostoja.

– Jatkossa yritysohjelmistojen arvo on kontekstissa, sanoo Salesforce Suomen Solution Engineering Leader Laura Hankalin. Väite on kova, sillä SaaS-yritysten liiketoiminta on perinteisesti rakentunut juuri ohjelmistojen, käyttöliittymien ja workflow-logiikan ympärille. Nyt Salesforce arvioi, että agenttinen tekoäly siirtää arvon pois itse koodista kohti yritysdataa, prosesseja ja luottamuskerrosta.

Salesforcen uusi Headless 360 -strategia vihjaa koko SaaS-maailman perustavanlaatuiseen muutokseen. Yhtiön mukaan käyttöliittymä ei enää ole enterprise-ohjelmistojen tärkein osa, kun agentit käyttävät järjestelmiä suoraan API-rajapintojen, MCP-työkalujen ja CLI-komentojen kautta.

Hankalinin mukaan agenttinen tekoäly muuttaa ohjelmistoalan arvonmuodostusta nopeasti. – On totta, että koodin kirjoittamisen arvo laskee vääjäämättä. Esimerkiksi Agentforce Vibes rakentaa toimivia työnkulkuja minuuteissa, Hankalin sanoo.