“I'm trying to free your mind, Neo. But I can only show you the door. You're the one that has to walk through it. You have to let it all go.“
Not a dev but been “vibe coding” since chatgpt came out. The llms can write a book… if you try to accomplish it with a single prompt it’s trash. If you construct the book chapter by chapter it’s a lot better and more cohesive.
You don’t build the app with a single prompt - you build a function or file at a time in a modular, expandable format.
Hackers are comfortable working in the dark— navigate with a flashlight (some background knowledge, understanding on syntax, data structures, secure coding practices etc) and you can get where your going a lot quicker and can try out a lot of different routes you may not have seen or had an opportunity to explore otherwise- maybe stumble upon an Easter egg along the way.
You don’t necessarily need to spend hours reading the documentation on an unfamiliar library if you know how to get the AI to understand it, reinforce it with some examples and and use it- maybe in that process it expands your perspective or gives you an idea to incorporate into your production grade environment.
With how quickly things advance- it seems rapid prototyping would allow you to qualify what’s worth investing time in vs what’s not.
If you know about DAST, SAST and containers you can probably create a non total trash workflow for prototype qualifications and then pass to a more technically savvy specialized team member if warranted?
Exploratory data analysis doesn’t seem wholly dissimilar in value- never know when you’ll stumble across a good nugget to feature engineer if you aren’t actively mining and exploring.
“Vibe coding”==you’re getting the model to do what YOU want. Craft some nefarious things to understand how to hold the reins on the beast and that’s a decent starting point.
If the LLM is useless- learn up on NLP, word embeddings and BERT and fine tune one to your specific use case. Don’t use the same chat session to make every file- manage the memory and tokens strategically and use few-multi shot reinforcement learning to specialize the sessions knowledge.
Maybe things become a lot more bespoke and require less dependencies- less susceptible to supply chain attack. More variety could make your system less susceptible to automated attacks and make the pyramid of pain stronger.
If everyone reverse engineers the dependencies and builds most things in house with their own twist, maybe that enables more flexibility with custom encoding and makes it less intuitive for an attacker to analyze your tech stack and infer how it operates.
—surely over simplifying a few things and missing out on some production grade concepts but just grasping that the same thing that’s viewed as creating security gaps could also be used as a mechanism to close some if used efficiently and strategically.
-— it’s not competition to a dev, use it so you can learn more and do better
Not a dev but been “vibe coding” since chatgpt came out. The llms can write a book… if you try to accomplish it with a single prompt it’s trash. If you construct the book chapter by chapter it’s a lot better and more cohesive.
You don’t build the app with a single prompt - you build a function or file at a time in a modular, expandable format.
Hackers are comfortable working in the dark— navigate with a flashlight (some background knowledge, understanding on syntax, data structures, secure coding practices etc) and you can get where your going a lot quicker and can try out a lot of different routes you may not have seen or had an opportunity to explore otherwise- maybe stumble upon an Easter egg along the way.
You don’t necessarily need to spend hours reading the documentation on an unfamiliar library if you know how to get the AI to understand it, reinforce it with some examples and and use it- maybe in that process it expands your perspective or gives you an idea to incorporate into your production grade environment.
With how quickly things advance- it seems rapid prototyping would allow you to qualify what’s worth investing time in vs what’s not.
If you know about DAST, SAST and containers you can probably create a non total trash workflow for prototype qualifications and then pass to a more technically savvy specialized team member if warranted?
Exploratory data analysis doesn’t seem wholly dissimilar in value- never know when you’ll stumble across a good nugget to feature engineer if you aren’t actively mining and exploring.
“Vibe coding”==you’re getting the model to do what YOU want. Craft some nefarious things to understand how to hold the reins on the beast and that’s a decent starting point.
If the LLM is useless- learn up on NLP, word embeddings and BERT and fine tune one to your specific use case. Don’t use the same chat session to make every file- manage the memory and tokens strategically and use few-multi shot reinforcement learning to specialize the sessions knowledge.
Maybe things become a lot more bespoke and require less dependencies- less susceptible to supply chain attack. More variety could make your system less susceptible to automated attacks and make the pyramid of pain stronger.
If everyone reverse engineers the dependencies and builds most things in house with their own twist, maybe that enables more flexibility with custom encoding and makes it less intuitive for an attacker to analyze your tech stack and infer how it operates.
—surely over simplifying a few things and missing out on some production grade concepts but just grasping that the same thing that’s viewed as creating security gaps could also be used as a mechanism to close some if used efficiently and strategically. -— it’s not competition to a dev, use it so you can learn more and do better