That dismissal didn't sit right with me. So, a few days later, I decided to check the code myself. On the surface, it looked clean, even polished. But then I saw that line. A single, innocuous-looking database query.

The AI had constructed it in a way that was wide open to a classic SQL Injection attack.

Alex's tests, done with "normal" fake user data, passed perfectly. But a malicious actor could have wiped their entire user database with a single, cleverly crafted request. The code worked, but it was a ticking time bomb sitting on my servers. And Alex, who had trusted the tool, had no idea.

...

It's this methodology (if we can call it that) where developers, pressured by deadlines, are no longer trained on code structure, but on the "vibe" – that is, on giving the right prompts to AIs and testing only if the output seems to work.

Alex isn't just a case of insecure code. He's proof of how we're becoming dependent on tools we don't control.