Ben Blair - Operating Safely in a Vibe Coding World
0 likes80 views
![“
[AI will be like] a country of
geniuses in a datacenter
– Dario Amodei
Anthropic CEO
Machines of Loving Grace
#AWScommunity](https://image.slidesharecdn.com/bqr23pdbrfs5paqupy4q-awscommunityday2025-vibecoding-250606014538-9983d0b2/85/Ben-Blair-Operating-Safely-in-a-Vibe-Coding-World-2-320.jpg)
Ben Blair - Operating Safely in a Vibe Coding World
- 1. Operating Safely in a Vibe Coding World Ben Blair | June 5, 2025 #AWScommunity
- 2. “ [AI will be like] a country of geniuses in a datacenter – Dario Amodei Anthropic CEO Machines of Loving Grace #AWScommunity
- 3. More accurate today: A team of of very enthusiastic junior devs who just finished every coding boot camp in the world. #AWScommunity
- 4. Should AI ship straight to prod? #AWScommunity
- 7. What is Vibe Coding? #AWScommunity
- 8. “ There's a new kind of coding I call "vibe coding", where you… forget that the code even exists… I just see stuff, say stuff, run stuff, and copy paste stuff, and it mostly works. – Andrej Karpathy Feb 2, 2025 on X #AWScommunity
- 9. Vibe Coding and Agent Mode Creating or modifying software by chatting with an AI rather than writing code yourself. #AWScommunity
- 10. “ For 25% of the Winter 2025 batch, 95% of lines of code are LLM generated. – Gary Tan Y Combinator CEO March 5, 2025 on X #AWScommunity
- 11. What are AI coding tools good at today? • Creating a new React front-end • Modifying the behavior of a UI component • Adding a new CRUD endpoint to your API • Language and library migrations #AWScommunity
- 12. What could possibly go wrong? #AWScommunity
- 13. Obvious Risks • More bugs • Secrets in client code • Vulnerable dependencies • Prompt injection • Missing or no input validation • Out of date docs #AWScommunity
- 14. Less Obvious Risks • Leakier abstractions • More fragile dependencies between services • On-call surprises • Missed compliance requirements #AWScommunity
- 15. Long Term Risks • More PRs to review means less careful reviews • Broken career ladder • AI code is a different kind of tech debt • Coding is thinking #AWScommunity
- 17. “ 97% used AI coding tools at work 88% of US companies encourage AI – GitHub Developer Survey August 20, 2024 #AWScommunity
- 19. Is this really a new problem? #AWScommunity
- 20. Lessons from Security Treat AI-generated code as (potentially) hostile code • Practice defense in depth • Apply the principle of least privilege • Use Static (SAST) and Dynamic (DAST) security analysis tools • Prompt your AI to follow specific best practices (eg OWASP Top 10) #AWScommunity
- 21. Lessons from Change Management Use agents in your PR’s to help • set a regression risk score • set a security risk score • identify migrations or infrastructure changes • document the user stories and acceptance criteria for the change • document test and rollback plans • make the right thing the easy thing #AWScommunity
- 22. Lessons from Release Engineering Use release agents to test user stories in production • with changes behind a feature flag • with service canaries • with services down or degraded by fault injection #AWScommunity
- 23. Lessons from Event Driven Architecture Use event streams to make riskier changes safer • idempotent retries of failed steps • blue/green streams #AWScommunity
- 24. Lessons from Observability You can’t operate what you can’t see • Who’s on call if nobody wrote the code? • Make it easy for humans to see and understand what’s happening and why #AWScommunity
- 25. Lessons from Software Design Small, well-defined abstractions are more important than ever • LLMs perform better with smaller context • Small surface area is easier to test exhaustively • AI’s change the microservice vs monolith tradeoffs #AWScommunity
- 31. What about that career ladder? #AWScommunity
- 32. We’ll build more things! #AWScommunity
- 33. Recap • Vibe coding is coming • It can be done safely by applying the lessons you already know • The companies that do this right will dominate those that don’t #AWScommunity