Everyone in the company is an engineer now. Any chance of containing this?
Posted by Synaqua@reddit | ExperiencedDevs | View on Reddit | 103 comments
The long and short of it is that the company (huge multi-country place but not one of the usual household name culprits) has made a tool so that any sales / operational / middle manager can make production accessing vibe coded apps. These people have no code experience at all, and no clue how it’s working when asked. E.g. I asked “so does it match the existing pattern of hitting the APIs like the production one does regularly to keep things in sync, or does it batch them locally and bulk send them?” and it was met with “I dunno, what’s an API?” (Paraphrasing).
The obvious issues aside, there’s the whole idea of our work getting devalued when half the time the battle is maintaining old functionality and making sure that nothing gets into a bad state etc. Anyone else dealing with this? I’m sick of being told technical approaches to use by people who don’t know what they’re talking about but still get worked up when you question their own relevant skill set. Dev and Security teams keep getting overruled by higher ups and despite having evidence of it going wrong even from inside our org, it just gets ignored.
There’s also their plan to give all clients access to
Idk man. I give up on screaming into the void. (Obligatory “I’m not against AI” disclaimer. I’m just sick of people thinking that they can buy a circular saw from the local hardware store and therefore they’re now a fully qualified and capable carpenter. I just wish they’d realise that at their levels that it’s a great prototyping or personal productivity workflow enabler)
quizikal@reddit
In my company the CTO vibe codes "prototypes". This is typically 20,000 lines of code on a branch. It's the responsibility of a team to move that into production.
The issue is...that prototype (and thus AI) dictates the product and the technical archecture. It's an absolute disaster.
Instead of producing user facing features..he is building some type of developer environment. It has similar features to traditional tooling (git, npm, IDE etc) but of course does them in a terrible way.
At some point Devs will be expected to use that 😂.
The technical choices that support that can only be described as software gore.
I really fear for the future of the company 😞
Western_Objective209@reddit
you're not allowed to refactor at your company?
quizikal@reddit
We can refactor. The problems are deeper than refactoring. We are given flawed archecture
Western_Objective209@reddit
part of refactor is fixing the architecture I would say
quizikal@reddit
Refactoring is often local changes without changing functionalituy. Rearchecting is something entirely different.
Western_Objective209@reddit
okay so basically just arguing around definitions. are you saying you're not allowed to make architecture level changes to a PoC?
quizikal@reddit
Yeah kind of but it's more nuance. It's not like he is handing over requirements, he is handing over a product + technical direction. It's hard to pull them apart to make a reasonable technical decision.
If he said "we need to build a developer experience embedded in a web app". You might start to think how to hit git apis, how how to embed an LSP and how to build a publishing pipeline etc.
But he hands over a web app that has a rudimentary text editor for editing javascript, that editor puts the javascript in an object that would typically represent a User or some domain object so it can be pushed to an android app. He will hand it over like it's close to finished.
How do you even start to pick that apart? Thats not a refactor.
TribeWars@reddit
Refactoring human-written codebases is hard enough. Good luck doing this with 20k lines of AI slop vibe-hacked by someone who is not a dev.
Western_Objective209@reddit
refactoring with AI tools is insanely easy, basically all the difficulty in it is gone
TribeWars@reddit
In my experience that just moves the slop around.
Western_Objective209@reddit
I have fairly large AI generated code bases (tens of thousands to hundreds of thousands of lines of code) and when I onboard people, they are surprised at how easy they are to work in. it's a skill that people need to develop
SocksOnHands@reddit
I have no problem with the use of AI for prototypes. What has to be kept in mind, though, is that a prototype is a prototype - none of the code should be used in production. Instead, use the prototype to help guide the decision making process - what screens are there, what should the layout of these screens be like, what are the data requirements, what features are needed, what workflows need to be followed, etc. A solid prototype can help get developers all on the same page for what work needs to be done because they can see a clear working example of what their goals are.
ProbablyPuck@reddit
This is what I was thinking. Christ my life would be so much easier if my PM could actually spit out a product that "works" and then pass it to me with a requirements list. Then my job would ACTUALLY consist of engineering a resilient product that achieves the same outcomes as the prototype.
quizikal@reddit
I agree, buts it's not really a prototype hence the quotes.
But it's much worse actually, typically you might have an idea of what the users want and tell the AI to make that prototype/feature. I don't know what the workflow looks like but I know we are by passing the product team and processes, I suspect he is asking AI to design the feature too.
The outcome is developer tooling embedded in a end user facing product.
TainoCuyaya@reddit
I hate places like this where "anyone could be a developer" but it so happens that the actual developers are responsible of PR and merging it.
Like, fuck it. Own your mess. I won't put my name in that pile of garbage.
klimaheizung@reddit
> It's the responsibility of a team to move that into production.
Why? Much better to allow them to get it to production themselves.
quizikal@reddit
Because he is the CTO and that's what he decided
So_Rusted@reddit
thats absolute bonkers
dethswatch@reddit
>redacted LLM client> to mutate their production data,
Actually? Where's sw director screaming about how bad an idea that is?
GronklyTheSnerd@reddit
This is just the present equivalent of people hooking up MS Access to a production database and running it off of someone’s desktop. Or writing a bunch of reports in Perl. Stuff that people did all the time 30 years ago.
The thing you have to make clear is that it is just as fragile. IDK about you, but my real skill isn’t just making the thing, it’s making the thing AND making it stable. Which neither they, nor their LLM’s can do.
NegativeSemicolon@reddit
Just step out of the way and let them hurt themselves. When they do screw up don’t lift a finger to help.
Wide_Obligation4055@reddit
I don't think deciding to be shite at your job is ever a good plan TBH. Either you get buy in for your concerns and propose some kind of internal dev data hub where privacy safe prod data is synched to, that can be shafted by vibe coded apps.
Or you move to a company that has normal release practises and protection of production from most people in the company aside from SREs and a handful of the most senior Devs who are Ok being on call.
You can't fix totally broken practises, they are not a technical issue. If management does not listen to.yiu because 'you moan a lot' the jobs burnt anyway. Warn and start applying for a new job.
NegativeSemicolon@reddit
Stepping out of the way doesn’t make you bad at your job, it’s not your job to protect other people’s jobs.
Wide_Obligation4055@reddit
But it does though, if you ate a cop and they put a lunatic asylum next to a school, you tell them not to, but they do it anyway, when you see a mad axeman running into kindergarten, stepping out of his way and just saying, well I told them. Doesn't cut it.
NegativeSemicolon@reddit
Yeah sorry that’s not how office jobs work, false equivalence
Wide_Obligation4055@reddit
Depends what IT system your looking after in your office, screw up Medicade or other medical or financial or legal based systems and it can trigger deaths. 13 ex post office workers killed themselves over the UK Post Office bugs that lead them to being falsely accused of fraud.
Kultur_Cigany@reddit
Sometimes it can be. I did it once and turned out to be a correct decision.
wbqqq@reddit
This. And frame/document all of the specific concerns in terms of business risk.
E.g. for the LLM access to manipulate data, I can think of 3 pretty quickly with zero context: - Customer makes a request improperly and while doing what it was asked, the result is a dataset that breaks the customer’s business processes - Customer makes a request to globally change some data, and the LLM changes globally for all of your customers - you or your customer have a legal hold on your/their data, and the LLM changes that data
Sure you can put in guards and mitigations, but they also take time/effort.
OtaK_@reddit
Yep. Give out the warnings, the alarms, tell them running full speed into a wall hurts. But they'll run into it anyway, so just sit back and enjoy the show
Kaimito1@reddit
And keep a paper trail of you saying all this so you won't be dragged down when it does go down
Void-kun@reddit
Why sit and wait to clean up the mess? I'd just move on and get a new job.
Why even bother waiting for it to reach that point?
normalmighty@reddit
Honestly, I've found I really enjoy cleaning up the mess left by people vibe coding a mess and then seeing everything blow up and accepting that they need to get actual devs in to architect something with some actual stability and reliability. It's fun to me.
Void-kun@reddit
I can completely understand why that would be cathartic for some
OtaK_@reddit
That is neither up to you nor your responsibility. People tend to forget they work with adults, not toddlers. If they can't figure it out it's their problem, not yours.
And yes they'll pick up the mess because that's what both adults and kids do when they make a mess.
Void-kun@reddit
Good luck waiting for the marketing team and sales people that don't know what an API is to learn how to fix AI slop...
Your analogy doesn't quite work, because anybody even young children can clean up a mess, but I'd say 95%+ of people probably can't clean up AI slop code.
So the 'mess' (AI slop) they're producing will fall to the laps of the current developers to fix and get working.
Unless you were hired do exactly that, then that's none of our responsibility either.
OtaK_@reddit
Don't ask me those questions because I answer with a very stern hammer to them: I have a very hard no-LLM policy, so any PR/MR that even remotely smells like Claude gets unceremoniously closed without elaboration.
AnInstant@reddit
you know many companies are doing exactly that so changing company may lead to same scenario in different place, right?
Void-kun@reddit
They are, which is why you ask about it during interviews:
"How is this company using AI across different departments?"
"To what extent is AI used in development?"
"What AI tooling is available to your staff?"
Every time you go to a bad company, you learn what questions to ask to suss out the next one so you don't fall into that trap. Ofcourse they can lie (happened to me), but now I know to also ask them about their staff turnover rate.
positivelymonkey@reddit
popcorn.gif
Ratiocinor@reddit
Hah cute, you'll still be blamed 100%
The only way to avoid it is to leave
PlasmaFarmer@reddit
And document it that you've did it! Because when the first 4 million dollar mistake happens, they will try to find a scapegoat!
hippydipster@reddit
They'll still blame OP for any failures.
LittleLordFuckleroy1@reddit
This only works if you give them clear, documented warnings.
NegativeSemicolon@reddit
Maybe just remind them of the stakes, ‘if you screw this up then it could mean your job’. If they think it’s just fine to blow stuff up then they’re about to fafo.
Tricky-Cap-3564@reddit
Vibe coding is whatever but non-technical people with prod access and customer data and zero security review is the actual problem.
A mandatory pipeline gate no one bypasses is the structural fix.
Checkmarx in CI catches secrets, injection issues, auth problems before anything ships regardless of who built it.
n4ke@reddit
You should step up your game and heavily leverage AI tools ... to write your resignation letter.
a_slay_nub@reddit
Please don't use AI to write your resumes(at least not solely). I have several resumes I'm looking at right now that are the most AI-generated things I've ever seen. They annoying part is that they got past ATS and the recruiter so now I have to explain why this person that met 100% of the requirements is likely a huge fraud.
SkyPL@reddit
Yep. "Run for the trees" is the best thing one can do now.
People not understanding development who think that they can build actual products are extremely dangerous. It's an equivalent of a monkey with AK-47
Long-Sheepherder-826@reddit
how do you deal with code quality issues from these vibe-coded apps
RabbitLogic@reddit
That's the best part, you don't. Crap gets merged while everyone pats themselves on the back.
Inatimate@reddit
Make some popcorn and enjoy the show
Void-kun@reddit
Quit. I'm not even joking.
People joke about jobs around fixing AI slop, but that's all your job will become in the near future.
Leave whilst you still can and find somewhere semi responsible with their IP.
Don't be put off by AI, be put off by AI in the wrong hands.
Empanatacion@reddit
If jobs were plentiful right now, this would be a valid strategy.
matthkamis@reddit
I don’t know where you are, but in Canada I have seen sharp uptick in recruiter emails at the Senior+ level
Ratiocinor@reddit
I'd rather leave the industry entirely than stay in a job like this
In fact that's exactly what I did. So you can't even hit me with the "that's easy for you to say" line
I'm doing minimum wage to pay the bills while I assess my next move, but if I'd stayed where I was the burnout and my mental health decline would've just continued to the point of no return
Void-kun@reddit
That depends on your country, industry and your experience level.
It isn't equal worldwide nor is it equal across industries.
The US has a lay off culture that other countries don't have for example.
ProbablyPuck@reddit
Lol, letting business folks write their own apps has been a "holy grail" LONG before LLMs shot up in popularity. Turns out those computer science fundamentals matter. 🤷♂️ I'm sure city planners wish they could cut out civil engineers too.
NickW1343@reddit
Wait, so your company is hoping to have an AI between you and another provider that does retain data sent to them and they're hoping that middleman will always mutate sensitive data before sending it off so they're still complying with the law? That's not going to go well at all. Either it'll fail and leak private data or the mutations will make it way too unreliable. There's also the wild-card issue of "Well what happens if the middle-man is simply lying about not training on our data?" that is almost certainly also happening.
No_Pin_1150@reddit
I am not complaining. I am just trying to survive at this point. 20+ personal projects ready to demo using AI but honestly 20 times less brain power was used making them
Historical_Cook_1664@reddit
"You break it, you fix it"
Make sure all your "engineers" are aware of this.
FaceRekr4309@reddit
Ha.
Ha ha.
Ha ha ha ha ha.
Devs will be on the hook for that dark IT, mission-critical dashboard that gives inaccurate data from 13 different databases and APIs, three of which the development team had deprecated and were working for two years to shut down. You’ll get to that magic moment where you finally get to decommission that old SQL server 2012 machine and then the screams…
klimaheizung@reddit
Well, it will just take a VERY long time to fix these things, since I didn't build them. Fine by me.
FaceRekr4309@reddit
Except that now, I am the chief of compliance and I am telling you that that has to be back up yesterday. We have an audit that’s right. I said “audit.” I’ll be checking on the status twice per day in copying in your manager and his manager. Better get to work!
klimaheizung@reddit
And I'll reply "ah, I told you this would take if it happens. I'll give it my best" and then it'll take 3 days. Then what do you do?
FaceRekr4309@reddit
I can make your managers’ lives very uncomfortable. It’s up to your managers whether they will do their jobs and take the arrows for you and push back against unreasonable demands. Or, they will be cowards, content to let you lay in front of the bus.
Not everyone works in a company that values its developers. I assume even fewer do these days than before the delusional idea we can be replaced with agents. I’ve worked in some companies where a developer could draw a line and stand behind it. And I’ve worked at some where they expect you to make the unreasonable happen or it’s your ass.
klimaheizung@reddit
That's my managers problem.
If it were my problem (because I'm responsible to ensure uptime) I'd simply not allow all that in the beginning. Should my decision be overwritten, I'd have escalated it to my managers and thereby made it my manager's problem.
Finally, my manager is free to fire me and solve the problem themselves.
FaceRekr4309@reddit
Ah, to live in a world such as this
klimaheizung@reddit
Yeah, it's a great world to live in. Make sure you have a few years of fuck-you-money and then just do what I said. You won't believe what will happen: 1.) you'll feel much better and 2.) you'll either make your workplace a better place or get fired and find a better job.
That is, unless you are stupidly overpaid. Then jokes on you.
FaceRekr4309@reddit
I’ve been in this business over 25 years. I’ve seen it all. It’s easy to say you’d do one thing on Reddit, but when you’ve got a family it’s not such an easy decision to make.
klimaheizung@reddit
Ah, no family here. Well, that sucks. You're making my life hard too with your actions you know! I guess send your wife to work harder!
FaceRekr4309@reddit
I actually would push back and hold the line, personally. I am just speaking from the hypothetical of a person whose life is more complicated and has something to lose by making a stand.
hornynnerdy69@reddit
Man this industry is cooked
kaeptnphlop@reddit
Haunting … these are future campfire horror stories 🫣
CherryChokePart@reddit
Probably deploying an EMP device.
pehrray@reddit
I would shoot myself if I had to work at that company.
That is so mental 😂
BornMarionberry1008@reddit
the third line really stood out to me
Naive_Freedom_9808@reddit
When you say "third line", do you mean the third paragraph? Because that one stood out to me as well. There's a news story of Deloitte using AI-fabricated data recently for a client. Of course, the data did not reflect reality, so surely the client thought that everything was going smoothly despite that not being the case. The AI psychosis is so massive that people would rather have pretty but false data instead of real data.
Jazzlike-Potato-8548@reddit
sounds like a nightmare, dealing with clueless management is the worst
Naive_Freedom_9808@reddit
The AI craze can't be fought with coherent logic. If they want to burn down their org in the name of "innovation", then so be it. Sit back, relax, and wait until you get summoned to fix the inevitable slop. In the meantime, start applying elsewhere.
SplendidPunkinButter@reddit
Would you get on a plane where the pilot is just a guy with a background in business administration? After all, the plane has autopilot!
wardrox@reddit
Let them push to production then file the incident reports for them to handle. Much like we do with junior devs.
hw999@reddit
i love a good dumpster fire. i would lean in and grab some popcorn.
Heavy-Report9931@reddit
its JPMorgan isn't it?
ephemeral_resource@reddit
The need for "more software", even internal, even personal use, even if it is hard to maintain, being developed by non-technical people's AI agent development is something orgs should adjust to making a safe reality for themselves sooner than later. would have you believe the urgency is greater than necessary and that is some annoying marketing.
I've always been more of SRE/Platforms (and ran my own business a bit) so maybe I end up less irked by this transformation. That and it seems like my employer let us push back for starting with batch-processing and internal tools (perhaps just serendipity here) as we build some of the controls and monitoring for the sandbox.
What we're building is about three concerting workflows to enable secure agent software development (and other actions) by non-trained software developers. Have not yet crossed all the internal-only-requirements off the list and external is surely coming. We all low-key hope that workstation-controls come to agent-tools (ie. nemoclaw) sooner than later but those sandboxes may end up on the proprietary end. Our "simple yet effective vdi-like solution" is palatable for now.
- Agent sandboxes (isolated net and data from workstations) to build apps where we use egress controls and package mirrors to help deal with zero day supply chain issues
- Generic SDLC pipeline templates for some basic SAST and dependency scanning (probably more can be done here). This would be attached to any projects created using agents.
- Harness teleportation (ie. chat-ops to the sandboxed-agent-tool). Much less decided here so far, but looking to leverage teams as a file-sharing-repository as it has built in antivirus tools and everyone is familiar with the chat side of teams. We likely need to build an MCP server. Still not sure if agents can listen on an incoming port easily to initiate requests but it should allow users to keep tabs on long-running agentic processes fairly easy.
I'm hoping with a few patterns we can leverage it shouldn't be too hard to review any given app-dependency-chain (more important for looking for leaky data) though hard to be sure and will be growing and quantity-driven-pain. AI should be able to help with that as long as we can distill it into a skill.
We also aim to push every app (if possible) into k8s which should limit the places we need to look for firewall and storage connections.
It's a lot different these days and maybe the industry will pull back from having external facing apps being developed by AI for the risk reasons you mention (we're not there yet for said reasons)
Ok_Individual_5050@reddit
I think you already know what you should do. Start applying elsewhere yesterday
tiagocesar@reddit
My mouth waters a bit when I read such stories. So much work to do at consulting rates for decades to come.
MyOwnPathIn2021@reddit
Give a law book to a layman, and they'll be labeled a sovereign citizen.
Give an LLM to a salesman, and they'll be labeled a sales engineer.
Stamboolie@reddit
The important question is do you have a share or profit sharing scheme? If so I'm sorry because your shares will soon be worthless and profit will disappear.
Manletangelo@reddit
LMAO, i'm afraid it's time to leave buddy.
If you firefight for these retards, they'll carry on creating more headaches for you while they get all the credit "that was a great feature you vibe coded Jan! she can basically do your job now Synaqua! Haha"
If you don't firefight for these retards, they'll blame things breaking / new features not being implemented on you. "Why hasn't this been implemented Synaqua? Jan has already coded it.".
Plus_Fill_5015@reddit
Are we working in the same company? Is the app E.B.? The same thing is happening in my company.
Synaqua@reddit (OP)
I’ll flick you a direct message in case we’re on different wave lengths and to not dox ourselves if we’re not lol
landmesser@reddit
Make sure that you have an "papertrail" with your warnings and their requests, for when the blame game start...
nkondratyk93@reddit
nah the problem isn't that they're building apps - it's that someone gave them prod access with no oversight. those are separate problems. vibe coding I can live with. unreviewed prod access from people who can't explain what their code does? that's the thing to fix.
TNBH24@reddit
In the end you are just asset for the company and company is just ATM for you. If your current salary satisfy your needs just do bare minimum, spent time on improving your personal skills and watch how this shit will burn in upcoming months.
Synaqua@reddit (OP)
This guy is also done with a company’s BS. Thankyou for making me feel seen homie
Electrical-Shape-266@reddit
Start embracing AI like leadership wants, use it to generate your exit plan.
Damn-Splurge@reddit
our company went through this on a smaller scale, couple of these vibe coded apps popped up. One of the vibecoders convinced someone to give them a prod api key to a system with customer data in it and then committed it to a (private thankfully) repo. Since then there has been a lot more guardrails and it's kind of circling back around to not really worth the trouble, we let vibecoders build prototypes but actual implementation and deployment is left to developers
Playful_Ant_2162@reddit
Okay, I see you mentioned clients -- is this all code that is going to other businesses we're talking about, or internal tools? If it's internal tools, as in these other non-software teams are being allowed to update their own tools as they desire, then they might just need to fall on their own faces to see the consequences of that.
If it's affecting software that's going to clients/the general public, however, how widely known is it that the company has gone in this direction? Do clients view it as a good thing? Do clients know about it? If "no" to either of those questions, you might need the help of a totally anonymous employee venting on a public jobs/company review site revealing the current situation... something to the tune of how the software they're paying for it being modified by employees without any training or knowledge. They're not paying for experts any more, they're paying for someone else's Claude tokens. Ooh, or that they might as well do it themselves! Since sales and marketing are apparently qualified enough to make it with a $20 subscription.
kayinfire@reddit
i have to say, i find your strategy pretty neat as a response to this clownery. i've never thought of that
LittleLordFuckleroy1@reddit
Bare minimum: cover-your-ass (CYA) email with concerns and rationale to your manager. If they don’t acknowledge it, send again and include their manager.
After that, you’ve done your job and just need to accept that, given you’ve made the business aware of risks and impact, you need to adapt to a new normal. More of your time will be spent on debugging AI slop. You will deliver other work more slowly. This should have been outlined in your initial warning, and any subsequent complaints should reference (in writing) that warnings. This acts as a repeated and consistent signal to the business.
The worst thing you could do is silently accept the risk and assume that the business knows that it’s allowing. It doesn’t. You do. Be vocal.
But if they say essentially “we know but we don’t care,” read Who Moved My Cheese and mourn your precious role and accept that your job is different now.
At least it will be different in a way that guarantees job security. Even if the job isn’t as fun.
jhaand@reddit
Just make your 40 hours, do the gate keeping as required by the QMS (Quality Management System) and other standards, write issues on failing stuff but do not make them your responsibility, then watch it all burn.
Ragingman2@reddit
Big yikes. I'd highly recommend mandating a well maintained set of rules to keep in the context of any AI tools setting limits on or outright banning APIs that could lead to expensive mistakes.
BunchCrazy1269@reddit
Sounds like my last company. I left.