Comment by onion2k
Comment by onion2k 3 days ago
I'm a huge fan of LLM-based tools, and I use them pretty much daily, but stuff like this concerns me a bit. In any dev process there needs to be a review step somewhere. Someone who understands code well needs to be looking at what the app is doing and making sure it's protecting my data. Someone needs to make sure there isn't a bug that loses the work I put in to creating records with a CRUD operation. They need to be making sure my privacy is respected in a legally compliant way. They need to make sure things are reasonably secure. None of that is guaranteed when you have a dev team, but it is a possibility at least.
Telling Joe Random "describe you app in a prompt and press deploy!" guarantees that isn't happening. This sort of service is great for non-dev people who want to launch something but it's a pretty big threat to my data.
I'm under no illusion that these services are going to be huge, and no doubt someone will sell an app built with one to a service that puts data about me into it. I suspect that means one day an attacker is going to learn something I'd rather they didn't. That sucks.
I wonder how much of this is that LLMs are worse than human developers (they are much more error prone right now) and how much of this is that we want someone to blame. When the elevator operator closes a door on someone fingers that's an honest mistake and/or we can fire them, but when the automated elevator bruises some 12 year olds finger that's a big problem that needs fixed