> The world is so not ready for the impact of LLMs on security issues.

I agree, but it's the people I'm worried about.

I'm hearing anecdotes from all over about devs pushing LLM-generated code changes into production without retaining any knowledge of what it is they're pushing. The changes compound, their understanding of the codebase diminishes, and so the actions become risker.

What's worse is a lot of this behavior is being driven by leaders, whether directly (e.g. unrealistic velocity goals, promoting people based on hand-wavy "use AI" initiatives, etc) or indirectly (e.g. layoffs overloading remaining devs, putting inexperienced devs in senior rolls, etc).

The world's gone mad and large swaths of the industry seem hellbent on rediscovering the security basics the hard way.

you're assuming that blue teams and engineers are sitting around twiddling their thumbs