You mention tokens, what else is in your threat model? Is your AI functionality a custom model?
I am concerned that you haven’t adequately explored and mitigated security and reliability risks involved here before asking folks to YOLO your app into their critical infrastructure.
Who said anything about privacy? Sure, privacy is a concern, but I’m more worried about a vibe-coded app produced by an inexperienced team without the assistance of a security team causing a breach, or an agent-caused outage.
It seems more likely that such a team would have poor security controls, insufficient staff training, and may themselves be threat actors.
For an enterprise tool like this, one which integrates with two or more other sensitive systems, I would expect a vendor to have some manner of independently audited security certification such as ISO-27001.
You may be mistaken. There is a good (and growing) number of folks who have noticed that vibe-coding isn’t always the right fit. There have also been a number of instances where AI agents have destroyed production environments.
In your 4+ years of “experience,” have you acquired the experience necessary to protect anybody’s GitHub, slack, or any other enterprise systems from the numerous security concerns that you’re just hand-waiving away?
Not all “devs” use AI, and very few companies would trust a fully vibe-coded enterprise system plugin with no security team, no enterprise support, no GDPR documentation, and all fielded by a team with fewer than five years of experience.
That seems like the path to breaches, or to having an agent take destroy sensitive systems, or both.
Wild how many folks vibe code a thing and then claim to have created something that they ask us to plug into critical infrastructure with the ability to read, write, and execute.
I don’t think there’s anything intrinsically awful about sports betting. I do think that the way American corporations have set it up, though, has made it a lot more predatory than many fans want to admit.
I am concerned that you haven’t adequately explored and mitigated security and reliability risks involved here before asking folks to YOLO your app into their critical infrastructure.