That fits with my experience. I used Claude Code to put together a pretty complex CRUD app and it worked quite well. I prompted it to write the code for the analysis worker, and it produced some quite awful code with subtle race conditions which would periodically crash the worker and hang the job.
On the plus side, I got to see first-hand how Postgres handles deadlocks and read up on how to avoid them.
Or more cynically they reach their level of competence, go one level further and stay there to keep them from ruining the productivity of the people doing the work...
Maybe the tyranny of the fiefdoms will drive us back towards HTTPS.
Certainly I've heard the question "why don't we do an iOS app and an Android app?" in respect of conference schedules. Usually after people saw the Google IO schedule app.
My response was, now we have HTTP push notifications, we can do everything we need on a website. Most people just want the now-and-next information. And as a bonus, hook an old PC up to a TV and we've got now-and-next on a conveniently located display (the lobby, main conference hall, etc). Not to mention the ease of maintenance.
From my experience with bug bounties, if it's not on the OWASP TOP10, they'll kick, stamp, scream and fight -- even if you say "I don't want the bounty, I just want this bug fixed".
(backstory: found a bug in Twitter which disclosed DMs. Reported it, Twitter engineer had a raging tantrum on Hackerone, H1 (I assume) mistook his messages for mine and banned me from the site. Found out a mutual was a Twitter engineer, sent him the POC. A few days later, fixed)