You should never, to the best of your ability, download and/or install anything on your computer, phone, etc., that was coded using generative AI. I don't even have to touch on the moral reasons because it is, point blank, actually dangerous.
Your electronic devices are just millions of lines of code with a fancy interface, and every time you download and install something, you're trusting that whoever programmed it, 1) knew what they were doing and, 2) is acting without malicious intent.
Something wrong with GShade or ReShade could wreck your GPU. A bad update to a video game could trigger a memory leak with potentially devastating consequences. Data being stored in the wrong format is just waiting to be stolen. Tons of people are right now being listened to or watched via their webcams because of exploits.
And this is with people who KNOW what they're doing. It's part of why historically it was so important to install security updates as they rolled out.
It's also part of why, in my opinion, more so than anything else in the AI slop realm, gen AI-based vibes "coding" is the most despicable because it puts so many people's very expensive computers and very exploitable data at risk. The person generating the code doesn't actually know what the code is doing or how to fix it, and these programs get bloated quickly because any attempt to fix bugs usually just results in Claude or Grok or w/e just generating more code to slap on top of what's already there, frequently leaving the "bad" code intact.
LLMs are also... just kind of dumb? and capable of being "poisoned." Like it's possible to "break" ChatGPT by asking it to show a seahorse emoji because someone on Reddit was convinced it existed in a parallel universe. Imagine what could wind up in published code because of such hallucinations or because someone poisoned the well.
In small hobby spaces, part of why so many people publish directly to github is because it allows their code to be audited by the community. Others who know what they're looking at can come in and verify the code does what the publisher says it does and question if anything looks strange. The end result is that it helps keep the community as a whole safer.
Untested, vibes "coded" programs tossed willy nilly into the ether are dangerous, end of story. Seemingly simple and harmless programs can actually do massive damage though malice or incompetence.
Even if it is from a trusted member of the community, the act of publishing something that you don't actually know and cannot verify what it does is blatantly irresponsible and puts everyone who downloads it at risk.
Again, I'm not here to argue the morality of gen AI, because everyone has been talking in circles about it for literally years now.
But purely from a cyber security perspective: you should never, under any circumstances, download and run a program that is not verified to work the way the publisher claims it should, and anything coded with gen Ai is going to be fundamentally more suspicious by it's very nature.
And I really need to emphasize that I do no think that the majority of vibes "coding" is being done in bad faith. I don't think anyone is trying to damage computers or open anyone up to security vulnerabilities.
But if you cannot parse the code yourself--and I certainly can't, so I'm not judging anyone else who can't--when you download and run the programs, you are putting so much faith in whoever published it that, in the case of vibes "coded" nonsense, they genuinely do not deserve.










