Same. Immediately I thought why not have clawdbot ask you for the 2FA? That way you at least kind of know what security-protected action it's trying to take and can approve it

Just to be upfront, i've gone from one of the naysayers to a modest fan after spending some time using Claude Code on nights/weekends with tasks that I know I can do and how long it would take me in order to get an idea of productivity gains possible with the tool. So far, the money i've spent was worth the results i got.

However, it's shocking to me the blinders people have with these things. Security is supposed to be front and center in our industry with everything we build and do. I thought that lesson had been learned and learned well over the past 30 or so years of life on the web. People are going to get seriously burned and the only answer to them is going to be "well you should have known better". For a fishing analogy, Barracuda are circling just out of visual range biding their time but the strike is inevitable.

If you're using these agents, spend some time attacking them and see what you can get them to do that you thought would be impossible by default. If you find something say something, we're basically having to re-teach the whole Internet basic information security again.