alt Hacker NewsWhat follows next is purely speculation and it is based on my own observations and thoughts but based on what I've seen the old RBAC models, while being almost broken before, now it is fully broken, with the fact that now coding assistants and engineers are working on multiple unrelated projects simultaneously - especially working on wild experiments they had no time for previously. The risk of supply chain issue has increased dramatically in the enterprise.
Again, I am not saying it is related but I think it has an impact.
Now in many places it is encouraged by coders and managers to vibe stuff on their own devices. Soon or later it will become a problem, especially for those that have no idea what they are doing.
I am not saying it is related but I feel that it coincides perfectly.
I just cannot believe there is no underlaying thread going through all of these recent supply chain issues, and yes there are some hacking groups that specialise in this, sure, but it is because the bounty is plentiful.
Replies
> Now in many places it is encouraged by coders and managers to vibe stuff on their own devices. Soon or later it will become a problem, especially for those that have no idea what they are doing.
Yes in our place too. "You better do as much as possible with AI or you will be left behind" dogmas etc.
It's the stupid IoT hype all over again. No concern for security, just trying to be the first in the pack.
I argued for years that we had too few workers for our total project count and management argued that most projects were idle and so it was fine to have so many per worker.
Welp.
Do you mean that role based access control (RBAC) should be replaced by something else? Or that just the specific RBAC models in use are broken?
I personally think the, perhaps confusingly named, capability based security models are the way of The Future.
> Now in many places it is encouraged by coders and managers to vibe stuff on their own devices. Soon or later it will become a problem, especially for those that have no idea what they are doing.
Idiots must suffer.
Just to clarify, and I know you weren't saying they are related, but this has absolutely nothing to do with AI or vibe coding or manager code.
It's a continuation of the Shai Halud worm and the lack of security around developer dependnecy installations, which has existed for a very long time.
Hackers have figured out that developers themselves are an ideal target due to how easy it is to trick them into installing something and how much private information they have on their machines (creds, cloud clis, mcps, etc.).