Sure, but how confident can they be that it doesn't also do things they don't want?
Tests can't be exhaustive, whereas even a mediocre developer is likely to possess enough background knowledge to notice risks that a non-developer would not think to test.
People keep forgetting that we haven't reached AGI yet. These tools can still make serious and sometimes obvious mistakes. Not long ago, vibe-coded software could embed credentials directly. That particular blunder seems to have been addressed, but there is still no reliable way to tell an LLM to avoid every class of obvious blunder.
Sure, but how confident can they be that it doesn't also do things they don't want?
Tests can't be exhaustive, whereas even a mediocre developer is likely to possess enough background knowledge to notice risks that a non-developer would not think to test.
People keep forgetting that we haven't reached AGI yet. These tools can still make serious and sometimes obvious mistakes. Not long ago, vibe-coded software could embed credentials directly. That particular blunder seems to have been addressed, but there is still no reliable way to tell an LLM to avoid every class of obvious blunder.