Download to read offline
![“
[AI will be like] a country of
geniuses in a datacenter
– Dario Amodei
Anthropic CEO
Machines of Loving Grace
#AWScommunity](https://image.slidesharecdn.com/7qhx8gwcrgnsg5odptgq-awscommunityday2025-vibecoding-250715162609-2b3eaddb/85/Ben-Blair-Operating-Safely-in-a-Vibe-Coding-World-2-320.jpg)
![“
[AI will be like] a country of
geniuses in a datacenter
– Dario Amodei
Anthropic CEO
Machines of Loving Grace
#AWScommunity](https://image.slidesharecdn.com/7qhx8gwcrgnsg5odptgq-awscommunityday2025-vibecoding-250715162609-2b3eaddb/75/Ben-Blair-Operating-Safely-in-a-Vibe-Coding-World-2-2048.jpg)
Uploaded byAWS Chicago
Ben Blair Operating Safely in a Vibe Coding World
AWS Community Day Midwest 2025 Ben Blair Operating Safely in a Vibe Coding World Can we build and operate software just by chatting with an AI? Should we? What could possibly go wrong? Products like Claude Coe, Cursor, Windsurf and V0 allow developers to design, implement, test and deploy software without reading or writing a single line of code. Even more impactfully, these tools empower people without coding experience to build and ship software. Anthropic CEO Dario Amodei said in March that “In 3-6 months… AI is writing 90% of the code… In 12 months AI is writing essentially all the code.” YC’s Garry Tan said in March that for a quarter of the current batch, AI is already writing 95% of their code. Andrej Karpathy coined the term “Vibe Coding” to describe this new way of building software, where you chat with AI coding agents rather than write the code yourself. This new model of building software introduces new operational and security risks that our existing processes and controls don’t sufficiently protect us from. But we shouldn’t and can’t slow down adoption of these tools. Instead, we should move with urgency to adapt our processes to these new risks. In doing so we can help our organizations and customers operate safely while moving dramatically faster with the help of AI. In this talk, I’ll first summarize the rapidly changing state of the art in AI coding assistants. I’ll discuss the operational and security risks that they introduce. I’ll then dive into how your organization can mitigate those risks, working through a couple examples in detail. I’ll show how you can use AWS services to more safely build and operate systems with AI. I’ll conclude with some observations about reliability in biological systems and what we might learn from them.
More Related Content
Similar to Ben Blair Operating Safely in a Vibe Coding World
![Agility and Control from AWS [FutureStack16]](https://cdn.slidesharecdn.com/ss_thumbnails/agilityandcontroldougleeaws-161201210211-thumbnail.jpg?width=600ounds&width=560&fit=bounds)
Ben Blair Operating Safely in a Vibe Coding World
- 1. Operating Safely ina Vibe Coding World Ben Blair | June 5, 2025 #AWScommunity
- 2. “ [AI will belike] a country of geniuses in a datacenter – Dario Amodei Anthropic CEO Machines of Loving Grace #AWScommunity
- 3. More accurate today: Ateam of of very enthusiastic junior devs who just finished every coding boot camp in the world. #AWScommunity
- 4. Should AI shipstraight to prod? #AWScommunity
- 5.
- 6.
- 7. What is VibeCoding? #AWScommunity
- 8. “ There's a newkind of coding I call "vibe coding", where you… forget that the code even exists… I just see stuff, say stuff, run stuff, and copy paste stuff, and it mostly works. – Andrej Karpathy Feb 2, 2025 on X #AWScommunity
- 9. Vibe Coding andAgent Mode Creating or modifying software by chatting with an AI rather than writing code yourself. #AWScommunity
- 10. “ For 25% ofthe Winter 2025 batch, 95% of lines of code are LLM generated. – Gary Tan Y Combinator CEO March 5, 2025 on X #AWScommunity
- 11. What are AIcoding tools good at today? • Creating a new React front-end • Modifying the behavior of a UI component • Adding a new CRUD endpoint to your API • Language and library migrations #AWScommunity
- 12. What could possiblygo wrong? #AWScommunity
- 13. Obvious Risks • Morebugs • Secrets in client code • Vulnerable dependencies • Prompt injection • Missing or no input validation • Out of date docs #AWScommunity
- 14. Less Obvious Risks •Leakier abstractions • More fragile dependencies between services • On-call surprises • Missed compliance requirements #AWScommunity
- 15. Long Term Risks •More PRs to review means less careful reviews • Broken career ladder • AI code is a different kind of tech debt • Coding is thinking #AWScommunity
- 16.
- 17. “ 97% used AIcoding tools at work 88% of US companies encourage AI – GitHub Developer Survey August 20, 2024 #AWScommunity
- 19. Is this reallya new problem? #AWScommunity
- 20. Lessons from Security TreatAI-generated code as (potentially) hostile code • Practice defense in depth • Apply the principle of least privilege • Use Static (SAST) and Dynamic (DAST) security analysis tools • Prompt your AI to follow specific best practices (eg OWASP Top 10) #AWScommunity
- 21. Lessons from ChangeManagement Use agents in your PR’s to help • set a regression risk score • set a security risk score • identify migrations or infrastructure changes • document the user stories and acceptance criteria for the change • document test and rollback plans • make the right thing the easy thing #AWScommunity
- 22. Lessons from ReleaseEngineering Use release agents to test user stories in production • with changes behind a feature flag • with service canaries • with services down or degraded by fault injection #AWScommunity
- 23. Lessons from EventDriven Architecture Use event streams to make riskier changes safer • idempotent retries of failed steps • blue/green streams #AWScommunity
- 24. Lessons from Observability Youcan’t operate what you can’t see • Who’s on call if nobody wrote the code? • Make it easy for humans to see and understand what’s happening and why #AWScommunity
- 25. Lessons from SoftwareDesign Small, well-defined abstractions are more important than ever • LLMs perform better with smaller context • Small surface area is easier to test exhaustively • AI’s change the microservice vs monolith tradeoffs #AWScommunity
- 26.
- 27.
- 28.
- 29.
- 30.
- 31. What about thatcareer ladder? #AWScommunity
- 32. We’ll build morethings! #AWScommunity
- 33. Recap • Vibe codingis coming • It can be done safely by applying the lessons you already know • The companies that do this right will dominate those that don’t #AWScommunity
- 34.