HomeExperienceSkillsProjectsBlogContact
All posts

Stop copy-paste engineering

Let's drop the corporate talk for a minute. As a senior developer, I can see the storm coming: we're collectively breeding a generation of "copy-paste engineers" sprinting full speed toward a cliff. The problem isn't that AI is stupid; the problem is that AI is convincing, even when it's selling you complete nonsense.

Here's the raw truth about why you should never press that "magic button" for logic that's above your pay grade.

The "mad professor" in your codebase

Picture this: you hire an assistant who has read 10,000 books but has never worked a single day in the real world. That's a coding agent. It can hand you a brilliant solution for a complex problem in Rust or Go, but it doesn't understand the consequences. Over the past year we saw this play out with the "AI Package Hallucination" attacks. Researchers at Lasso Security discovered that AI models frequently reference libraries that don't even exist. Hackers caught on, registered those names on npm and PyPI with malicious code inside, and voilà: you've pushed malware into your system because you couldn't validate the code the agent wrote. You thought you had a handy helper; in reality you opened a backdoor for hackers because you were too lazy to check the import logic yourself.

The "student grading their own exam" syndrome

You're saying you let the AI write the tests too? Congratulations, you just built an echo chamber. In software engineering we call this confirmation bias on steroids. If an agent makes a subtle mistake in an algorithm, say an O(n²) operation where an O(n log n) is needed, the test that same agent generates will only verify that the output is correct for small datasets. The agent doesn't "know" the code needs to be efficient; it only knows what it just wrote. You get a green checkmark, sleep soundly, and wake up the next morning to a crashed server because your production data was 100 times larger than your test data. You didn't check quality; you just asked: "Do you think you're a good programmer?" and the AI said "Yes".

The AWS and Cloudflare lessons: automation is a multiplier

Look at the major incidents from late 2024 and early 2025. While the specific details often disappear behind NDAs, reports from Snyk and Datadog among others point to a rising trend in "automated misconfigurations". During a major cloud outage last year, it turned out an AI agent had modified a series of Terraform scripts to "cut costs". The changes were technically correct according to the syntax, but the engineers who approved the code didn't understand the deeper network implications. They trusted the speed of the agent. The result? A cascading failure that took down an entire region. The lesson: AI doesn't make your mistakes smaller, it just makes them faster and bigger. If you can't write out the logic yourself, you're not the pilot. You're a passenger in a plane with no one at the controls.

Why your brain is the only real debugger

Writing software is 10% typing and 90% thinking about edge cases. An agent is a champion at that 10%, but an amateur at the 90%. A widely cited study from New York University (NYU) found that roughly 40% of code generated by AI tools contains security vulnerabilities. Why? Because AI is trained on all code on the internet, including the junk that students threw on GitHub in 2012. If you accept that code without the fundamental insight to recognize the vulnerability, you're the one responsible when the data hits the street. You can't tell your CEO: "But the chatbot said it was safe." The judge in the Air Canada case (2024) was crystal clear about it: a company is 100% liable for the nonsense their AI produces. That goes for chatbots, and it goes double for your source code.

Want to check the sources yourself?

My advice? Use that agent for your boilerplate, for your boring CSS classes, or to explain a regex. But when it comes to your business logic, your security, or your database integrity: shut the agent up and grab the keyboard yourself.