undefined | Better HN

0 pointsUcalegon1mo ago0 comments

>Every executive/leader I've shown Claude Cowork to has gone from 'what is AI' to 'vibecoding whole apps' in weeks.

Do you, and those executives, own the risks associated with that practice? Are those risks actually indemnified?

Its neat that 'anyone can do anything' but if they don't actually know what the risk to business or 3rd parties, why is this a good thing, especially in the enterprise where there are actors who are explicitly looking for this type of environment to exploit?

0 comments

13 comments · 4 top-level

ageitgey1mo ago· 5 in thread

These are largely friends and peers, so they ultimately own their own risks. But I'm not saying it is good or bad. I'm just telling you what is happening in the real world. Every senior person I know, whether a high tech exec or a solo coffee bean importer, is vibing to some degree. Some will be more successful than others.

I've been working in tech since the late 90s. This is the biggest and most sudden change in company behavior I've ever seen. The only thing that comes close was the web 1.0 world in the 90s where everything suddenly became websites.

That creates tons of risks and opportunities. Good and bad. Maybe a great time to start a security company. But maybe a terrible time to be a small time web app developer when your clients can get 'good enough' in minutes for dollars on their own.

dominotw1mo ago

saying "every X i know" in all your comments is a bit ridiculous.

You comments read like reddit clickbait. How many of these executives/senior/coffee bean/whatever ppl do you even know and why you the one enlightening them with claude cowork ? . "Every X i know" sounds like a large sample size. Make ridiculous claims by prefixing " every X i know" .

I feel so angry at this linkedin speak. so infuriating. Hate that we've accepted these ppl without any pushback.

conductr1mo ago

Hate it all you want but it’s a reality in this case. There’s a reason big consulting firms are making huge pivot to AI consulting. Everyone in the business world is doing this and trying to find value with AI. I’m a CFO and network regularly with other executives, board members who also are board members at other companies, investors, people who see a combined large population of companies and I’ve not spoken to a single person in the last year that isn’t adopting AI themselves for their own uses but also has AI strategy as company goal for current and into next year at least. When a trend catches fire like this the “everyone I know” speak is absolutely framing that context.

2 more replies

UcalegonOP1mo ago

>But I'm not saying it is good or bad.

Wait, you exposed people to a technology, taught them how to use it, then you are not going to own the implications of that action without teaching them about the risks or telling them how they need to ensure they don't shoot themselves in the face or violate their duty of care?

Do you understand what you are saying and the implications of that in the real world relative to the insurance contracts that they have?

Your company is associated with HIPAA, you should have a much higher standard than this.

tclancy1mo ago

Play the ball, not the man, dude. Hectoring people on the Internet because you're stressed out about something isn't going to magically fix how you feel. Digging into their profile to make it personal is three steps too far.

1 more reply

ageitgey1mo ago

You are assuming like 12 things that aren't true in this response.

1 more reply

baxtr1mo ago· 2 in thread

What kind of risk do you see?

UcalegonOP1mo ago

Depends on what types of apps are being built, what data they touch, and what those apps are exposed to from a network perspective. Ie; all of the fundamentals of information/network security. Generally speaking, most executives do not have an information/network security background but do have privileged access to extremely valuable information, even if an attacker just has access to their email.

ninjagoo1mo ago

> most executives do not have an information/network security background but do have privileged access to extremely valuable information, even if an attacker just has access to their email.

In a properly structured organization, of which there are many and who are required by regulations and/or best practices, senior executives tend to have need/role-based access to information, just like everyone else in the organization. So they may have access to strategic business information, but not patient records or payroll. They may have access to planning data, but not the financial records of individual or clients. Etc. etc.

Smaller or newer orgs may not have this compartmentalization, but in general I think the principle holds true for orgs over a certain number of folks in size.

2 more replies

infecto1mo ago· 2 in thread

I found the Microsoft guy!

UcalegonOP1mo ago

What does this even mean?

infecto1mo ago

Just going on and on about compliance when you have no idea about the details. It’s a classic example of how IT fails most large orgs.

1 more reply

BoredPositron1mo ago

What risks? You don't even known what they are building and you start the FUD train.

j / k navigate · click thread line to collapse

0 comments

13 comments · 4 top-level

ageitgey1mo ago· 5 in thread

dominotw1mo ago

saying "every X i know" in all your comments is a bit ridiculous.

I feel so angry at this linkedin speak. so infuriating. Hate that we've accepted these ppl without any pushback.

conductr1mo ago

2 more replies

UcalegonOP1mo ago

>But I'm not saying it is good or bad.

Do you understand what you are saying and the implications of that in the real world relative to the insurance contracts that they have?

Your company is associated with HIPAA, you should have a much higher standard than this.

tclancy1mo ago

1 more reply

ageitgey1mo ago

You are assuming like 12 things that aren't true in this response.

1 more reply

baxtr1mo ago· 2 in thread

What kind of risk do you see?

UcalegonOP1mo ago

ninjagoo1mo ago

> most executives do not have an information/network security background but do have privileged access to extremely valuable information, even if an attacker just has access to their email.

Smaller or newer orgs may not have this compartmentalization, but in general I think the principle holds true for orgs over a certain number of folks in size.

2 more replies

infecto1mo ago· 2 in thread

I found the Microsoft guy!

UcalegonOP1mo ago

What does this even mean?

infecto1mo ago

Just going on and on about compliance when you have no idea about the details. It’s a classic example of how IT fails most large orgs.

1 more reply

BoredPositron1mo ago

What risks? You don't even known what they are building and you start the FUD train.

j / k navigate · click thread line to collapse