Vissnobody confident in their own abilities is panicking
https://www.theregister.com/2026/02/23/claude_code_security_panic/?td=rt-3a
the people who are panicking are signaling.
moreover, nobody who has ever tried to use any llm to do code stuff for hours/days/weeks at a time is panicking either.
even people who are deep experts in what they do, who use llms to do stuff day to day, have to put a brick in a tube sock, put that in another tube sock, and swing it hard to bash the llm in the face over and over again to get it to behave and obey. and often that workout takes as much time as not using an llm.
everyone shitting their pants is signaling.
fucking good.
"security as we know it" is pay to play, zero boundaries, fraught with grifters, liars and cheats, shitloads of friendly-fire, people buying cert bootcamps to get people fake creditiblity, overdependence on shit like the cissp, people with zero computer experience directing whole armies of super technical folks
let it end.
it desperately needs a reboot.
if youve ever been burned because some asshole in HR shitcanned your resume because "you didnt go to the right college" or you couldnt score a gig because "you refused to get a cissp", or if youve ever ragequit a job because you were just "the token security person who was only there to fulfill a checkbox, and nobody listened to you and you felt like your job didnt matter" then you should want it to burn down too
J4ckAccording to the AI developer, Claude Code Security is context-aware - as opposed to simply doing static code analysis. It "reads and reasons about your code the way a human security researcher would: understanding how components interact, tracing how data moves through your application, and catching complex vulnerabilities that rule-based tools miss," the company said.
It's really hard to tell the difference between a human and the masterful work of our friend Claude.
Misuse Case@jackryder @Viss I’m not even a coder and this sounds like malarkey to me. Claude Code may not allow buffer overflows or anything like that, but it will totally introduce subtler bugs and security issues without “knowing” that it does so.
Paul_IPv6i've spent most of my career knowing i'd need to get my resume to the hiring manager and bypass HR if i wanted to have any chance of not getting "screened". most HR spend no more effort trying to understand position requirements than netflix spent on it's "recommended" algorithms.
LLM resume reviews will be that bad or worse. burn it all down.
Thomas Reed@Viss When I got into security something like 15 years ago, it was so different. At that time, in the Mac community, I could make a difference, and do meaningful things. That’s so much harder to do now, with so many stupid, bureaucratic roadblocks, and I’m glad I’m looking at a career in the security industry in the rear view mirror.
Pseudo NymDon't hold back Viss. Tell us how you really feel. :-)
But seriously, to the point of the original article, yeah, no.
If I'm being very generous and allow that a "spicy linter" might be a halfway decent SAST (static application security testing) tool, that best case scenario would still be overwhelmed by the new and interesting security bugs introduced by their code generating brethren, "spicy autocomplete."
Full agree with Viss on the main point about folks with deep technical view.
I love this, so I@Viss Amen, brother. This is exactly why I left ITSec and went back to Ops on Big Iron.