As Far As I Know

Even with open-source code repositories—such as GitHub—where a single project might boast 10,000 stars or more, large corporations typically avoid using free open-source solutions unless absolutely no alternatives exist. Instead, they either develop their own proprietary systems in-house or purchase commercial software licenses.

This cautious approach stems from the fact that incidents involving “supply chain attacks”—such as hackers injecting malicious code into package repositories like npm—have occurred frequently. Furthermore, some open-source project teams have been known to embed “Easter eggs” in their code; while perhaps intended innocuously, such additions can be highly inappropriate in a corporate context and, in severe cases, result in tens of millions in lost revenue for a company.

The same applies to AI—whether involving large-scale foundational models or commercial AI products.

Instances have already been detected where pornographic sites, online gambling platforms, and other “gray market” operations launch supply chain attacks to poison the data used by large AI models.

These attacks are designed to expose you to gray-market advertisements while you are writing code; to have AI recommend specific local shops (which are actually of poor quality) while you are shopping; or to redirect your links to fraudulent websites or code repositories in order to steal your API keys and personal information, drain your financial accounts, and so on.

Many individuals fail to recognize the existence of this “gray industry” surrounding AI because the potential risks to their own personal interests seem negligible, leading them to believe it is “no big deal.” However, for large corporations, a single minor error can prove fatal.

For instance, an AI system could delete an entire code repository and its associated data in a split second; alternatively, the AI-generated code might contain inexplicable bugs that are impossible to reproduce—triggering only under very specific circumstances or at specific times.

Furthermore, technologies such as AI-driven “deepfakes” (face-swapping) and voice cloning pose direct threats to both physical safety and financial security in the real world.

Consequently, a high degree of vigilance is absolutely essential.

In Simple Terms

Using AI-powered products is generally a necessity, as they can significantly boost efficiency.

However, it is equally important to minimize your reliance on them and to implement robust review processes and security controls regarding permissions. AI systems should be restricted to performing tasks within a defined scope—for example, by explicitly denying them the authority to delete code repositories.

Secondly, any code generated by an AI must be promptly tested and thoroughly reviewed. You must be able to fully understand the code yourself to identify and eliminate potential risks, ensuring that your workflow can continue uninterrupted even in the absence of the AI ​​tool.

Consider, for example, the use of Codex. If you rely entirely on it to develop a project from scratch, you might eventually encounter a critical roadblock—such as Codex suddenly requiring phone number verification, becoming prohibitively expensive, or suffering a drastic decline in performance.

You might have initially subscribed for just $10 per month; however, once you exhaust your usage quota—perhaps halfway through your project’s development—you could suddenly be faced with a renewal fee of $500 per month. At that point, you are left with a difficult decision: do you pay the exorbitant fee to continue, or do you abandon the tool and try to finish the project on your own? If you renew the subscription, the cost is prohibitive; yet if you don’t, you cannot continue developing your code, as the code generated by the AI ​​is notoriously difficult to untangle and make sense of.

What would you do if the service suddenly blocked your project—whether due to phone number verification issues, IP-based risk controls, or some inexplicable ban? Would you switch to Cursor? To Claude? Or to something else entirely? Can you be certain that you would be able to resume development and achieve the exact same results?

Likewise, other products might be even more expensive—making them economically unviable—or they might lack the specific advantages offered by Codex, rendering continued progress impossible. In such a scenario, how would you proceed?

Many people are, in fact, encountering precisely these kinds of issues right now.

The Old-School Way of Programming

Writing code by hand may be anywhere from 10 to 100 times less efficient than using an AI, but it ensures that you never get “stuck” because of the AI.

At no point should we allow ourselves to get stuck; we must always preserve our capacity to mitigate risks and adapt.

From this moment forward, I will leverage AI to accelerate my workflow; however, I will simultaneously strive to maintain the capability to build projects entirely on my own—independent of any AI assistance.