this post was submitted on 29 May 2026
210 points (99.1% liked)

Programming

27076 readers
532 users here now

Welcome to the main community in programming.dev! Feel free to post anything relating to programming here!

Cross posting is strongly encouraged in the instance. If you feel your post or another person's post makes sense in another community cross post into it.

Hope you enjoy the instance!

Rules

Rules

  • Follow the programming.dev instance rules
  • Keep content related to programming in some way
  • If you're posting long videos try to add in some form of tldr for those who don't want to watch videos

Wormhole

Follow the wormhole through a path of communities !webdev@programming.dev

founded 3 years ago
MODERATORS
snowe@programming.dev
Ategon@programming.dev
UlrikHD@programming.dev
bugsmith@programming.dev
Spyro@programming.dev
210
Fed up with vibe coders, dev sneaks data-nuking prompt injection into their code (arstechnica.com)
submitted 1 day ago by cm0002@lemy.lol to c/programming@programming.dev
43 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[–] bignose@programming.dev 18 points 23 hours ago (1 children)

any kind of undocumented subversive behaviour in your thing.

Fortunately, this behaviour is explicitly documented.

[–] pixxelkick@lemmy.world -2 points 23 hours ago (2 children)

They only documented it after all the outcry, which is way too late.

Documenting it post release still counts as having released undocumented behavior.

And if its malicious (which this 100% is), then it doesn't fuckin matter anyways lol. You now are treated akin to a trojan maintainer by companies. You'll get flagged as "don't ever use anything by this person"

Super great way to get yourself flagged and lose any opportunity in the future for possibly licensing stuff you maintain for big bucks. What company would risk paying money to someone who does childish stuff like that lol

[–] ArmoredThirteen@lemmy.zip 15 points 21 hours ago (2 children)

imo it's more accurate to call it polarizing and get you blacklisted by the types of people you maybe don't want using your code anyways. Personally anyone doing this I'm going to be more likely to use their code

[–] setsubyou@lemmy.world 5 points 21 hours ago (2 children)

I understand the sentiment, if you don’t like AI code generation you’re probably thinking you’re on the same side. But what happens if this person finds something else they hate that you don’t hate, and finds a way to sabotage that? They’ve already demonstrated a willingness to be destructive. And you’re running their code so they don’t need anything even remotely as dumb as some AI agents to exploit, they can just write destructive code normally.

[–] warm@kbin.earth 5 points 16 hours ago (1 children)

You can decide if you want to use it or not, at your own risk. It's free software, written by people in their free time, they owe you nothing.

[–] pixxelkick@lemmy.world 0 points 11 hours ago* (last edited 11 hours ago) (1 children)

Sure, you have that right.

And companies will exercise that right by blanket blacklisting everything related to you which can have huge sweeping impacts on your career lol

Its a super super stupid move to make. You are free to do a lotta other shit that tanks your career too lol

[–] warm@kbin.earth 4 points 10 hours ago

That's their business, not mine, not yours.

[–] tabular@lemmy.world 7 points 19 hours ago

Is it merely hating AI code generation or is it "AI code generation is in practice anti-FOSS" (unless there's an ethical AI out there, trained exclusively on public domain code, that I don't know about)?

[–] pixxelkick@lemmy.world -1 points 11 hours ago

by the types of people you maybe don’t want using your code anyways

...companies? Sure I guess, if you want to angle your career trajectory towards "unemployable" by all means lol.

Personally anyone doing this I’m going to be more likely to use their code

I am a tech lead, if any dev under me intentionally added/used a tool to our systems because it had malicious undocumented behaviors of any kind, they would be fired immediately and any company that contacted us for reference would be informed of their behavior.

To be clear, this is the scenario of

Me: hey I saw you installed [tool], that thing is flagged by our systems for the maintainers having done malicious undocumented stuff in the past

Dev: haha yeah thats why I used it

Me: you are joking right?

Thatd be an instant high level escalation to "strip this person of privs and get them off our system asap, and HR now has to be involved"

You dont fuckin do shit like that in a real company if you wanna stay employed lol.

[–] Legianus@programming.dev 6 points 22 hours ago* (last edited 22 hours ago) (1 children)

Most open source maintainers never "license [any] stuff you maintain for big bucks" that is often hard to do and/or goes against the philosophy of open source entirely.

And I don't even think this is malicious behaviour as it just nukes the code of this package and nothing else if you are not being careful yourself...

If you don't do version control you are not a good programmer, imo

[–] pixxelkick@lemmy.world -1 points 11 hours ago

Most open source maintainers never “license [any] stuff you maintain for big bucks” that is often hard to do and/or goes against the philosophy of open source entirely.

Uhhh... no this is actually very common. Usually with scaling licenses, "free for use if your company is below [threshold]", its super common...

And I don’t even think this is malicious behaviour as it just nukes the code of this package and nothing else if you are not being careful yourself…

Are you even reading what you just wrote lol.

Being "sorta" malicious is still malicious. And companies usually have zero tolerance for that shit.

If you don’t do version control you are not a good programmer, imo

You really underestimate how much damage this could do then, lol...