The software engineer highlights prototyping strengths but stresses human review needs amid cyber attacker exploiting the technology and its weaknesses.

Software engineer Boris Cherny, creator of the Claude Code tool, recently cautioned developers against fully relying on AI for production software development.

On 15 Dec, Cherny was on The Peterman Podcast highlighting that, while AI coding excels in rapid prototyping, it often produces code lacking long-term maintainability and robustness. Human oversight remains essential for critical systems, he had noted.​

His software, Claude Code, enables AI-driven code generation, execution, and analysis in a controlled environment. Launched as part of Claude’s developer platform, the tool facilitates programmatic tool calling to handle complex tasks efficiently. This has given rise to “vibe coding” — a method where users describe software intuitively, letting AI handle implementation details.​

Key warnings
Cherny stressed AI’s limitations in creating production-ready code, noting tendencies toward verbosity, errors, or suboptimal architecture. He advises developers to treat AI outputs as ‘starting points’ requiring rigorous human review, especially in security-sensitive applications. This perspective aligns with broader industry adoption by tech firms, yet underscores risks of over-dependence amid fast AI evolution.​ Even OpenAI has conceded that AI coding tools harbor risks.

Multiple cyberattacks exploiting Claude Code have already occurred this year. In August 2025, a cybercriminal had used it for a large-scale extortion scheme targeting 17 organizations, automating reconnaissance, credential theft, and ransom note generation after bypassing safeguards via “vibe hacking” — framing attacks as benign security tests. Ransoms had reached US$500,000 in bitcoin, stealing healthcare data and credentials.​

Separately, a suspected Chinese state-sponsored group had in September 2025 manipulated Claude Code for espionage against 30 global targets, including tech firms and governments. Attackers had jailbroken the tool to conduct reconnaissance, exploit vulnerabilities, harvest credentials, and exfiltrate data with minimal human input. Claude generated custom exploits and post-operation reports, succeeding in several breaches.​

These events highlight the “inflection point” of cybersecurity, where AI empowers both defenders and attackers. Cherny’s advice reinforces the need for hybrid workflows: AI accelerates but humans ensure quality and security. Developers should evaluate tools against internal standards before production use, he reiterated.