Time will tell, but I'm dubious this will hold longer-term. I don't doubt that Claude can write the code, but I am dubious Claude can manage it sanely. Does it have backups? Does the guy that wrote it know how to restore those, or can Claude do it? Can Claude upgrade the backend and/or migrate the data when the backend changes, or is this going to be running known CVEs in a month?
This has sort of always been a thing via hiring CS students as interns. I don't doubt most of them could jam out something that looks like Slack or Gmail. The problems aren't apparent immediately, they become apparent when you realize it doesn't handle invalid responses well and the backups are hosed so you just lost a bunch of data.
Nobody ever really solved making CRUD apps easier through better frameworks. So now we have a tool to spit out framework gunk, and suddenly everyone can have their own app.
s/emperor/emptor
I hope your friend's company spends $20K to harden the deployment of the new app so it doesn't become a deep liability.
The best part is is that they'll get popped because of it and have zero clue. Anyone building in any frontier provider currently, but has little background in software, is creating all kinds of new liabilities that didn't exist before.
In a school district where I live the IT department developed a password distribution app using Gemini on Google App Script (they didn't even need this part), sent out links with B64 encoded JSON that included: student name, student email, parent email and student password. Yet, when I found it and told them all the ways that it was technically a breach in our state they ran to their 2-bit "cyber security experts" and "legal". They were far more concerned with CYA than understanding the hole they dug themselves. And all of the advice they got back was that it wasn't a breach. They claimed their DPA with Google protected them. I explained how email works and they just ignored me, likely because in our state they are bound by GDPA and won't ever engage in a legitimate conversation via email.
The kicker here is they pay for an IDP with built-in mechanisms for password resets (that was the reason for building this: to reset students passwords). One of their cyber security "experts" (a lone guy who has zero credentials from what I found) told them that password resets using the IDP was "not recommended". When pressed on that they were, again, silent.
LLMs are creating a huge mess for people now empowered to go well beyond their capabilities and understanding. It's a second coming of the golden age of shitty software that's riddled with even the most basic of security flaws.
Either way, the instability of this industry due to the insane amounts of cargo culting every time <insert big thing> comes along has made me really question whether I want to stick around.
Whatever you do, don't click this link: https://github.com/garrytan/gstack/
I hear you but at least as my bud described it, the software that most of the timber mill industry uses is buggy as hell, crashes all the time, and makes mistakes. One would wonder if even the licensed software is hardened.