惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

Hacker News - Newest:
Hacker News - Newest: "LLM"
Webroot Blog
Webroot Blog
S
Security @ Cisco Blogs
H
Heimdal Security Blog
cs.CV updates on arXiv.org
cs.CV updates on arXiv.org
www.infosecurity-magazine.com
www.infosecurity-magazine.com
N
News and Events Feed by Topic
H
Hacker News: Front Page
K
KPMG report finds enterprise disconnect between AI and its ROI | CIO
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
Application and Cybersecurity Blog
Application and Cybersecurity Blog
SecWiki News
SecWiki News
N
News | PayPal Newsroom
T
Tor Project blog
W
WeLiveSecurity
A
Arctic Wolf
Security Archives - TechRepublic
Security Archives - TechRepublic
S
Secure Thoughts
月光博客
月光博客
AWS News Blog
AWS News Blog
D
Docker
C
CERT Recently Published Vulnerability Notes
MyScale Blog
MyScale Blog
Google Online Security Blog
Google Online Security Blog
大猫的无限游戏
大猫的无限游戏
T
The Blog of Author Tim Ferriss
I
InfoQ
人人都是产品经理
人人都是产品经理
Recent Announcements
Recent Announcements
Google DeepMind News
Google DeepMind News
Hacker News: Ask HN
Hacker News: Ask HN
Blog — PlanetScale
Blog — PlanetScale
博客园 - 【当耐特】
Engineering at Meta
Engineering at Meta
Stack Overflow Blog
Stack Overflow Blog
Recorded Future
Recorded Future
罗磊的独立博客
Exploit-DB.com RSS Feed
Exploit-DB.com RSS Feed
T
The Exploit Database - CXSecurity.com
D
DataBreaches.Net
S
Security Affairs
WordPress大学
WordPress大学
T
Threatpost
Microsoft Security Blog
Microsoft Security Blog
V
Vulnerabilities – Threatpost
The Hacker News
The Hacker News
S
SegmentFault 最新的问题
B
Blog RSS Feed
Project Zero
Project Zero
P
Proofpoint News Feed

ariya.io

Local, CPU-Friendly, High-Quality TTS (Text-to-Speech) with Kokoro One Decade Later: Revisiting Five Front-End Kung Fu Moves GTX 1080 Ti for Local LLM Not Everything is an Agent Afterburner and Power Limit Privacy-Preserving Personal Search Appliance LLM Inference Machine for $300 Deploying an Uberjar to Dokku Continuous Integration for React Native Apps with GitHub Actions On GitHub Actions with MSYS2 Cross-compiling with musl Toolchains Nix Package Manager on Ubuntu or Debian Practical Testing of Firebase Projects Search Box and Cloud Function Automatic Merge of Pull Requests Clang on Windows Continuous Integration of Vanilla C Programs for Intel, ARM, and MIPS Architecture Cross Compiling with Docker on WSL 2 Basics of Memory Access in WebAssembly
The Illusion of Perfect LLM Code
pavel_lishin · 2026-06-01 · via ariya.io

#llm #security

I recently tested several different LLMs by tasking them with implementing a simple authentication feature for a web app. It is clear that almost all modern LLMs are now excellent at following a structured blueprint. However, the real differences appeared when looking under the hood at the security of the generated code.

In my testing, I compared Opus 4.8, Gemini 3.5 Flash, Sonnet 4.6, Kimi 2.6, and DeepSeek V4 Flash. My goal was to see how well these different LLMs handle real-world coding tasks, execution plans, and security audits. When I gave them a specific instruction file, like a PLAN.md, they all performed remarkably well. Whether it was a flagship, expensive model like Opus or an ultra-affordable option like DeepSeek, these LLMs could easily follow the step-by-step instructions and generate working code.

Opus vs DeepSeek

However, when it comes to security (including the models’ ability to self-assess their own work), things start to diverge. Premium, advanced models like Opus and Gemini showed great strength in conducting security audits and catching hidden flaws. On the other hand, other models were very hit-or-miss.

This creates a serious hidden danger for what people now call the vibe coder. A vibe coder is someone who trusts the LLM completely, writing code purely by judging the general vibe or flow of the project. If the application runs fine on the screen and the features work, the vibe coder assumes everything is perfect. They feel successful simply because the LLM followed the PLAN.md flawlessly.

But this is an illusion. Just because a piece of software works on the outside does not mean it is safe on the inside. When an LLM fails its own internal security audit, it can easily introduce dangerous vulnerabilities into your application. If you rely entirely on the vibe without reviewing the code yourself, you are unknowingly putting your entire system at risk.

We cannot always rely on public benchmarks to judge an LLM. Efficiency, speed, and low costs are great, but they should not come at the expense of safety. As developers, we must stay hands-on. The best approach to evaluating these models is to craft a truly representative test of your own, and always double-check the security of the code before it goes live.

Perhaps in the future, models will be advanced enough to carry out much better self-audits. Coding harnesses will likely improve over time, too. Until then, blindly rolling out LLM-generated code to production is simply irresponsible.