The term software engineering has long been an insult compared to rigorous fields like mechanical engineering. Most code ships riddled with vulnerabilities that can run for years or decades without issue, as discovery was hard and skilled attackers few. This precarious balance is now disrupted by AI that finds and exploits flaws at unprecedented scale and speed.
Mega-corporations like Microsoft and Cisco prioritize new features over securing existing products, often abandoning support and pushing upgrades. They rely on external researchers rather than preventing flaws. Traditional patching timelines no longer suffice when hundreds of vulnerabilities may appear weekly and exploitation occurs in days.
AI coding agents exacerbate the problem by generating insecure code that humans fail to verify under vibe-coding practices, causing outages like those in Amazon services. Legacy systems in critical infrastructure, written by retired or deceased developers, are particularly vulnerable and lack resources for upgrades.
The result is inevitable short-term disruptions. A limited pool of bugs might eventually be exhausted, but successive AI capability jumps could reveal ever more complex issues, restarting the chaos. Collective upgrades at Y2K-like scale are required within months, yet global patching of everything is impossible in 3-5 months.