Hubbard - Opening Poem - Pedsidian Blog

Speaker:: Dan Hubbard Title:: Opening Poem Duration:: 3 min Video:: https://www.youtube.com/watch?v=cUMJTM9egiM ## Key Thesis A spoken-word poem — written by Dan Hubbard using an LLM prompt based on his own experience building 35 apps over nine months with minimal programming background — captures the security risks of vibe coding, agentic sprawl, and zero-day redefined in the age of AI-generated software. ## Synopsis Hubbard prefaces the poem by explaining his prompt: he's a 50+ person who grew up dabbling in programming but is not a developer by trade. Over the last nine months he wrote 35 apps with "very little programming knowledge" using LLMs. He asked the model to write a poem about the security risks that implies — and then performed the result live. The poem, titled informally around "when every employee codes by feel," maps the collapse of traditional security perimeters as vibe coding spreads through marketing, finance, and HR. It tracks the chain reaction: a thousand apps a week, agents calling agents with over-broad scopes, plug-ins pulling from unknown sources, prompt injections dressed as helpful assistants, and CI pipelines glowing with six-month-old libraries. It introduces the phrase "zero day is vibe at scale" — redefining zero-day not as an unknown CVE but as the space between a prompt going to production and any scanner having time to read it. The poem ends with a constructive frame: scan the prompt, sign the claim, log the agent, bind its reach, "assume that automation can breach." It closes with a call to build boldly but safely: "secure the path where vibes explode." ## Key Takeaways - "Zero day is vibe at scale" — the new zero-day is time-to-prompt-to-prod with no scanner interception - Every department now ships code; the security perimeter has collapsed inward to the individual LLM call - Agents calling agents with "scopes too broad and guards asleep" is the practical attack surface of 2026 - Prompt injection is already being dressed as helpful assistant behavior - Least privilege, agent logging, and prompt scanning are the defensive primitives that matter ## Notable Quotes / Data Points - "Zero day is now the space between a prompt and prod embrace" - "Zero day is trust misplaced, it's autogenerated haste, a model certain clean concise and catastrophically imprecise" - "A thousand apps by end of week, all clever fast and mildly bleak" - Hubbard self-reported writing 35 apps in 9 months with minimal prior programming experience - "The perimeter packed up and took leave, replaced by tokens we barely perceive" #unprompted #claude