> I suspect we'll see more 'open spec' software, with actual source generated on-demand (or near to it) by models. Then all the security and governance will happen at the model layer.

So each time you roll the dice you gamble on getting a fresh set of 0-days? I don't get why anyone would want this.

You already do this with human-authored code, just slowly.

Project model capabilities out a few years. Even if you only assume linear improvement at some point your risk-adjusted outcome lines cross each other and this becomes the preferred way of authoring code - code nobody but you ever sees.

Most enterprises already HATE adopting open source. They only do it because the economic benefit of free reuse has traditionally outweighed the risks.

If you need a parallel: we already do this today for JIT compilers. Everything is just getting pushed down a layer.