> Humans are lazy though and I can't help but feel we are being inundated with sketchy apps doing all kinds of things the authors don't even understand... there is a good chance they have no clue what they created.

I have bad news for you about the executives and salespeople who manage and sell fully-human-coded enterprise software (and about the actual quality of much of that software)...

I think people who aren't working in IT get very hung up on the bugs (which are very real), but don't understand that 99% of companies are not and never have met their patching and bugfix SLAs, are not operating according to their security policies, are not disclosing the vulns they do know, etc etc.

All the testing that does need to happen to AI code, also needs to happen to human code. The companies that yolo AI code out there, would be doing the same with human code. They don't suddenly stop (or start) applying proper code review and quality gating controls based on who coded something.

> The only way I felt comfortable using Claude Code was holding its hand through every step, doing test driven changes and manually reviewing the code afterwards.

This is also how we code 'real' software.

> I can't help but think that massive code bases that have moved to vibe coding are going to spend inordinate amounts of time testing and auditing code

This is the correct expectation, not a mistake. The code should be being reviewed and audited. It's not a failure if you're getting the same final quality through a different time allocation during the process, simply a different process.

The danger is Capitalism incentivizing not doing the proper reviews, but once again, this is not remotely unique to AI code; this is what 99% of companies are already doing.