I'm so fucking tired..

..of how little any of my coworkers seem to care about the security implications of the stupid ass ai tools. They treat me like I'm crazy to suggest that maybe Claude shouldn't be able to read their Artifactory/npm token because we still don't have granular permissions on those and every token has publish permissions. ugh.They literally have to go out of their way to give Claude access to that file too, and the only benefit is that it can run an npm install all by itself (absolutely stellar idea with the influx of npm supply chain attacks we're having).

Or when I suggest that maybe it's not a great idea to give Claude a git token with full write permissions to all repos, because commiting things from outside of the Claude terminal isn't even that much of a hassle. I'd get taking some security shortcuts if there was any actual benefit, but this is just so unnecessary.

And any time I point at any of the crazy security flaws the one mega-annoying coworker that vibecodes everything goes "uuhh no it's pointless to make the AI more secure because regular developers have a lot of permissions too and an angry developer could do way more damage than the AI".Trying my hardest to not take him up on that.