anti-patterns and patterns for achieving secure generation of code via AI

September 11, 2025

Circular flow diagram with four colored segments labeled "specs," "stdlib," "build," and "test," surrounding a central "how?" question, accompanied by the words "generate backpressure" and a URL "https://ghuntley.com/specs" with a hand-drawn arrow pointing down.

I just finished up a phone call with a “stealth startup” that was pitching an idea that agents could generate code securely via an MCP server. Needless to say, the phone call did not go well. What follows is a recap of the conversation where I just shot down the idea and wrapped up the call early because it’s a bad idea.
If anyone pitches you on the idea that you can achieve secure code generation via an MCP tool or Cursor rules, run, don’t walk.

Over the last nine months, I’ve written about the changes that are coming to our industry, where we’re entering an arena where most of the code going forward is not going to be written by hand, but instead by agents.

Source: anti-patterns and patterns for achieving secure generation of code via AI

There is, no doubt, an enormous amount of excitement, investment, hype, and interest in large language models generating code.
A lot of that focus, I would argue, is well placed.

But one significant area of concern is security. Simon Wilson calls this the Lethal trifecta.

Here Geoff Huntley looks at why this is so challenging and things we can do to at least mitigate a serious challenge.

Related videos