📄 中文摘要
在使用 AI 编码工具(如 Claude、Cursor 和 Copilot)进行项目开发的过程中,作者经历了约 100 小时的挫折,意识到 AI 并非万能,某些领域不应依赖于其生成的代码。特别是在认证和安全逻辑方面,AI 生成的代码虽然能正常运行,但存在严重的安全隐患,例如硬编码算法参数导致的算法混淆攻击、缺乏刷新令牌轮换机制以及 CSRF 令牌存储不当等问题。这些问题表明,AI 生成的代码往往缺乏安全性,关键在于识别代码中缺失的部分。
不应交给 AI 编码代理的五项任务 — 100 小时的教训
出处: AI 코딩 에이전트에게 맡기면 안 되는 작업 5가지 — 삽질 100시간의 교훈
发布: 2026年2月16日
📄 English Summary
AI 코딩 에이전트에게 맡기면 안 되는 작업 5가지 — 삽질 100시간의 교훈
Using AI coding tools like Claude, Cursor, and Copilot for project development led to approximately 100 hours of setbacks, revealing that AI is not infallible and certain areas should not rely on its generated code. Particularly in authentication and security logic, while the AI-generated code may function correctly, it poses significant security risks, such as hardcoded algorithm parameters making it vulnerable to Algorithm Confusion attacks, lack of refresh token rotation allowing unlimited use if tokens are compromised, and improper storage of CSRF tokens. These issues highlight that AI-generated code often lacks safety, emphasizing the importance of identifying what is missing in the code.