Ask HN: What is your comfort level with code generated by LLM agents?

2 points by shekkizh ↗ HN
With the rise of AI agents that execute code, I'm curious about the community's perspective on the idea of running code generated by these agents locally (Disclosure: I work on such agents). Specifically, what would make you comfortable (or uncomfortable) doing so?

Some potential scenarios:

- Agents from reputed big tech companies (e.g., Google, Microsoft, etc.): Would you trust code produced or executed by AI from such sources? Do these brands inspire confidence?

- Open AI agents: How do you feel about running code generated by fully open agents, where the agent shows the code and the user executes it? Does the ability to inspect and verify the code give you peace of mind?

- Audits and transparency: Does knowing that the AI agents and their outputs are audited by third-party experts change your comfort level? How important is the transparency of how the model operates?

What threshold do you set for yourself? How often do you break this threshold? Would love to hear everyone's thoughts and experiences!

10 comments

[ 3.3 ms ] story [ 33.1 ms ] thread
I have never used LLM generated code so far, but I would be extremely sceptical about letting an LLM generate code and using it without full review. IMO LLM generated stuff should only be used as a starting point, not a final product
Agreed. What would make you less skeptical? We typically do not look into the code within the software that we install in our systems today - so there is some level of trust already.
If LLMs didn't hallucinate as much I'd maybe trust their output more. But they have a tendency to do unpredictable things, which isn't really what you want in a production environment. I keep seeing stories of what AI assistants have done incorrectly, which makes me hesitant to pipe their output into a codebase, unmodified
> We typically do not look into the code

I actually do it, and when I don’t there is a chain of responsibility to handle that. LLMs write random code that haven’t been approved, agents would make that worse by actually running it.

Most AI fans want us to run commands like “cat /etc/random | sh” and that’s why software engineering is not real engineering.

haha. I get that there are no rigorous standards in software engineering, but this has not stopped us from using software.

I wonder if implementing a "chain of responsibility" -- kinda falls into my third scenario -- will improve trust levels for code generated by LLM.

I use LLMs for 80%+ of our code, but of course it is always human reviewed and tested. We use all types: llama, gpt, claude, gemini, replit, grok and others: we want to know which is the most productive (it's by a large margin sonnet 3.5 for what we do; gemini is terrible so far).

We are fine with code generated to be executed immediately (has to be to be productive really), but once we are satisfied, we won't let the PR get get approved without reviews.

This resonates with me too. However, as LLMs increasingly shift towards more "agentic" capabilities—where they're not just generating code but also executing it and performing actions beyond just text generation—I'm thinking: where do we draw the line? What should startups and developers working on such systems do to be trusting?
I don’t use LLMs to write code. I don’t use them at all.

As a freelancer specializing in fixing and maintaining software I welcome LLM-generated code. I look forward to a prosperous future with an even larger pile of bad code to work on. I especially like the subtle security errors that seem to plague LLMs — those mean premium emergency rates for me.

haha. Talk about job security :)
More like “free money” due to how bad code generation is. Job security would be someone writing shitty code on purpose.