The Black Box Builder!

That's what I call myself and others who have no inkling of actual programming but know exactly what data they have and what output they want. Build tools purely by prompting, never reviewing the code that is written for them. A smaller version of dark factory if you will!

LLMs have reached a point where laypeople like me can “outsource” simple app development to them, while we focus on the outcomes we need. Of course, it isn’t safe to blindly trust an LLM’s output, but neither is trusting the output of a programmer you know nothing about, especially if you’re not a programmer yourself.

Proper app development needs security auditing, vulnerability scanning, performance profiling, and refactoring workflows to keep the app secure, efficient, and maintainable. My prediction is that the next wave of LLM-outsourced coding will come either from an ecosystem of IDEs and extensions that fills this gap, or from LLMs that ship with these workflows baked in by default. That would make their code easier to trust (instead of being dismissed as slop) and safer to delegate to. Until then, we’ll need to prompt LLMs to help us do those audits and refactors manually.

Will this way of building still leave gaps, inefficiencies, and vulnerabilities? Yes, but so does plenty of production code. That’s not an excuse to not try building things ourselves when the capability exists. For better or worse, domain experts are going to take on software building themselves OR developers will evolve into domain experts.

If there’s a comforting thought for security-conscious folks, it’s that these tools and apps will likely be standalone, greenfield, built for individual users’ needs and run locally, unlikely to scale much further without deeper knowledge of system design and patterns and that’s OK for now.