Question
You work on a payments service under regulatory and audit requirements. You used an AI agent to generate part of a Java module that computes interchange fee splits and a chunk of the test suite. Legal and your compliance lead have started asking how AI is being used in code that touches money. You need to advise on a disclosure and provenance norm for AI-generated code in regulated paths. What do you recommend, and where is the line between sensible governance and theater?
Treat the AI’s output as a draft to verify, not an answer to trust. Name the specific flaw and the input that triggers it, say how you’d catch it — tests, edge cases, reading critically — and how you’d re-prompt or decompose to get it right.
Vibe coding: describe the solution in plain language (or narrate it) and the coach grades your approach. Generating runnable code from your description is coming next.