Question
A teammate wants to ship an AI-generated implementation of your own custom JWT verification and session-rotation logic in Rust, arguing the AI 'knows crypto better than we do.' You need to decide whether security-critical auth code is a place to lean on AI heavily or to pump the brakes. Make the call and justify it against the specific failure modes of this task class.
Treat the AI’s output as a draft to verify, not an answer to trust. Name the specific flaw and the input that triggers it, say how you’d catch it — tests, edge cases, reading critically — and how you’d re-prompt or decompose to get it right.
Vibe coding: describe the solution in plain language (or narrate it) and the coach grades your approach. Generating runnable code from your description is coming next.