We're at an inflection point. Agentic AI can now produce code faster than most teams can validate it — and some companies are already using that as justification to skip building junior developer pipelines altogether. In this episode, Mike makes the case that this is one of the most consequential mistakes tech leaders can make right now.

Software engineering was never just typing. It was always about judgment: understanding requirements, reasoning about edge cases, thinking through security implications, mapping code to business context. AI can augment the typing. It cannot yet replace the thinking.

KEY TOPICS

- The "it worked on my machine" problem at AI scale — hallucinated packages, test cases that return true, code that compiles but doesn't function
- The Waterfall → Agile transition as a reminder that articulating requirements has always been the hard part of software
- Why eliminating junior developer pipelines creates a knowledge time bomb
- How AI-generated vulnerabilities are correlated, not random — one found pattern becomes a scannable attack surface across thousands of repositories
- The 14-day median dwell time + 22-second hand-off window from Mandiant M-Trends 2026
- The WordPress plugin backdoor: patience as a supply chain attack vector
- Why "trust" must be a continuous evaluation, not a one-time event
- Judgment as the irreplaceable core of software engineering

SOURCES & ARTICLES REFERENCED

1. Mandiant M-Trends 2026
Median dwell time: 14 days. Time from initial access hand-off to secondary threat: 22 seconds.
https://cloud.google.com/blog/topics/threat-intelligence/m-trends-2026
Coverage: https://complexdiscovery.com/twenty-two-seconds-to-hand-off-inside-mandiants-m-trends-2026-findings/

2. Georgia Tech "Bad Vibes" — AI-Generated Code Vulnerabilities
43,000+ advisories scanned. 18 confirmed cases H2 2025, 56 in Q1 2026 (35 in March). True count: 400–700.
https://research.gatech.edu/bad-vibes-ai-generated-code-vulnerable-researchers-warn
https://scp.cc.gatech.edu/external-news/bad-vibes-ai-generated-code-vulnerable-researchers-warn

3. WordPress "Essential Plugin" Supply Chain Backdoor (April 2026)
30+ plugins purchased on Flippa, backdoor planted, activated 8 months later.
https://thenextweb.com/news/wordpress-plugins-backdoor-supply-chain-essential-plugin-flippa-2
https://www.techrepublic.com/article/news-malicious-wordpress-plugins-backdoor-april-2026/

Questions or topics for a future episode? Reach the show at producer@ctounfiltered.fm.

Mike Schubert is VP of Technology at Unum Group. The views expressed in this episode are Mike's own and do not represent the views of his employer.