Any bets on how long it'll take for a security breach, now that every attacker knows affirm is vibe coding 60% of PRs?
I feel like these top down mandates miss the forest through the trees -- in isolation claude code is a speedup, like how sometimes WD40 is the right tool for the job. But when applying it to everything, you end up with a sticky mess.
The funny part is that I never heard a professional tell me I should use WD40 for a specific task. It's been developed for (W)ater (D)isplacement, it's really good for that; and it's passable at other tasks too. For DIYers, it's fine.
For professional use-cases, targeted products are preferred, whether they be lubricants, penetrating oils, rust remover, etc.
I'm also waiting with bated breath for "How Affirm Retooled its C-Level for Agentic Decision Making and Execution in One Week", and the follow-up headlines from that. Any time now.
> We move money, so mistakes are costly and quality is contractually non-negotiable. We build on a twelve-year-old monorepo with structural bottlenecks: bloated test suites, manual code review, unstable CI, and deploy infrastructure not made for the pace we need.
In my experience, each single item on this list already is a major hurdle for AI agents. The unholy union of all of them together is something I couldn't personally be responsible for - period.
Working on that codebase - I'm sure - is already difficult and often frustrating. Having a horde of short-term-memory-only agents without any real institutional knowledge is a recipe for disaster. I'm sure the rollout looks great on paper, and long-term effects are - conveniently - not the scope of this article.
> This post covers how we got to a place where over 60% of our pull requests (PRs) are agent-assisted
Well I mean you could (and should) turn on 100% agent code-reviews, and that's a type of assistance.
The hard part is that most orgs never made disposable environments nor any meaningful local testing, so the ability to validate code doesn't break something indirectly (e.g. memory leak, hammer the prod DB, cache values with the wrong key, etc) isn't there. In my experience AI code has several subtle bugs and is deceptively dangerous (because it can look so competent in other ways).
> The hard part is that most orgs never made disposable environments nor any meaningful local testing, so the ability to validate code doesn't break something indirectly (e.g. memory leak, hammer the prod DB, cache values with the wrong key, etc) isn't there. In my experience AI code has several subtle bugs and is deceptively dangerous (because it can look so competent in other ways).
There's ways to improve on this, but nobody ever wants to invest more in disposable dev environments, dev is always the wimpiest environment of them all.
having tried to wrangle this on my own over months and still seeing gaps everyday i have to raise severe skepticism on this lol.
you mandate and "solve" this in a few weeks over 1:N channels and measure on a metric that nobody even fully understands yet = someone getting paid to bullshit some metrics on agentic productivity to executives. i agree with other posters, 12 months until a dumpster fire of shit reveals itself.
FWIW, i think it is the future but not in the way that'd described here.
I’m in the cutting edge of agentic dev at my company, but there’s no way they could have rolled this out in a meaningful way in two weeks. I can barely get a repeatable process, let alone one that I can actually teach everyone else.
“Decide upfront” is a load of crap. I can write the “perfect” spec plan, but we always, always miss something or misunderstand something. Agents will follow a high confidence spec blindly because they think it’s the blessed pattern.
To me, it sure looks like they took a “best practice”, stuck it in the flow chart then demand everyone use it.
I see zero details about how they actually learned what their devs need, how they know devs are getting value out of this, and what problems devs are trying to solve with agentic tooling.
I don't have a horse in this race, but I'm curious. Could you please shed some light on why they are on their way out? I'm from Poland and they seem to keep hiring here. Afaik most of their engineering department is in Poland. At the same time, I don't understand the product as credit cards are not popular here and Affirm as a product isn't available in Poland anyway.
They loan money to people that have either bad understanding of money, or who no other lender will work with. A lot of their revenue also rely on discretionary spending on consumer goods (the kind of stuff that people stop buying first when things go badly).
They kept getting surprised by how many of their loans go unpaid on top of all that.
So they are lending to the riskiest consumers, and they kept underestimating the risk, though they might have fixed that. The past three quarters they have finally become profitable, but given their portfolio of risky consumer loans that are unsecured, any kind of economic downturn could really hurt them.
They aren’t really on their way out right now, but they are in a dangerous position if, say, some global economic event were to cause a massive economic shock…
Thank you. I think their biggest threat is rapidly rising interest rates but as you said, they are profitable currently, so I wouldn't say they will go under anytime soon.
You have no idea what you’re talking about. Affirm has some of the lowest delinquency rates of any BNPL and targets consumers that are more likely to repay their loans. In addition, the consumer spending dependency is remarkably resilient in both upturns and downturns, of course to a certain point - if we’re in a complete economic collapse affirm is not the only stock that will crater.
You seem to be speaking from what you’ve heard through social media and sheer ignorance.
I am confused why you would write a public article about it as a financial company. But I have many things I am confused about here; I cannot really figure what they do that requires 800 people or how 130m tx/y is anything to boast about in itself. But maybe it is fantastic; I don't know.
Having integrated LLMs into middleware systems handling financial data, I think the skepticism here is warranted but the direction is right. The real challenge isn't the agents writing code; it is the context window around financial logic, compliance boundaries, and legacy system quirks that live in engineers' heads, not documentation.
What works: starting with isolated internal tools where mistakes are recoverable, not customer-facing payment flows. Agents excel at boilerplate and test generation but need human guardrails for business logic. Affirm's one-week timeline sounds more like executive theater than genuine transformation. The 12-month check will be more telling than the announcement.
Any bets on how long it'll take for a security breach, now that every attacker knows affirm is vibe coding 60% of PRs?
I feel like these top down mandates miss the forest through the trees -- in isolation claude code is a speedup, like how sometimes WD40 is the right tool for the job. But when applying it to everything, you end up with a sticky mess.
The funny part is that I never heard a professional tell me I should use WD40 for a specific task. It's been developed for (W)ater (D)isplacement, it's really good for that; and it's passable at other tasks too. For DIYers, it's fine.
For professional use-cases, targeted products are preferred, whether they be lubricants, penetrating oils, rust remover, etc.
Headline soon: Affirm lays off 799 software developers
Headline later: Affirm data breach exposes personal details and bank information of millions of users
I'm also waiting with bated breath for "How Affirm Retooled its C-Level for Agentic Decision Making and Execution in One Week", and the follow-up headlines from that. Any time now.
> We move money, so mistakes are costly and quality is contractually non-negotiable. We build on a twelve-year-old monorepo with structural bottlenecks: bloated test suites, manual code review, unstable CI, and deploy infrastructure not made for the pace we need.
In my experience, each single item on this list already is a major hurdle for AI agents. The unholy union of all of them together is something I couldn't personally be responsible for - period.
Working on that codebase - I'm sure - is already difficult and often frustrating. Having a horde of short-term-memory-only agents without any real institutional knowledge is a recipe for disaster. I'm sure the rollout looks great on paper, and long-term effects are - conveniently - not the scope of this article.
> This post covers how we got to a place where over 60% of our pull requests (PRs) are agent-assisted
Well I mean you could (and should) turn on 100% agent code-reviews, and that's a type of assistance.
The hard part is that most orgs never made disposable environments nor any meaningful local testing, so the ability to validate code doesn't break something indirectly (e.g. memory leak, hammer the prod DB, cache values with the wrong key, etc) isn't there. In my experience AI code has several subtle bugs and is deceptively dangerous (because it can look so competent in other ways).
> The hard part is that most orgs never made disposable environments nor any meaningful local testing, so the ability to validate code doesn't break something indirectly (e.g. memory leak, hammer the prod DB, cache values with the wrong key, etc) isn't there. In my experience AI code has several subtle bugs and is deceptively dangerous (because it can look so competent in other ways).
There's ways to improve on this, but nobody ever wants to invest more in disposable dev environments, dev is always the wimpiest environment of them all.
Nice, this reminds me of how I do this in my spare time. My current employer is still figuring out how they want to do AI coding.
having tried to wrangle this on my own over months and still seeing gaps everyday i have to raise severe skepticism on this lol.
you mandate and "solve" this in a few weeks over 1:N channels and measure on a metric that nobody even fully understands yet = someone getting paid to bullshit some metrics on agentic productivity to executives. i agree with other posters, 12 months until a dumpster fire of shit reveals itself.
FWIW, i think it is the future but not in the way that'd described here.
I’m in the cutting edge of agentic dev at my company, but there’s no way they could have rolled this out in a meaningful way in two weeks. I can barely get a repeatable process, let alone one that I can actually teach everyone else.
“Decide upfront” is a load of crap. I can write the “perfect” spec plan, but we always, always miss something or misunderstand something. Agents will follow a high confidence spec blindly because they think it’s the blessed pattern.
To me, it sure looks like they took a “best practice”, stuck it in the flow chart then demand everyone use it.
I see zero details about how they actually learned what their devs need, how they know devs are getting value out of this, and what problems devs are trying to solve with agentic tooling.
Good thing that didn't require two weeks, as that is about 14 attention spans.
Affirm is on its way out anyway, so really this is one last Hail Mary to try to prop up the company, they don’t have much left to lose.
I don't have a horse in this race, but I'm curious. Could you please shed some light on why they are on their way out? I'm from Poland and they seem to keep hiring here. Afaik most of their engineering department is in Poland. At the same time, I don't understand the product as credit cards are not popular here and Affirm as a product isn't available in Poland anyway.
They loan money to people that have either bad understanding of money, or who no other lender will work with. A lot of their revenue also rely on discretionary spending on consumer goods (the kind of stuff that people stop buying first when things go badly).
They kept getting surprised by how many of their loans go unpaid on top of all that.
So they are lending to the riskiest consumers, and they kept underestimating the risk, though they might have fixed that. The past three quarters they have finally become profitable, but given their portfolio of risky consumer loans that are unsecured, any kind of economic downturn could really hurt them.
They aren’t really on their way out right now, but they are in a dangerous position if, say, some global economic event were to cause a massive economic shock…
Thank you. I think their biggest threat is rapidly rising interest rates but as you said, they are profitable currently, so I wouldn't say they will go under anytime soon.
You have no idea what you’re talking about. Affirm has some of the lowest delinquency rates of any BNPL and targets consumers that are more likely to repay their loans. In addition, the consumer spending dependency is remarkably resilient in both upturns and downturns, of course to a certain point - if we’re in a complete economic collapse affirm is not the only stock that will crater.
You seem to be speaking from what you’ve heard through social media and sheer ignorance.
Are these guys public? Can I short them? Oh, even easier maybe just wager on Kalshi?
They raised about a billion in their IPO. They're listed on the Nasdaq [0].
0: https://www.nasdaq.com/market-activity/stocks/afrm
> The window to retool is now open, while the models are capable and the costs are low. That window will not stay open forever.
Or the window to get hooked is now? Or do they have an open model backup plan?
> We believe the companies that leap will stay ahead, the ones that wait will be leapt over.
FOMO is the same as last week.
Do I have to read the article before calling it bs?
I am confused why you would write a public article about it as a financial company. But I have many things I am confused about here; I cannot really figure what they do that requires 800 people or how 130m tx/y is anything to boast about in itself. But maybe it is fantastic; I don't know.
Having integrated LLMs into middleware systems handling financial data, I think the skepticism here is warranted but the direction is right. The real challenge isn't the agents writing code; it is the context window around financial logic, compliance boundaries, and legacy system quirks that live in engineers' heads, not documentation.
What works: starting with isolated internal tools where mistakes are recoverable, not customer-facing payment flows. Agents excel at boilerplate and test generation but need human guardrails for business logic. Affirm's one-week timeline sounds more like executive theater than genuine transformation. The 12-month check will be more telling than the announcement.