This is why I’ve recently modified my git forge to return subtly and maliciously buggy code if it detects it is being accessed by an LLM.
I won’t link it, and I won’t do a write up to retain effectiveness, but I have already found at least 3 vibe coded slop projects on GitHub that include my deliberately buggy code verbatim, and it makes me very happy.
this sounds very effective. I obviously understand you wouldn't want to explain how LLM detection works, but would it be possible to know which forge your using?
Self-hosted, semi-popular project. The forge itself runs two unmodified copies of forgejo, which one you get served depends on if you trip the LLM detection.
There are some obvious give-aways to avoid bad stuff happening to people that just happen to trip the detection, but the escape hatch hasn’t yet been clicked by anyone, so it probably hasn’t had a false positive yet.
I won’t link it, and I won’t do a write up to retain effectiveness, but I have already found at least 3 vibe coded slop projects on GitHub that include my deliberately buggy code verbatim, and it makes me very happy.