Skip to main content
Original: Geoffrey Huntley · 02/09/2025

Summary

If anyone pitches you on the idea that you can achieve secure code generation via an MCP tool or Cursor rules, run, don’t walk. I just finished up a phone call with a “stealth startup” that was pitching an idea that agents could generate code securely via an MCP server. Needless to say, the phone call did not go well. What follows is a recap of the conversation where I just shot down the idea and wrapped up the call early be

Key Insights

“If anyone pitches you on the idea that you can achieve secure code generation via an MCP tool or Cursor rules, run, don’t walk.” — Huntley’s immediate dismissal of the concept of secure code generation through MCP tools.
“I haven’t written code by hand for nine months.” — Huntley shares his personal shift away from manual coding to using agents for code generation.
“How do I make the agent generate secure code?” — Introducing the central question and concern regarding the security of code generated by AI agents.

Topics

Full Article

# anti-patterns and patterns for achieving secure generation of code via AI
Author: Geoffrey Huntley
Published: 2025-09-02
Source: https://ghuntley.com/secure-codegen/
I just finished up a phone call with a “stealth startup” that was pitching an idea that agents could generate code securely via an MCP server. Needless to say, the phone call did not go well. What follows is a recap of the conversation where I just shot down the idea and wrapped up the call early because it’s a bad idea.
If anyone pitches you on the idea that you can achieve secure code generation via an MCP tool or Cursor rules, run, don’t walk.
Over the last nine months, I’ve written about the changes that are coming to our industry, where we’re entering an arena where most of the code going forward is not going to be written by hand, but instead by agents.
the six-month recap: closing talk on AI at Web Directions, Melbourne, June 2025 Welcome back to our final session at WebDirections. We’re definitely on the glide path—though I’m not sure if we’re smoothly landing, about to hit turbulence, or perhaps facing a go-around. We’ll see … — Geoffrey Huntley
I haven’t written code by hand for nine months. I’ve generated, read, and reviewed a lot of code, and I think perhaps within the next year, the large swaths of code in business will no longer be artisanal hand-crafted. Those days are fast coming to a close. Thus, naturally, there is a question that’s on everyone’s mind:
How do I make the agent generate secure code?
Let’s start with what you should not do and build up from first principles.

Key Takeaways

Notable Quotes

If anyone pitches you on the idea that you can achieve secure code generation via an MCP tool or Cursor rules, run, don’t walk.
Context: Huntley’s immediate dismissal of the concept of secure code generation through MCP tools.
I haven’t written code by hand for nine months.
Context: Huntley shares his personal shift away from manual coding to using agents for code generation.
How do I make the agent generate secure code?
Context: Introducing the central question and concern regarding the security of code generated by AI agents.
  • [[topics/secure-code-generation]]
  • [[topics/ai-agents]]
  • [[topics/agent-native-architecture]]

teleporting into the future and robbing yourself of retirement projects

Geoffrey Huntley · explanation · 75% similar

autoregressive queens of failure

Geoffrey Huntley · explanation · 71% similar

I dream about AI subagents; they whisper to me while I'm asleep

Geoffrey Huntley · explanation · 71% similar
Originally published at https://ghuntley.com/secure-codegen/.