The article cites NIST SATE and a 2024 ISSTA study of 815 vulnerability-related commits, arguing structural analysis detects only about 50-60% of flaws.
Using a Brooklyn bus-tracker app and a bug later fixed in Google's Gson library, the author says requirements with purpose help AI catch design and security defects.
The piece promotes an open-source Quality Playbook that derives requirements from code and documentation, warning missing intent leaves issues like authorization flaws invisible to conventional AI review.
With AI generating more security flaws, who becomes legally liable for the inevitable data breaches?
If AI automates coding but not understanding, is the future of software engineering just better requirement writing?