Trethowans warns that AI-assisted internal development can quietly import open-source code and dependencies without licence review, creating compliance risk unless teams add policy, audits, and software-bill-of-materials controls around vibe-coded tools.
Your engineers are vibe coding which means your licence compliance is probably broken
Trethowans warns that AI-assisted internal development can quietly import open-source code and dependencies without licence review, creating compliance risk unless teams add policy, audits, and software-bill-of-materials controls around vibe-coded tools.
Source: Trethowans