PromptLock—a proof-of-concept ransomware that uses an LLM to generate malicious scripts at runtime—forced a useful question:
That turned out to be less of a malware problem and more of an organizational learning problem. (If you haven't read our reflections on PromptLock, it provides useful context for what follows.)
The same problem now applies to systems we willingly deploy.
AI coding assistants and agent systems are not introducing a new risk category. They are exposing a learning model that no longer fits systems whose behavior is generated rather than authored.
The core insight from PromptLock was not that AI can generate code. That was always obvious.
The insight was this:
AI coding assistants operate under the same constraint.
Each invocation:
And yet our incident practices still assume:
That assumption no longer holds.
Most organizations still frame AI coding assistants as accelerators layered on top of existing workflows.
That framing is already obsolete.
Modern assistants do not just autocomplete syntax. They:
Which means they participate—implicitly—in design decisions.
Here's the uncomfortable asymmetry:
That mismatch is where learning quietly breaks.
Consider a familiar failure.
A subtle concurrency bug causes a cascading outage weeks after a feature launch.
The postmortem looks like this.
Artifact-oriented (typical):
This is accurate. It is also fragile.
Now contrast it with a capability-oriented record.
Capability-oriented (durable):
Both describe the same incident.
Only one survives the next AI-generated variant.
Once again, the postmortem can be accurate—and nearly useless for prevention.
Across PromptLock, coding assistants, and agent systems, the same failure mode appears.
| System | What Changes | What Persists |
|---|---|---|
| PromptLock | Generated scripts | Reconnaissance capability |
| Coding assistants | Generated code | Architectural patterns |
| Agents | Generated plans | Decision strategies |
Organizations keep encoding what changes.
Incidents recur where behavior persists.
This is not a tooling issue. It is a coordination failure.
In a typical organization:
No single team sees the pattern forming.
Without shared, capability-oriented memory:
This is what COEhub is designed to address—not incident archival, but capability-oriented memory that surfaces before the next AI-suggested pattern ships.
Agent systems intensify this problem.
Agents:
Trying to learn from agent failures using artifact snapshots is like trying to debug a compiler by memorizing binaries.
That topic deserves a deeper, standalone treatment. What matters here is the direction of travel: as more behavior becomes generated, artifact-based learning collapses faster.
There is now a structural asymmetry in software delivery.
AI systems benefit from:
Organizations defend themselves with:
As long as that mismatch exists, the same failures will recur under different guises—and teams will feel an increasing sense of déjà vu without being able to name why.
PromptLock showed us what happens when attackers exploit generative polymorphism.
AI coding assistants show us what happens when we do.
The organizations that succeed in this transition will not be the ones with the best prompts or the longest guidelines. They will be the ones that stop treating incidents as documents and start treating them as capability signals.
Because when systems generate behavior, learning must generate memory.
And static artifacts are no longer enough.