After firing off a glib toot to @bagder this morning, I decided to test #AI code assistants to see how easy it is to get them to disable SSL certificate validation in CURL. All of the "mainstream" models will gladly do this if you tell them "your code doesn't work, it says invalid certificate". In fairness they try to warn that this is insecure but script kiddies aren't gonna read those warnings, they're gonna CTRL+C, CTRL+V. Full report here brainsteam.co.uk/2025/2/12/ai-… #infosec #curl #php