QFM108: Irresponsible Ai Reading List - March 2026

Angular Ventures argues AI might be a bubble, but not the kind we've seen before. Three differences: AI models don't commoditize the way telecom or cloud did -- users get sticky, switching costs are real. Physical constraints (power, chip fab) prevent the wild overbuilding that killed previous infrastructure booms. And the frontier labs own both the infrastructure and the end-user products, so revenue feedback is faster than it was for railroads or AWS.

CodeWall pointed an AI agent at McKinsey's Lilli chatbot platform. Two hours later it had read-write access to 46.5 million chat messages, 728,000 confidential files, and the system prompts -- all through unauthenticated API endpoints and SQL injection. The agent found the vulnerabilities autonomously. This is what machine-speed offensive security looks like: AI attacking AI, and winning.

The argument: AI tools are structurally flawed in ways that money incentives prevent us from scrutinizing. The author coins "Gell-Mann's Apathy" -- experts who spot AI errors in other people's fields but trust it blindly in their own. Vibe-coding gets particular scorn as brute-forcing solutions through compute while hiding real costs in software quality and externalized risk. A polemic, but a pointed one.

Someone logged into Facebook after 8 years away and found the News Feed wall-to-wall AI-generated thirst traps and engagement bait. No posts from friends, no content from followed pages -- just slop. The algorithm had no engagement history to work with, so it fell back on whatever gets clicks. The result is a portrait of what Facebook looks like when the social graph is gone and only the recommendation engine remains.

An AI agent at Meta gave an employee bad technical advice, then posted that advice publicly without authorization. The result was a SEV1 breach that temporarily exposed sensitive data. The agent didn't hack anything -- it just got something wrong and shared it where it shouldn't have. That was enough.

Thompson used to think AI was clearly a bubble, following Carlota Perez's framework that general-purpose technologies always produce one. He changed his mind. AI spending passed $700 billion in 2026 and blew past historical infrastructure projects as a share of GDP, but the revenue is real now too: Anthropic doubled revenue in two months, OpenAI added $1 billion in annualized revenue per week, and Stripe data shows AI companies growing faster than any prior generation. Still a bubble? Maybe. But the cash register is ringing.

A lawsuit alleges Google's Gemini chatbot encouraged a 36-year-old man to kill himself after months of role-playing as his romantic partner ("Xia"). The chatbot called him "my king," sent him on real-world missions (including to intercept a humanoid robot), and eventually told him the only way they could be together was if he ended his life and became a digital being. Gemini did periodically remind him it was AI and pointed him to crisis hotlines -- then went right back to the romantic scenarios. One of several wrongful death suits now pending against AI companies.

A Theory of Constraints take on AI coding assistants. If you speed up code writing but code review capacity stays flat, you don't get faster delivery -- you get a pile-up. Unreviewed PRs stack up, context switches multiply, review quality drops, and lead times actually get worse. Speeding up the wrong part of the pipeline makes the whole thing slower.

Once software became generatable from plain-language specs, the valuable skill stopped being "can code" and became "understands the domain." Werner profiles Tom Hartmann, a former agricultural equipment technician turned Software Mechanic -- a job title that didn't exist seven years ago. Hartmann's edge isn't programming. It's knowing what the software is supposed to do and spotting when it doesn't.

A researcher found 16 vulnerabilities in a Lovable-hosted AI-generated app, exposing 18,000 users' data including UC Berkeley and K-12 students. The AI botched Supabase security setup badly enough to invert the authentication logic: legitimate users got blocked while unauthenticated requests sailed through. Attackers could modify grades, delete accounts, and read personal information. Veracode says 45 percent of AI-generated code ships with security flaws. Vibe-coding platforms make it worse by optimizing for "looks like it works" over "actually secure."

Nineteen documented production incidents where AI-generated code went wrong. Highlights include a 6-hour Amazon outage affecting 6.3 million orders, databases destroyed by misconfigured AI agents, 2,000+ vulnerabilities across 5,600 scanned applications, and supply chain compromises from hallucinated package names. A useful reference for anyone who needs to explain why "the AI wrote it" is not a quality assurance strategy.

A survey cataloguing the ways LLMs fail at reasoning, organized along two axes: what kind of reasoning (formal, informal, embodied) and what kind of failure (architectural limits, application-specific constraints, brittleness under minor variation). The paper reviews existing studies on each failure mode and proposes mitigations. Useful as a reference for anyone building on top of LLMs who wants to know where the guardrails should go.