𝗕𝘂𝗻 𝗦𝗵𝗶𝗽𝗽𝗲𝗱 𝗨𝗻𝘀𝗮𝗳𝗲 𝗔𝗜 𝗖𝗼𝗱𝗲
Bun recently released a massive Rust rewrite. The team used Claude AI to write much of it. This rewrite added over 13,000 unsafe code blocks to the codebase.
In systems programming, unsafe code bypasses memory safety rules. One unsafe block is a risk. Thirteen thousand blocks in AI-generated code is a crisis.
The team also released this without a concurrent garbage collector. This makes memory management difficult in multithreaded workloads.
I understand the need for speed. Small teams must move fast to compete with Node.js and Deno. But speed should not replace care.
An unsafe code block is a promise that memory access is valid. If an AI writes the code, no human signed that promise.
AI code is not bad. However, using AI to generate unsafe code at this scale is dangerous.
A runtime is not a simple library. It is the foundation of your entire application. When you choose a runtime, you are choosing to trust it.
Some developers are moving back to Node.js because of stability concerns. This is the result of shipping experimental infrastructure.
I use AI tools every day. I treat AI code like code from a junior engineer. It needs a review that matches the risk.
The risk of multithreading in a JavaScript runtime is massive. Those 13,000 blocks need 13,000 good reasons to exist. They do not need 13,000 rubber stamps.
High-velocity AI generation requires high-velocity review.
Bun has great potential. The team has done impressive work. But being ambitious without being careful creates a liability.
We should not stop using AI. We must ensure the level of review matches the blast radius. AI cannot reason about the cost of being wrong.
Would you run 13,000 AI-generated unsafe blocks in your production app? What is your limit for trusting AI with infrastructure?