For dangerous APIs, it used to be possible to reduce the harm by increasing the friction.
- For dangerous APIs, it used to be possible to reduce the harm by increasing the friction.
- The harder the user had to work to do the dangerous thing, the more likely they were motivated and capable to understand the risk.
- Things like hiding the configuration behind a command-line option.
- Or requiring the user to write a string like React's famous "__SECRET_INTERNALS_DO_NOT_USE_OR_YOU_WILL_BE_FIRED".
- The idea was users couldn't stumble into doing something dangerous if they had to crawl through a bit of broken glass.
- If something bad happened, they couldn't claim naivete.
- But LLMs are happy to crawl through broken glass, making those warnings much less effective.