Brian Pham's Blog

Clean up after your AI code! (comic)

by

npham49
in

MML Challenge A

Updated: Sep 25, 2025
Authors: Brian Pham

An educational comic about the dangers of insecure AI generated code. In the current software development landscape, AI code editors and agents are commonly used across all positions and levels. But with said tools, we’re seeing a growing number of viral AI-generated applications of lower quality or extremely vulnerable. My goal for this projects is to emphasize the need for tests, vulnerability scans, safeguards in modern startups.

THE PROCESS

Understand (Discover, Interpret, Specify)

DESCRIBE THE CHALLENGE:

  • Developers are pushing code with no validations or accepting AI generated changes without reviewing.
  • Developers need to learn how to implement safeguards in their coding and deployment workflows.

CONTEXT AND AUDIENCE:

The average audience I’m targeting with my comics are software developers early in their career. They are likely recent grads within the past 2 years, they graduated in the modern development landscape where AI tools such as ChatGPT, Cursor, Claude and most likely involved these tools heavily in their schooling. This led to them using these tools heavily for their development workflow.

Now that I’ve determined the average, I want to expand to 2 other demographics that are offshoots of this: Startup Developers and Students. Startup Developers handle their entire company’s tech stack, due to the incredible amount of work involved, they likely used AI tools extensively. Students likely started their school with all AI tools available to them.

An extreme case I can think of are “vibe coders”, this term is coined by Andrej Karpathy, the co-founder of OpenAI. Describe a coding approach that relies entirely on AI, generating the entire code-base rather than manually writing it. A key personality trait is that the user would use AI generated code without reviewing, testing and understanding.

One common aspect in all targeted audiences is the reliance on AI tools, and the possibility of blind acceptance of AI generated code.

POV STATEMENT:

  • Software Developer needs to understand the importance of validation or reviewing methods to validate the correctness of AI generated code.
  • Software Developers needs to learn how to implement safeguards and automated vulnerabilities scanning so that their AI generated code is safe for use.

LEARNING OBJECTIVES:

  • Software Developers will understand that they need to implement reviewing methods or safeguards in their AI generated code.
  • Software Developers will be able to know how to research and implement safeguards and vulnerabilities scanning with commonly used tools such as SonarQube or Snyk.

Plan (Ideate, Sketch, Elaborate)

IDEATION:

  • My brainstorming process is more reliance on understanding how to create an impact on reader’s perception of the dangers of these tools, which I determined would be through a fictional story based on real life. I believe once that baseline is established then we can proceed to show remediation or alternative paths the situation could have taken.
  • I also want to highlight the impact of the situation, and describe a worst case scenario through my story-telling, these 5 aspects also need to be established within the example: Location, Action, Thoughts, Emotions, Dialogue.
  • My most promising prototype has the following story flow: Showcase a worst case example of a leak based on the story of the Tea application leak (showcase a non-technical CTO “vibe coding” the app, then the leak, then the media coverage and downfall of the company), then show an alternative version on how this would have be prevented.

STORYBOARD OR SCRIPT:

Panel 1: Wide shot, modern startup office. Logo: “TeaPay – The Future of Finance.”
Caption: “Meet TeaPay, a scrappy fintech startup.”

Panel 2: Close-up of the CTO, casual hoodie, laptop covered in stickers. He grins.
CTO (thinking): “Why waste time coding? I’ll just let the AI do it all.”

Panel 3: Monitor shows AI code being generated with prompts like “Build a finance app that handles payments.”
Caption: “AI-generated, copy-pasted straight to production.”

Panel 4: The CTO hits deploy with a dramatic click. A prompt shows “Done!!”.
Sound effect: CLICK!

Panel 5: Big monitor flashes: “Deployment Successful.”
CTO: “See? Easy. Who needs code reviews?”

Panel 6: A junior developer at the office looks worried.
Dev: “Uh, shouldn’t we test it?”
CTO: “Relax. AI knows best.”

Panel 7: Social media post: “Introducing TeaPay! Seamless financial transactions in seconds!”
Crowd of online users cheering with emojis.

Panel 8: Close-up: server folder with financial_data.csv exposed.Caption: “But the AI code left doors wide open…”

Panel 9: Shadowy hacker at terminal.
Hacker: “Wow, no security at all!”

Panel 10: Screen filled with spreadsheets of salaries and balances.
Caption: “Sensitive financial data leaked.”

Panel 11: News headline: “TeaPay Financial Leak.”
Customers comments: “Our info is online!”
Investor: “You lost our trust!”

Panel 12: Empty office, lights off.
Caption: “TeaPay collapsed overnight.”

Panel 13: Same office, junior dev speaking.
Dev: “Let’s run tests and scans first.”

Panel 14: Split visuals:

  • Screen with Unit Tests: PASS/FAIL
  • SonarQube dashboard: “Vulnerabilities detected”
  • Team discussing fixes at whiteboard.

Caption: “Scan! Test! Fix!”

Panel 15: Social post again: “TeaPay is live – now secure!”
Customers comments: “This is such a good product!”

Investor commented: “I believe in you!”

Panel 16: Split panel:
Left = dark collapse.
Right = bright success charts.
Caption: “The difference? Cleaning up after your AI code!”

PRINCIPLES APPLIED:

  • Cohere Principle through including graphics and texts in the narrative that closely aligns with each other, this is also a core part of comics as a learning media.
  • Contiguity Principle through showing a chronological timeline of event and then show an alternative timeline of events.
  • Segmenting Principle through breaking down the story into different sections, each 3-panel run represents a different part of the story.
  • Modality Principle through limiting the amount of text to always fit the panel on the screen, and rely on visual to guide the story.
  • Personalization Principle through reflecting a real-life story (the story of the Tea Dating App leak) in a fictional setting with an alternative ending.

Create and Share the Prototype


PEER FEEDBACK:

I received feedback from 2 of my peers and gave feedback to their corresponding comics. I noticed that the feedback fall within the following 4 main points:

  • Content & Clarity: Feedback includes confusion on specific aspects of the prototype: target audience, learning objectives, main points being covered in the comic and acronyms such as CTO.
  • Visual Consistency and Enhancement: Feedback here shows some confusion on expectation of the reader on technical aspects of the comic such as the discovered vulnerability and the impact of the resolution.
  • Tool and Engagement: There were positive feedback on the story-line of the prototype and the simplicity of the art, but there were counter-suggestion to further emphasize on the educational aspects of the comic with the targeted audience.

Reflect and Refine

For what worked well, the iteration process from the initial prototype to the final product is the highlight for me. The template provided and content on the course page helped my ideation process and guide my ideas from simple bullet points to theory-backed prototype. The review process from my peers also pointed out issues I personally did not notice during the story-boarding process. I was able to achieve a final product that was more than satisfactory for my original purpose.

I would make adjustments to the Plan process, currently the “Principles” section are after the storyboard/script section, which caused me to consider applying these principles after finishing the prototype. This caused me to do an extra revision, if this section is before the script creation, this would be included in the first draft and preventing an extra revision.

On the peer feedback, I’ve included a full summary on issues raised within the “Peer Feedback” section. Overall, my peers raised issues with clarity of content and confusion towards my learning objectives but praised my storyline and my simplistic approach to art in my prototype. This pointed out an issue I missed in prototyping, by assuming the user is already technical, I introduced confusion to non-technical users. Using the feedback, I decided to make the following adjustments to the prototype:

  • Add 1 panels at the beginning of the story as preface for the targeted audience and the goal of the story
  • Add context boxes below each panel with technical terms with definitions
  • Add visual metaphors for the vulnerability breach
  • Add 1 panel before the 2 ending panel showcasing social impact of the application

Comic as a multimedia medium comes with a few advantages:

  • Increased content understanding for targeted audience, using panels, images and characters, I was able to frame the content in a way that is digestible to my targeted audience. This was supported by studies on educational science comic by Jay Hosler and K. B. Boomer [1], there was an increase in content understanding and attitude towards education.
  • By creating the comic, the author would also go through a self reflection process, I noticed this furthered my own understanding on the learning objective through creating this comic. This is also supported by a research on comics on the medical education [2].

I also noticed some limitations to this medium:

  • It took me significantly more time to create the comic then initially expected, the prototype took 4 hours instead of the expected 2 and the final version took 3 hours instead of my expected 1.
  • Could not convey complex topics due to the space available on each panel. I tried to convey topics such as how to add the safe guards mentioned but faced issues in fittign the content in only 20 panels.

References

[1] J. Hosler and K. B. Boomer, “Are comic books an effective way to engage nonmajors in learning and appreciating science?1,” CBE—Life Sciences Education, vol. 10, no. 3, pp. 309–317, Sep. 2011, doi: 10.1187/cbe.10-07-0090.

[2] V. Moretti, A. Scavarda, and M. J. Green, “Learning by drawing: understanding the potential of comics-based courses in medical education through a qualitative study,” BMC Medical Education, vol. 25, no. 1, Apr. 2025, doi: 10.1186/s12909-025-07120-y.

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *