I’ll just say that assuming this policy excludes vulnerability/pen testing like Mozilla with Mythos then this is seriously going to be an extremely naive PR (public relations) only move. Obviously actual programmers not bot laziness for coding is essential for software people rely on and I get allowing vibe coding also destroys programmer (and general LLM user’s) brains but to keep up with our now LLM real world reality you need to be realistic not just virtue signalling for purity.

BIOS /UEFI malware exist too. Your suggested best practices should also factor this in. Basically if you’re being targeted there’s nothing you can do but by being aware of these risks you have a better chance to keep yourself safe.