Vibe Coding: A Security Crisis Hidden Behind the Hype
What Is Vibe Coding?
AI researcher Andrej Karpathy coined the term in February 2025. Collins Dictionary named it Word of the Year that same year. The idea: you describe what you want to build in plain English, an AI model like Claude, GPT-4o, or a tool like Cursor or Bolt generates the entire codebase, and you ship it based on how the surface looks.
By end of 2025, AI-generated code made up 41% of all code written globally. Platforms like Coursera now offer vibe coding courses built for people with zero programming background. The speed is real. The security risk is real too, and far less advertised.
The Vulnerability Landscape
Between 40% and 62% of AI-generated code contains exploitable vulnerabilities. Veracode’s 2025 GenAI Code Security Report analyzed 80 coding tasks across more than 100 large language models and found AI introduces vulnerabilities in 45% of generated code. When given a choice between a secure and insecure coding approach, AI chose the insecure path 45% of the time. Bigger models have not fixed this.
Here is where AI fails hardest:
| Vulnerability Type | CWE | AI Failure Rate |
|---|---|---|
| Log Injection | CWE-117 | 88% |
| Cross-Site Scripting | CWE-80 | 86% |
| SQL Injection | CWE-89 | 20% |
| Cryptographic Failures | CWE-327 | 14% |
A scan of over 5,600 publicly accessible vibe-coded apps found more than 2,000 significant vulnerabilities and 400 exposed secrets, including API keys and database credentials sitting in public repos. In May 2025, one hyped AI platform leaked 1.5 million API keys because a founder shipped a vibe-coded app with zero security review.
Georgia Tech’s Vibe Security Radar launched in May 2025 to track CVEs caused by AI-generated code. In January 2026, they tracked 6. By March 2026, that number hit 35. Researchers estimate the real number is 5 to 10 times higher.
The OWASP Top 10 Through a Vibe Coding Lens
The OWASP Top 10 maps directly onto how AI-generated code fails. Here are the biggest offenders:
A01: Broken Access Control (Very High Risk)
AI builds CRUD operations without ownership checks. Frontend restrictions get implemented without backend enforcement. The UI blocks a button, but the API endpoint stays wide open. Authorization gets treated as a UI concern, not a security boundary.
A02: Cryptographic Failures (High Risk)
API keys get hardcoded in client-side JavaScript. Passwords get stored in plain text or with weak hashing. Secrets that belong in environment variables end up committed directly to public repos.
A03: Injection (Medium-High Risk)
AI uses string concatenation for SQL queries instead of parameterized queries 20% of the time. XSS vulnerabilities appear when AI injects user input directly into HTML without sanitization.
A04: Insecure Design (Very High Risk)
AI builds features. It does not architect for security. No rate limiting. No abuse prevention. Login endpoints get generated without lockout mechanisms, leaving them completely open to brute-force attacks.
A09: Security Logging and Monitoring Failures
In one audit, a login endpoint returned 401 on failed attempts but logged nothing. An attacker could run thousands of credential-stuffing attempts while the app stayed completely blind. AI does not generate logging by default.
Slopsquatting: The Supply Chain Attack Nobody Talks About Enough
This one is worth paying close attention to. AI models generate responses based on statistical probability, not fact. That produces hallucinations, and in code, hallucinations show up as references to packages that do not exist.
Researchers tested 16 popular code-generating AI models across Python and JavaScript. Nearly 20% of 756,000 generated code samples included hallucinated package names. Attackers watch which fake packages AI recommends most often, register malicious versions under those names on PyPI and npm, and wait. The vibe coder trusts the AI, installs the package, and ships a backdoor.
The attack is mapped to MITRE ATT&CK T1195.02. Because AI hallucinations are repeatable, attackers predict and pre-register targets reliably.
Other attack vectors worth knowing:
- Prompt injection: Attackers craft malicious input that changes how the AI behaves at runtime, coercing it to expose secrets or disable validation.
- Hallucinated security bypasses: AI accidentally removes security checks while implementing an unrelated feature.
- IP leakage: Developers paste sensitive code into public AI tools that log inputs for model training.
The Foundations Problem
This is the deeper issue. Vibe coding’s pitch is that technical knowledge is unnecessary. That creates builders who ship apps they do not understand and have no way to evaluate.
Stack Overflow’s blog put it plainly in January 2026: many people without experience are building applications that look functional on the front end while the underlying data handling is a compliance disaster.
What gets lost without foundations:
- Architecture: Understanding client vs. server, authentication vs. authorization, and data flow is what lets you ask “where does this go wrong?” without a scanner prompting you.
- Debugging depth: When AI-generated code fails in production, and it will, you need a framework for finding root causes. You cannot find what you cannot read.
- Security by default: Experienced developers have internalized rules like “never trust user input” and “always enforce authorization server-side.” Those are reflexes, not lookup tables.
- Critical evaluation of AI output: If you understand the code, you catch the vulnerability. If you do not, you ship it.
The irony is that understanding the fundamentals makes AI tools more useful and safer. A developer who knows SQL spots an injection vulnerability instantly. A developer who does not will ship it to production.
Technical Debt: The Compounding Cost
Traditional technical debt builds gradually. A team skips tests, defers refactoring, takes shortcuts. AI technical debt compounds. The mechanism is volume.
AI tools produce 3 to 4 times more code commits than unassisted developers. GitClear’s 2025 analysis of 211 million lines of code found refactoring dropped from 25% of development activity in 2021 to under 10% in 2024. Code churn, lines revised within two weeks of being written, jumped from 5.5% to 7.9%. Velocity is up. Quality stewardship is down.
Common anti-patterns in AI-generated codebases:
| Anti-Pattern | Occurrence Rate |
|---|---|
| Comments meant for AI that burden human reviewers | 90-100% |
| Textbook patterns applied without context | 80-90% |
| Repeated bugs across regenerated functions | 80-90% |
| Over-specification for edge cases that will never happen | 80-90% |
The financial picture:
- Unmanaged AI-generated code drives maintenance costs to four times traditional levels by year two.
- 75% of technology leaders are projected to face moderate or severe debt problems by 2026.
- One API security company saw a 10x increase in monthly security findings at Fortune 50 enterprises between December 2024 and June 2025.
- The average data breach cost $4.44 million in 2025.
- Gartner projects a 2,500% increase in GenAI software defects as AI coding adoption scales.
Security debt now affects 82% of companies. High-risk vulnerabilities jumped from 8.3% to 11.3% in a single year. Using more AI to fix AI-created vulnerabilities has not closed that gap.
Compliance and Legal Exposure
Security holes are not the only problem. Organizations shipping AI-generated code without review face real regulatory risk.
- GDPR: AI-generated apps may process personal data in ways that breach data protection law. Fines go up to 17.5 million or 4% of global annual turnover. GDPR Article 32 requires a Data Protection Impact Assessment for high-risk data handling. Vibe-coded apps routinely skip this.
- EU AI Act: Any AI system applied to the employee lifecycle is automatically classified as High-Risk AI, triggering mandatory obligations regardless of who built it or how.
- Simulated compliance: AI generates documentation that looks like compliance without achieving it. A GDPR assessment document does not reduce actual risk.
- Intellectual property: AI tools train on copyrighted and GPL-licensed code. Generated output may unknowingly include infringing elements. Copyright ownership of AI-generated code remains legally unresolved.
The Right Mental Model: AI as Amplifier, Not Replacement
The takeaway is not that vibe coding is worthless. For personal projects and experiments, the risk is acceptable. For anything with real users, real data, or real money, someone on the team needs to understand the code well enough to evaluate what the AI produced.
AI should function as a multiplier for skilled engineers. It handles boilerplate so human judgment focuses on architecture, security, and performance. Foundations are not obsolete. They are more important than ever because they are what let you catch the AI when it goes wrong.
Practical steps every team should take:
- Treat AI output like a junior developer’s first commit. Review it, question it, test it, and never deploy to production without senior review.
- Enforce SAST in CI/CD pipelines so security gates run automatically on every commit.
- Validate every dependency manually. Never install an AI-suggested package without verifying it exists in official repositories.
- Store all secrets in environment variables. Use automated secret scanning to catch leaks before they hit version control.
- Enforce server-side authorization. Never rely on client-side logic to control access.
- Establish AI governance policies. Define which tools get used, how prompts are structured, and what review applies before AI code reaches production.
- Measure what matters. Vulnerability backlog growth, code health, and remediation velocity tell you more than feature velocity does.
The codebase you bring into the AI era determines what you get out of it. AI amplifies what is already there. A solid foundation gets better. A weak one gets worse faster.
