Vibe Coding WARNING for Devs

Key Takeaways

I've mentioned this before that vibe coding is going to give hackers so many opportunities. This is from Wyatt. Vibe coding is the new open-source in the worst way possible. As developers increasingly lean on AI generated code to build out their software as they have with open-source in the past, they risk introducing critical security failures along the way. So question for you, would you trust Vibe coding? Would you put vibecoded code onto the internet into your applications? Are you actually doing that? Are your companies doing that? Now, in this article, they reference a survey of chief information security officers and other people that said that more than 60% of their organization's code was generated by AI in 2024, but only 18% of respondents said that their organization has a list of approved tools for Vibe coding. They also pled thousands of professionals and published their findings in August, emphasizing too that AI development is making it harder to trace ownership of code. So here's one of the big problems. AIAS can hallucinate, but also if AI is trained in part on old vulnerable or lowquality software that's available out there, then all the vulnerabilities that have existed can reoccur and be introduced again, not to mention new issues. In addition to sucking up potentially insecure training data, the reality of VIP coding is that it produces a rough draft of code that may not fully take into account all the specific context and considerations around a given product or service. Now you can read more about this on wired. Now I've interviewed various experts including KT Pax and Fear who spoke about how great it is to have VIPE coding to create tools that you can use in penetration testing. Hacker One, which runs various bug bounty programs, spoke about how their platform reported a 540% surge in prompt injection vulnerabilities, the fastest growing threat in AI security. They also spoke about fully autonomous hackbots emerging. Autonomous agents submitted 560 valid reports signaling the start of the hackbot arms race. Hackers are becoming builders and are using AI throughout their workflows. So, it seems like there's going to be a lot of opportunities for hackers both on the good side and the bad side. With all of this vibe coding code being released out into the world, it looks like we're going to encounter more hacks, more data leaks, more breaches because of insecure code that's being put out there. But what are your thoughts? Do you vibe code? Do you think it's good? Do you use it for just creating products or do you use it for penetration testing? Where do you use vibe coding or do you not