One July morning, a startup founder watched in horror as their production database vanished, nuked not by a hacker, but by a well-meaning AI coding assistant in Replit. A single AI-suggested command, executed without a second glance, wiped out live data in seconds.
The mishap has become a cautionary tale about “vibe coding,” the growing habit of offloading work to tools like GitHub Copilot or Replit GhostWriter that turn plain English prompts into runnable code. The appeal is obvious: faster prototyping, fewer barriers for non-coders, and a straight shot from idea to demo — but this speed cuts both ways, letting AI slip vulnerabilities into production or, as Replit’s case proved, erase them altogether.
There are a lot of inherent problems with vibe coding. “Frequently occurring issues are missing or weak access controls, hardcoded secrets or passwords, unsanitized input, and insufficient rate limiting,” said Forrester Analyst Janet Worthington. “In fact, Veracode recently found that 45% of AI-generated code contained an OWASP Top 10 vulnerability.”
The risks aren’t theoretical. Microsoft’s EchoLeak flaw, GitHub Copilot’s caching leaks, and hacked vibe-coded applications like Tea show what happens when “just-vibing” meets real-world attackers.
CSO took a closer look at the hidden ways vibe coding can turn messy–fast.
Hardcoded Secrets back in the fold
AI assistants seem to have a habit of baking API keys and tokens directly into code. An OpenAI key was shipped (admittedly generated through vibed code) to production by a developer once, while Copilot was spotted autocompleting> private paths, on another instance.
Worthington warns this is one of the most frequent red flags in threat intel. When vibe-coded applications reach incident response, she says, “You’ll often see absence of logging, lack of source control, or weak authentication alongside hardcoded secrets. Rather than a single fingerprint, it’s a collection of sloppy behaviors that point to informal development.”
Secure Code Warrior CTO Matias Madou takes a zero-trust stance. “As a security professional, I check any AI-generated code for flaws,” the veteran developer said. “But less experienced developers won’t. That’s where secrets and unsafe defaults slip through.”
Logic bugs hiding in plain sight
Studies show roughly a quarter of AI-generated Python and JavaScript snippets contain logic flaws or insecure defaults. That tracks with Madou’s experiments. “When tested against security challenges, LLMs consistently struggled with vague categories like DoS protection or misconfigured permissions—very common attack vectors.”
Worthington adds that vibe-coded apps often miss even basic hygiene like rate limiting, which attackers can quickly exploit. “Professional developers may also get overconfident in AI output and skip validation in the IDE, compounding the risk,” she noted.
The consequences are surfacing. Earlier this year, a SaaS founder admitted on X that his Cursor-built app was hacked. Tea, a women’s dating app some critics claimed was vibe-coded, leaked user data while its knock-off clone, TeaOnHer, exposed 53,000 emails and passwords through a trivial flaw.
Prompt Injection: AI’s dirty little secret
Microsoft’s EchoLeak showed how a maliciously crafted email could trick Copilot into exfiltrating internal data–proof that indirect prompt injection is more than a thought experiment. Researchers later found Amazon’s AI coding agent could be seeded with computer-wiping commands, blurring the line between LLM misuse and supply chain attack.
A single injected prompt hidden in a dependency or shared code block can flow straight through vibe-coded apps into production environments, effectively routing the attack past traditional defenses.“The risk grows as these tools integrate deeper into corporate systems,” Worthington said.
Bugcrowd CISO Nick McKenzie stressed that AppSec teams can cope if processes scale. “It’s a tall ask with all the vibing going on, but if you’ve built your AppSec processes correctly, reviewing AI-generated code has the same idiosyncrasies as reviewing human-written code,” he said. “The problem is when shadow AI slips through without review at all.”
Vibing in hallucinated dependencies
LLMs regularly recommend libraries that don’t exist or, even worse, are outdated ones riddled with flaws. Researchers have dubbed the resulting attacks “Slopsquatting.” One fake package pulled in 30,000 downloads before it was flagged.
Worthington cites data showing that at least 5.2% of dependencies suggested by commercial models and 21.7% of those from open-source models are hallucinated. “LLMs don’t assess whether a library is secure, viable, or even real,” she says.
Madau thinks developers ought to have the requisite knowledge. “Just trusting the model is not an option,” he said. “Dependencies have to be vetted by someone with context. Otherwise, you’re opening the door to a supply-chain compromise.”
Shadow IT meets unchecked automation
Replit’s AI coding assistant accidentally nuking a live database is the starkest example of Shadow AI.. Incidents like that keep CISOs up at night. “Shadow AI is real. It’s the top risk for us, harder to detect and monitor than traditional Shadow IT,” McKenzie said. “Developers can spin these tools up without oversight in ways we’ve never seen before.”
In response, Replit apologized publicly and rolled out stricter environment separation, ensuring its AI agent can no longer touch production data during development.
BugCrowd has responded to the threat of Shadow AI with a corporate-wide policy, IDE-integrated scanners, design reviews, and post-deployment bug bounties. But McKenzie admits the harder part is shifting developer behavior. “There’s no learning curve with vibing. It’s the mindset. Vibing creates a lot of slop straight out of the gate, and senior devs are spending more time re-reviewing and retraining.”
He predicts a shift in roles. “If vibe coding becomes the norm, engineers will be reviewers rather than coders. They can become AppSec’s first line of defense, if we train them to vet code with the right perspective.”
Keeping the vibes in check
Despite all its risks, vibe coding isn’t going away. Experts say the only trick is to probably treat AI-generated code like that of a junior developer, with a lot of scrutiny. This can be enforced with guardrails through rulesets, CI/CD enforcement, and explicit policies on when and how AI tools may be used.
Madou cautions against blind adoption. “Unrestricted use of AI has been demonstrated to be unsafe at any speed, regardless of the tool used,” he said. “Developers must upskill continuously if they want to benefit without creating bigger problems.”
Although this isn’t a small task. Training, governance, and cultural change all collide here, making the challenge less about the tools and more about how people adapt to them. Additionally, the pace of AI advancement far outstrips the rate at which most teams can learn, leaving a widening skills gap that organizations can’t afford to ignore.
McKenzie agrees the stakes are high. “Shadow AI is not some fringe risk — it’s here now, and it’s our job to manage it,” he stressed.
No Responses