CyberIntel ⬡ News
★ Saved ◆ Cyber Reads
← Back ◇ Industry News & Leadership Jun 08, 2026

Everybody Is Vibe Coding But Nobody Told the Security Team

Security Week Archived Jun 08, 2026 ✓ Full text saved

AI-driven development is not something organizations can or should block. But it must be governed. The post Everybody Is Vibe Coding But Nobody Told the Security Team appeared first on SecurityWeek .

Full text archived locally
✦ AI Summary · Claude Sonnet


    In February 2025, Andrej Karpathy coined the term “vibe coding” to describe a new way of building software: rapid, AI-assisted development where users ‘fully give in to the vibes, embrace exponentials, and forget that the code even exists’.” Fast forward to 2026, and Anthropic CEO now predicts that 90% of code will be written by AI in 3-6 months. According to one survey, 84% of developers globally are using or planning to use AI coding tools in their workflow, up from 76% in 2024. Of those, 51% of professional developers use AI tools daily. The marketing manager, the operations lead, the finance team — all of them are building working applications, connecting them to production systems, and deploying them. Mostly without involving IT, and often never involving security. Security Challenges With Vibe Coding Apps Recent research from Veracode shows 45% of AI-generated code contains OWASP Top 10 vulnerabilities. AI models have improved dramatically at generating code that compiles and runs – but the security of that code is not always sound. The reason is straightforward: AI optimizes for functionality, not security. Researchers at RedAccess recently analyzed thousands of vibe-coded applications built on Lovable, Replit, Base44, and Netlify. They found more than 5,000 with virtually no security or authentication. Around 40% exposed sensitive data — medical information, financial records, corporate strategy documents, detailed customer conversation logs. Among verified exposures: a shipping company app detailing vessel port arrivals; an internal health company application listing active UK clinical trials. Many of these applications are indexed by Google. As relayed in the report– no exploitation was required; this was research on exposed applications with public URLs. This lack of security control extends to the AI agents themselves, whether assisting a professional developer or a non-developer. A software company, PocketOS, reported that its Cursor AI coding agent deleted its entire production database and “all volume-level backups” in nine seconds. Replit’s AI agent deleted 1,206 executive records and 1,196 company records while under explicit code-freeze instructions — then admitted: “Yes. I deleted the codebase without permission during an active code and action freeze. This was a catastrophic error in judgment.” It then told the user a rollback would not work. That turned out to be false. A New Shadow AI Problem For two years, the security industry has discussed shadow AI as a behavior problem — employees pasting sensitive data into ChatGPT on personal accounts. That problem is bounded: the exposure lives in the inference layer, and there are tools that are focused on detecting it. Vibe coding brings a different shadow AI problem. The employee is not sending data somewhere. They are building something — a live application connected to your CRM, your database, your ticketing system — and deploying it publicly. Your security stack – with insights distributed across multiple data silos – was never designed to find it. Organizations running mature secure web gateways, CASB, or DNS logging can detect employee access to vibe-coding platforms. But detecting access is not the same as inventorying what was deployed, what data it holds, or whether it requires authentication. For example – while a CASB can detect that an employee accessed Replit, it cannot inventory what was deployed, what data it holds, or if it requires a login. These apps live in the “visibility gap” between network security and AppSec, often because they are deployed directly to third-party platforms and bypass the organization’s traditional CI/CD pipelines or cloud environments that AppSec tools are designed to monitor. What Should Security Leaders Do? Similar to the initial reaction with shadow IT, the instinct is to prohibit vibe coding tools. That instinct is wrong. AI-driven development is not something organizations can or should block. But it must be governed. The question is what governance actually means in practice when the tools move faster than any policy framework. Here are some best practices security leaders can act on now: Discover before you govern. You cannot govern what you cannot find. Before writing policy, answer the question: do applications built by your employees on Lovable, Replit, Base44, or Netlify currently exist and are they reachable from the open internet? Run discovery scans across major vibe-coding platform domains. Review your cybersecurity stack. As with most cybersecurity best practices, there are several tools that can help with securing vibe coding applications and the applications developed: Browser security provides unique visibility into vibe coding applications–  identify where the employee describes the application, uploads data, connects production integrations, and deploys. Add vibe-coding domains Lovable, Replit, Base44, Bolt, Netlify to your DLP policy as monitored destinations. This does not stop employees from building. It ensures that when sensitive data moves through these channels, you have a record. Implement OAuth and API key governance to detect when production credentials are connected to unregistered applications Extend application security to non-developer-built applications. Mandate human-in-the-loop reviews for critical functions built by non-developers. Treat prompts as source code requiring auditability. Establish ownership and lifecycle rules for every vibe coded application deployed within the organization — including named owners and data classification. Enforce infrastructure-level controls on AI agents, not just instructions. A Replit incident demonstrated that telling an AI agent not to modify production data is not the same as preventing it from doing so. Read-only database connections for AI agent access, enforced at the infrastructure level, are not optional. Agents need the same access controls as any other actor in your environment. The Clock Is Ticking While authorities like the UK’s NCSC, the EU, and CISA urge the development of long-term safeguards for secure-by-design AI tooling, the immediate reality is far more pressing. There is likely a live application connected to your production database—accessible to anyone with a URL—that your security team hasn’t found yet. It’s time to start looking. Learn More at the AI Risk Summit | Ritz-Carlton, Half Moon Bay Related: Vibe Coding’s Real Problem Isn’t Bugs—It’s Judgment Related: Vibe Coding: When Everyone’s a Developer, Who Secures the Code? WRITTEN BY Danelle Au Danelle Au is a cybersecurity and AI go-to-market leader with 20+ years of experience bringing disruptive security, cloud, and AI technologies to market. She is currently VP of Product Marketing at Cylake. Danelle has held multiple CMO and VP roles across startups and market leaders—including Infoblox, Ordr, Blue Hexagon, SafeBreach, and Adallom—helping define emerging security categories and scale go-to-market engines. She is a co-founder and co-author, has multiple U.S. patents, and holds an M.S. in Electrical Engineering from UC Berkeley. The opinions and views expressed within her articles are those of Danelle alone in her personal capacity and do not necessarily reflect the positions of Cylake or any of her prior employers. More from Danelle Au Is the SOC Obsolete, and We Just Haven’t Admitted It Yet? From Ex Machina to Exfiltration: When AI Gets Too Curious Inside the Verizon 2025 DBIR: Five Trends That Signal a Shift in the Cyber Threat Economy DNS: The Secret Weapon CISOs May Be Overlooking in the Fight Against Cyberattacks From Warnings to Action: Preparing America’s Infrastructure for Imminent Cyber Threats Seeing is Believing… and Securing Coming Soon to a Network Near You: More Shadow IoT Every “Thing” Everywhere All at Once Trending Webinar: Third-Party Risk In Practice June 4, 2026 Organizations are investing heavily in third-party risk management, but breaches, delays, and blind spots continue to persist. Join this live webinar as we examine the gap between how organizations think their third-party risk programs are performing and what’s actually happening in practice. Register Virtual Roundtable: CISO Forum 2026 Mid-Year Review June 10, 2026 Explore how attackers are using AI to scale threats and how security teams can respond with AI-driven defenses. Protecting against unmonitored use of generative AI (Shadow AI) in business units and building and enforcing AI governance frameworks. Register People on the Move Opal Security has appointed CPO, CTO, VP of Field Engineering, VP of Marketing, and Head of Product and Solutions Marketing. The Department of the Air Force has appointed Ashley Devoto as Chief Information Officer. Bartley Richardson has been named Chief AI and Autonomous Systems Officer at CrowdStrike. More People On The Move Expert Insights The Zero-Knowledge Threat Actor And The End Of Responsible Disclosure AI can help attackers generate malware, create malicious payloads, bypass simple security checks, and convert vague malicious intent into functional code. (Etay Maor) Raising The Cybersecurity Stakes: Ante Up For The Agentic Era CISOs are now facing machine-speed attacks and asking, “How do I agent?” The industry must provide remediation at scale. (Nadir Izrael) Caught Off Guard: Securing AI After It Hits Production As enterprises rush AI projects into production, security teams are increasingly being forced into reactive mode. (Joshua Goldfarb) Cyber Resilience Is The New Business Continuity Plan The organizations best prepared to face disruption are those that align security, continuity and risk management around what the business cannot afford to lose. (Steve Durbin) Enhancing Data Center Security Without Sacrificing Performance For AI data centers, where the stakes are the highest and performance constraints are the tightest, security and performance are no longer a zero-sum game. (Nadir Izrael) Flipboard Reddit Whatsapp Email
    💬 Team Notes
    Article Info
    Source
    Security Week
    Category
    ◇ Industry News & Leadership
    Published
    Jun 08, 2026
    Archived
    Jun 08, 2026
    Full Text
    ✓ Saved locally
    Open Original ↗