Safeguard
AI Security

What is Vibe Coding (and its security risk)?

Vibe coding lets AI write your app while you skip the review. Veracode found 45% of AI-generated code is vulnerable. Here's the risk, and how Safeguard closes the gap.

James
Principal Security Architect
7 min read

On February 2, 2025, Andrej Karpathy tweeted a name for something developers had already started doing: describing a feature in plain English, letting an AI model write the implementation, and shipping the result with barely a glance at the diff. He called it "vibe coding." Five months later, GitHub reported that more than 97% of developers had used an AI coding tool at least once, and Y Combinator's Garry Tan said roughly a quarter of the accelerator's Winter 2025 batch had codebases that were 95% or more AI-generated. The productivity story is real. So is the security story: Veracode's 2025 GenAI Code Security Report tested over 100 large language models across 80 curated coding tasks and found that 45% of the resulting code contained at least one exploitable vulnerability. This post breaks down what vibe coding actually is, why it fails security so consistently, and what that means for teams shipping AI-written code into production.

What Is Vibe Coding, Exactly?

Vibe coding is the practice of generating software by describing intent to an AI model in natural language and accepting its output with little to no manual review of the underlying code. Karpathy's original description was blunt: you "fully give in to the vibes," forget the code exists, and just see if the app runs. That's a meaningful departure from AI-assisted coding, where a developer reads Copilot's suggestion line by line before accepting it. Tools built explicitly around this workflow — Cursor, Replit Agent, Bolt.new, Lovable, Windsurf, and agentic modes in Claude Code and GitHub Copilot — now let non-engineers and solo founders stand up full-stack applications, complete with databases and payment integrations, in an afternoon. The risk of skipping review surfaced publicly in July 2025, when a Replit AI agent deleted a production database mid-session during a live coding run, an incident the affected founder documented in detail and that circulated widely as a cautionary tale about unsupervised agentic coding.

Why Does Vibe Coding Produce Insecure Code?

Vibe coding produces insecure code because LLMs are trained to generate output that looks correct and satisfies the prompt, not output that resists attack, and they default to whatever pattern is statistically most common in their training data — which is frequently the insecure one. Veracode's testing found this held regardless of how the prompt was worded: models introduced vulnerabilities at nearly the same rate whether or not the prompt explicitly asked for secure code. Model size and recency didn't help either — newer, larger models performed no better on security benchmarks than smaller, older ones, suggesting the gap is architectural rather than a training-data-freshness problem. The failure rate also varies sharply by language: Java code generated by LLMs failed security tests in 72% of tasks in the Veracode study, the worst of the languages tested, while Python, JavaScript, and C# fared somewhat better but still failed at rates high enough to matter in production. None of this is visible to a developer who only checks whether the feature works — which is precisely the point of vibe coding.

How Bad Is the Problem, According to the Data?

The problem is bad enough that security failures are now the norm rather than the exception in AI-generated code, and the trend has not improved as models have gotten more capable. Beyond the 45% overall vulnerability rate, Veracode found that AI-generated code failed to prevent cross-site scripting (CWE-80) in 86% of relevant tasks and failed to prevent log injection (CWE-117) in 88% of tasks — both OWASP Top 10 categories that static analysis has caught reliably for over a decade in human-written code. Secrets sprawl compounds the problem: GitGuardian's 2025 State of Secrets Sprawl report counted 23.8 million hardcoded secrets exposed on public GitHub in 2024 alone, and researchers who audited apps built on AI app-builders in the following months — including a well-publicized April 2025 disclosure involving Lovable-built applications — found default configurations that left customer databases readable without authentication. These aren't exotic zero-days; they're the kind of misconfiguration a five-minute code review would normally catch, except vibe coding is designed to skip that review.

What Kinds of Vulnerabilities Show Up Most Often?

The vulnerabilities that show up most often in vibe-coded software are the unglamorous, high-frequency ones: hardcoded API keys and credentials, missing input validation that opens the door to injection attacks, broken or absent access control on newly generated endpoints, and dependencies pulled in by the AI agent without any vetting of provenance or known CVEs. Log injection and XSS lead Veracode's results, but SQL injection, insecure deserialization, and path traversal appear consistently enough across models and languages to qualify as systemic rather than incidental. On the supply chain side, AI coding agents frequently resolve to whichever package name best matches the prompt — a behavior security researchers have shown can be exploited through "slopsquatting," where attackers register malicious packages under names LLMs are statistically likely to hallucinate, betting that a vibe-coded pipeline will install them without a human checking the registry first. Put together, a single vibe-coded feature can ship with a leaked secret, an unvalidated input, and a typosquatted dependency — three separate attack surfaces introduced in one prompt.

Where Does Veracode Fit — and Where Does It Fall Short?

Veracode's own research is genuinely one of the most cited datasets on LLM code security, and that credibility is well earned — but Veracode as a product was built for a pre-AI development cadence, not the compressed loop of a vibe coding session. Its SAST, DAST, and SCA scanning are designed around CI pipeline integration, scheduled or gated scans, and policy workflows tuned for enterprise AppSec teams managing quarterly release cycles. That model assumes there's a pipeline to gate and a security team reviewing findings before merge. Vibe coding breaks both assumptions: a founder using Lovable or Cursor can go from prompt to public deployment in under an hour, often with no CI pipeline at all, and no AppSec team in the loop. Veracode's scan latency and enterprise-oriented policy tooling, built for a world of scheduled releases, aren't designed to catch a hardcoded key or a hallucinated package the moment an AI agent writes it. The result is a real and useful research signal — 45% of AI code is vulnerable — paired with a product motion that arrives too late for the environments where that risk is concentrated.

How Safeguard Helps

Safeguard is built for exactly the gap that vibe coding opens up: fast, continuous, supply-chain-aware protection that runs where AI agents actually write code, not just where traditional CI pipelines eventually catch up to it. Concretely, that means:

  • Secret detection at the point of generation. Safeguard scans commits and AI-agent-generated diffs in real time for hardcoded API keys, tokens, and credentials before they ever reach a public repository, closing the exact gap that exposed customer data in the Lovable disclosures.
  • Dependency provenance and slopsquat detection. Every package an AI coding agent resolves is checked against known-malicious and typosquatted package signals, so a hallucinated dependency name doesn't silently become a supply chain compromise.
  • SBOM generation for AI-assisted repos. Safeguard automatically builds and maintains a software bill of materials as code is generated, giving teams visibility into what an AI agent actually pulled in — visibility that's otherwise lost when a whole app is scaffolded in one session.
  • Lightweight CI/CD and IDE integration. Rather than requiring a full enterprise scan pipeline, Safeguard's checks run inline with the same speed vibe coding tools operate at, so security gates don't become the reason teams skip security altogether.
  • Risk prioritization using EPSS and exploit context. When AI-generated code does introduce a known vulnerability class — like the CWE-80 and CWE-117 patterns Veracode's research flags as endemic to LLM output — Safeguard ranks it by real-world exploitability, not just severity score, so teams fix what actually matters first.

Vibe coding isn't going away, and it shouldn't have to — the productivity gains are real. But "the AI wrote it and it worked" can't be the security bar for code reaching production. Safeguard is designed to sit inside that faster loop, catching the secrets, dependencies, and injection flaws that vibe coding workflows are structurally prone to introducing, without asking teams to slow back down to a pre-AI development pace.

Never miss an update

Weekly insights on software supply chain security, delivered to your inbox.