For the Boomers: What is Vibe Coding?
The tweet that started it all defined vibe coding as:
“You fully give in to the vibes, embrace exponentials, and forget that the code even exists.”
In other words, vibe coding is a development approach where a programmer describes a problem in a few sentences to a Large Language Model (LLM), and the AI generates the software. This shifts the programmer’s role from writing code manually to guiding, explaining, and refining AI-generated output.
Advocates claim vibe coding makes software development more accessible—allowing people with minimal technical skills to build software by focusing more on prompting and code review rather than deep technical implementation.
But as the role of developers shifts, so does responsibility.
Why Developers Love It (And Why It’s a Security Nightmare)
In the past, developers would sit down, think through their functions, and consider security implications while writing code.
Now?
As AI generates more and more code, delivery cycles shrink, and engineers spend less time reviewing and refining what gets deployed. It’s much harder to anticipate vulnerabilities when you didn’t even write the code.
Developers: You know that moment when AI suggests something, and you’re like, "Yeah, that looks right"—but you don’t actually know why?
Well, congratulations! You might have just shipped a critical vulnerability into production.
An interesting story recently made the rounds on “X”(AKA: Twitter): A developer proudly showed off how he built a well-paying service using nothing but vibe coding and Cursor. No deep security reviews, no manual checks—just trusting the vibes. A few days later, reality hit hard. His service came under attack from multiple vectors, exposing critical vulnerabilities he hadn’t accounted for. In the end, he had to shut down the service entirely and rewrite his logic from scratch.
The original tweet sparked a wave of memes, but the takeaway was serious: when you let AI handle everything without questioning the output, you’re not just shipping features—you’re shipping vulnerabilities.
The Hidden Risks of Vibe Coding
- AI generates insecure patterns – Many AI-generated snippets are lifted from public repositories, often without security validation. If vulnerabilities exist in the original source, they can be blindly copied into production without developers realizing it.
- Blind trust in AI suggestions – If you don’t deeply understand the logic, you’re less likely to question it. In traditional coding, writing each line forces a level of understanding and scrutiny. With vibe coding, developers are often reviewing something they didn’t write, making it harder to spot subtle security flaws or logic errors. The result? More security gaps, unvalidated assumptions, and an overall increase in risk.
- Fewer security reviews – Shorter development cycles also mean less time for manual reviews. In the rush to ship features, security audits get deprioritized, and threat modeling takes a backseat. AI-generated code can be unpredictable, verbose, and inconsistent, leading to unexpected attack surfaces.
The Path Forward
If vibe coding is redefining software development, security needs to evolve alongside it. Traditional security models that rely on pre-production testing aren’t enough when code is being written (or generated) with vibe 😎 Instead, security must shift right and implement more proactive measures to create a safety net that keeps AI-generated software in check - think things like runtime protection, behavioral monitoring, and real-time alerts.
The reality is that vibe coding is here to stay. The question is: will your security stay the same, or will you shift the vibe of your program to keep up with the times?
