Why Vibe-Coding is a Huge Security Risk
It’s time to deal with a menace: vibe-coded security vulnerabilities. I first called attention to this issue on Linkedin 9 months ago, and the horror stories are still coming.
Here are a few of the problems vibe-coding creates:
- Save sensitive information to the source code repository
- Hallucinate package and software library names
- Replace source code with comments like/*Rest of code here*
- Remove features that seem unimportant
- Replace critical software workarounds with “best practices”
What we need is an LLM that is trained to evaluate code and identify potential hard an soft security vulnerabilities and bad code smells. Such an LLM would be invaluable in making Al-assisted codebases safer, but also helping new vibe coders to leam about the pitfalls of vibe coding Chinese LLMs such as DeepSeek, Kimi, and Owen (based on DeepSeek), have coding=based Al models that would make a solid foundation for na LLM that can analyze a code base and identify issues. Once identified, this bot would create a machine readable report for use in CICD pipelines.
It doesn’t have to be perfect. It just as to be good enough to make us think twice before we “commit”.
