RSAC: UK NCSC Head Urges Industry to Develop Vibe Coding Safeguards
RSAC: UK NCSC Head Urges Industry to Develop Vibe Coding Safeguards
https://www.infosecurity-magazine.com/news/rsac-uk-ncsc-urges-vibe-coding/
Publish Date: 2026-03-24 17:00:00
Source Domain: www.infosecurity-magazine.com
The head of the UK’s national cybersecurity agency is calling for security professionals to “seize the disruptive vibe coding opportunity” to make software more secure.
However, this must be coupled with the rapid development of vibe coding safeguards for AI code-generation tools to become “a net positive for security”.
Delivering a keynote speech during the RSA Conference in San Francisco on March 24, Richard Horne chief executive of the UK’s National Cyber Security Centre (NCSC), said the cybersecurity industry should leverage the exploding use of AI-assisted software development – also known as vibe coding – to reduce the collective vulnerability to cyber-attacks.
Whilst software produced without human review could potentially propagate vulnerabilities, well-trained AI tooling writing software which is secure by design could transform cybersecurity outcomes.
“The attractions of vibe coding are clear. Disrupting the status quo of manually produced software that is consistently vulnerable is a huge opportunity, but not without risk of its own,” he said.
“The AI tools we use to develop code must be designed and trained from the outset so that they do not introduce or propagate unintended vulnerabilities.”
NCSC’s Secure Vibe Coding Commandments
In parallel, David C, CTO for architecture at NCSC, published a blog on March 24 arguing that, while AI-generated code currently poses intolerable risks for many organizations, vibe coding shows “glimpses of a new paradigm” allowing “experienced developers to massively increase their productivity.”
The CTO predicted the business benefits of using AI to write code will drive up adoption. He argued it is vital that security professionals start engaging with the risks now and embed core security principles that will make software less vulnerable to attack.
His suggested commandments for securing vibe coding include:
- Integrate secure by default coding practices into vibe…
