‘Vibecoding’ Privacy Risks Require Keeping Humans in the Loop
‘Vibecoding’ Privacy Risks Require Keeping Humans in the Loop
https://news.bloomberglaw.com/ip-law/vibecoding-privacy-risks-require-keeping-humans-in-the-loop
Publish Date: 2026-05-26 05:00:00
Source Domain: news.bloomberglaw.com
AI-performed coding doesn’t always apply the security best practices needed to avoid data breaches, undercutting its goals of streamlining application development and making it accessible to those lacking tech expertise.
Because artificial intelligence tools can’t build apps with the security controls necessary to prevent a data breach—and therefore litigation—human supervision remains a necessary part of the development process.
But to catch AI mistakes, human supervisors need to know what to look for.
“Because people that are not developers are building the apps, the chances they have mistakes are even larger” than if trained professionals were building them directly, said Ami Luttwak, chief technologist at cloud security company Wiz. And separate security teams may struggle to catch every error across a bigger amount of source code, he said.
In the event of a breach, the resultant lawsuits will likely put a significant pressure point on companies that incorporate AI into programming flows, requiring them to document how they used vibecoding so they can demonstrate they met a reasonable security standard, said Justine Phillips, a cybersecurity attorney at Baker McKenzie.
Automated Future
Vibecoding can describe either people with less technical savvy asking AI to create programs from a prompt or engineers directing AI agents to produce computer code.
A 2025 annual survey by programming question-and-answer site Stack Overflow found that 84% of respondents—professional and aspiring developers—were using AI in their development process or planning to in some way.
But all of the AI agents tested by cybersecurity firm Tenzai in an experiment measuring whether coding agents could reliably produce secure results introduced significant vulnerabilities, according to a January blog post.
Such mistakes could, for example, allow unauthorized people to see orders placed by any shopper on a website or allow a hacker to use a brute force attack to bypass a login…
