{"id":271721,"date":"2026-06-08T11:30:00","date_gmt":"2026-06-08T15:30:00","guid":{"rendered":"https:\/\/news-you-need.com\/index.php\/2026\/06\/08\/everybody-is-vibe-coding-but-nobody-told-the-security-team\/"},"modified":"2026-06-12T20:25:15","modified_gmt":"2026-06-13T00:25:15","slug":"everybody-is-vibe-coding-but-nobody-told-the-security-team","status":"publish","type":"post","link":"https:\/\/news-you-need.com\/index.php\/2026\/06\/08\/everybody-is-vibe-coding-but-nobody-told-the-security-team\/","title":{"rendered":"Everybody Is Vibe Coding But Nobody Told the Security Team"},"content":{"rendered":"<p><a href=\"https:\/\/www.securityweek.com\/everybody-is-vibe-coding-but-nobody-told-the-security-team\/\">Everybody Is Vibe Coding But Nobody Told the Security Team<\/a><\/p>\n<p><a href=\"https:\/\/www.securityweek.com\/everybody-is-vibe-coding-but-nobody-told-the-security-team\/\">https:\/\/www.securityweek.com\/everybody-is-vibe-coding-but-nobody-told-the-security-team\/<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-06-08 11:30:00<\/a><\/p>\n<p>Source Domain: <a href=\"www.securityweek.com\">www.securityweek.com<\/a><\/p>\n<p class=\"wp-block-paragraph\">In February 2025, Andrej Karpathy coined the term \u201cvibe coding\u201d to describe a new way of building software: rapid, AI-assisted development where users \u2018fully give in to the vibes, embrace exponentials, and forget that the code even exists\u2019.\u201d<\/p>\n<p class=\"wp-block-paragraph\">Fast forward to 2026, and Anthropic CEO now predicts that 90% of code will be written by AI in 3-6 months. According to one survey, 84% of developers globally are using or planning to use AI coding tools in their workflow, up from 76% in 2024. Of those, 51% of professional developers use AI tools daily.<\/p>\n<p class=\"wp-block-paragraph\">The marketing manager, the operations lead, the finance team \u2014 all of them are building working applications, connecting them to production systems, and deploying them. Mostly without involving IT, and often never involving security.<\/p>\n<p class=\"wp-block-paragraph\"><strong>Security Challenges With Vibe Coding Apps<\/strong><\/p>\n<p class=\"wp-block-paragraph\">Recent research from Veracode shows 45% of AI-generated code contains OWASP Top 10 vulnerabilities. AI models have improved dramatically at generating code that compiles and runs \u2013 but the security of that code is not always sound. The reason is straightforward: AI optimizes for functionality, not security.<\/p>\n<p class=\"wp-block-paragraph\">Researchers at RedAccess recently analyzed thousands of vibe-coded applications built on Lovable, Replit, Base44, and Netlify. They found more than 5,000 with virtually no security or authentication. Around 40% exposed sensitive data \u2014 medical information, financial records, corporate strategy documents, detailed customer conversation logs.<\/p>\n<p><span class=\"zox-ad-label\">Advertisement. Scroll to continue reading.<\/span><\/p>\n<p class=\"wp-block-paragraph\">Among verified exposures: a shipping company app detailing vessel port arrivals; an internal health company application listing active UK clinical trials. Many of these applications are indexed by Google. As relayed in the report\u2013 no exploitation was required; this was research on exposed applications with public URLs.<\/p>\n<p class=\"wp-block-paragraph\">This lack of security control extends to the AI agents themselves, whether assisting a professional developer or a&#8230;<\/p>\n<p><a href=\"https:\/\/www.securityweek.com\/everybody-is-vibe-coding-but-nobody-told-the-security-team\/\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Everybody Is Vibe Coding But Nobody Told the Security Team https:\/\/www.securityweek.com\/everybody-is-vibe-coding-but-nobody-told-the-security-team\/ Publish Date: 2026-06-08 11:30:00&#8230;<\/p>\n","protected":false},"author":1,"featured_media":271722,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/www.securityweek.com\/wp-content\/uploads\/2025\/08\/Vibe-Coding-Security.jpg","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[26],"class_list":["post-271721","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-ai"],"_links":{"self":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/271721"}],"collection":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=271721"}],"version-history":[{"count":1,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/271721\/revisions"}],"predecessor-version":[{"id":271723,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/271721\/revisions\/271723"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/271722"}],"wp:attachment":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=271721"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=271721"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=271721"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}