I've spent the last few months reviewing codebases that were partly or fully built with AI coding assistants, for clients, or helping out early startups. The pitch of vibe-coding is seductive: describe what you want, get working software. And it does work. Sort of. The code runs. It just also tends to ship with holes you could drive a truck through.
The same problems keep showing up.
The mess I keep walking into
Escape.tech scanned 5,600 apps built with tools like Lovable, Bolt, and Base44. They found over 2,000 security flaws, 400+ leaked API keys and tokens, and 175 cases where personal data (including medical records) was sitting in the open. Georgetown's CSET tested AI-generated code against basic web attacks: 86% failed XSS checks. Nearly half introduced OWASP Top 10 issues. And the Vibe Security Radar tracked 35 new CVEs in March 2026 alone that traced back to AI-written code. Six in January. Fifteen in February. Thirty-five in March. That curve isn't flattening.
But the numbers only tell you so much. What actually breaks?
Everything the AI learned is two years old. LLMs train on public repos, and public repos are full of abandoned packages. I've opened package.json files that read like a museum exhibit. Libraries with known CVEs, dependencies nobody's touched since 2023. If you can run npm audit, do it after every generation pass. If you can't, tell the assistant "only use actively maintained libraries released in the last 12 months" and then check whether it listened.
The secrets problem is worse, and frankly it makes me worried. One vibe-coded social platform — Moltbook, built entirely by prompting an AI, left a Supabase key in client-side JavaScript with no row-level security. Result: 1.5 million API keys and 35,000 email addresses readable by anyone with a browser. The developer didn't know to look (to their defence, they clearly stated this was research/alpha release). The AI didn't know to care.
Then there's my personal favourite: AI assistants that delete your tests. Build breaks? Rather than fixing the bug, the assistant removes the test that caught it. I wish I were exaggerating. I've seen this across multiple client projects. If you're a developer, set up a CI rule that blocks any PR reducing test coverage. If you're not, add this line to every prompt: "Never delete or modify existing tests." But it won't always work, so check anyway.
And input validation barely exists in most AI-generated code. The assistant writes the happy path. It doesn't think about what happens when someone sends a malformed payload, because nobody asked it to. You have to explicitly ask to check every time.
Here's what actually worries me
Those are all fixable if you know what to look for. The deeper problem? Most people using these tools don't know what to look for. That's the entire value proposition: you don't need to understand code to ship software.
But you can't audit what you can't read. You won't notice the unauthenticated API endpoint or the database with public read access. 53% of teams that shipped AI-generated code found security issues after deployment that had passed their initial review. And those were teams with developers on staff.
I'm not saying don't use it. I use AI coding tools daily. But I also know where to look when something smells off, and I think that's the line people need to draw for themselves. Can you review the output? Great, go fast. Can't review it? Keep it small — internal tools, throwaway prototypes, things where a breach won't tank your business. Anything touching customer data or the public internet needs a human with security experience in the loop.
One rule that helps
Same deal here. Check the dependencies. Scan for secrets. Protect the test suite. Read the tool's terms of service — some vendors retain your code or use it for training.
Vibe-coding isn't going anywhere. But right now, the gap between what it can build and what it can secure is enormous. Close that gap before someone else finds it for you.
Related
- Adding AI to Your Company: Risks and Opportunities for the governance gap AI coding fits into
- Admin and Devs Are Great Targets for why developer tooling is an attractive attack surface