Vibe-Coding? Don't Start Without This.

The allure of creating personalized, AI-powered applications, often termed "vibe-coded" apps, presents a burgeoning security challenge, potentially transforming a dream solution into a digital nightmare.

Bob Starr, a project manager in the tech sector, experienced this firsthand. He developed "Boomberg," a vibe-coded website designed to track U.S. tax money allocated to tech companies, launching it soon after completion. Months later, he discovered a critical oversight: a hidden SQL injection vulnerability. This flaw could have allowed unauthorized access to, or alteration of, sensitive data on the site.

“It was just a glaring oversight on my part. It was a complete blindspot in my state of learning this new technology and understanding it, and I’m sure there are others making the same mistake,” Starr admitted.

“It was a complete blindspot in my state of learning this new technology and understanding it.”

While Starr promptly rectified the issue, his experience is not isolated. Social media abounds with accounts of security vulnerabilities in AI-generated applications. Jer Crane, founder of PocketOS, recounted on X how an AI coding agent inadvertently erased his company’s production database. Similarly, serial entrepreneur Joe Procopio developed a vibe-coded web app for private demonstrations, only to take it down after it was targeted by hackers. He now resorts to "the old fashioned way," conducting demos from his local machine via Zoom, lamenting, “It’s sooo 2023.”

As David Pierce of The Verge noted, we are entering a "new era of personal software," where AI empowers anyone to build bespoke applications. However, this convenience is paralleled by a new wave of security concerns. While these apps are easy to construct, they prove challenging to secure, especially in an environment where AI can also be leveraged for malicious attacks.

“My general core take is that vibe coding is not bad because amateurs can build software. That’s actually the good part,” states Gabriel Bernadett-Shapiro, a distinguished AI research scientist at the AI-powered cybersecurity firm SentinelOne.

Bernadett-Shapiro highlights the critical danger that emerges when a personal app, initially designed for individual use, transitions into a business application that stores shared, hosted data, often without users realizing the profound shift in security requirements. The calculus changes significantly, he explains, when vibe coding moves beyond local tools for tracking personal items like migraines or meals, into applications handling customer logs, medical records, financial data, or internal documents.

“Those need to be held to a different standard. Even if it was built by one person in an afternoon. Even if the software creating the software was trivial. The moment that it touches other people’s personal data, then that’s when I think the standard changes.”

Jack Cable, CEO and cofounder of Corridor, a security platform for AI-native software development, concurs with this assessment.

“Vibe coding is not bad because amateurs can build software. That’s actually the good part.”

Cable advises that “vibe coding is great for lower risk things,” such as prototypes or non-sensitive fitness trackers. However, he stresses that financial records and any application exposed on the public internet demand rigorous scrutiny. “Are you exposing any of your own or other people’s data there?” he asks, urging developers to “think through what the threat model looks like, and if you’re not sure if something you’re doing is secure, better safe than sorry.”

Max Segall, chief operating officer at crypto wallet firm Privy, exemplified this cautious approach. He vibe-coded "EzRun" as a playful incentive for his child, offering $10 in Ethereum for every joint run. Fortunately, a colleague identified a critical flaw before launch that could have allowed unauthorized modification of user accounts for access.

A more alarming and high-profile incident occurred in late January with the viral social network Moltbook, launched by developer Matt Schlicht. Built entirely by AI agents without a single line of human code, the app’s entire production database was found wide open within days by researchers at Wiz, exposing tens of thousands of email addresses and private messages. Moltbook promptly patched the vulnerability, but this was not an isolated case. Wired reported that cybersecurity firm Red Access discovered approximately 5,000 publicly accessible apps, built with popular vibe-coding tools, that lacked authentication. Nearly 2,000 of these were reportedly leaking sensitive data, including medical and financial information, strategic documents, and chatbot conversation logs.

It is important to acknowledge that many professionally developed pre-AI software applications also suffer from severe insecurity. However, just as vibe coding dramatically increases the volume of applications being produced, it also escalates the number of potential security risks. Furthermore, it introduces the danger of overconfidence, as users may readily trust an AI tool that asserts its code is secure.

“If you’re not sure if something you’re doing is secure, better safe than sorry.”

In typical vibe-coding workflows, security checks are not automatic unless specifically configured. The development process often continues uninterrupted. Existing security tools must be explicitly invoked. For instance, while Claude Code offers a /security-review command to scan for vulnerabilities, users must actively request it. An automatic version exists, but only if pre-configured to run on pull requests, a step often overlooked by casual builders.

OpenAI’s coding agent, Codex, includes a built-in security agent, Codex Security, which scans commits and proposed patches. However, this feature is primarily designed for developers with established version-control workflows, not for individuals casually generating apps. For the broader user base, the message is clear: security must be explicitly prompted for at the outset of development and again at completion, particularly when the application accesses sensitive data.

“A lot of security is contextual,” Cable explains, cautioning against a false sense of security from an agent’s review, especially if the agent lacks understanding of the specific threat model or hasn’t received adequate guidance.

Bernadett-Shapiro’s primary concern isn't flawed AI-generated code itself, but rather the pervasive lack of authentication. Developers might overlook this crucial aspect when migrating a locally functional app to the cloud with unfamiliar configuration options, leading to the exposure of sensitive data. This type of failure, akin to leaving a box of secrets on a public sidewalk, is what worries him most, and it is a vulnerability frequently discovered by researchers.

AI demonstrates proficiency in identifying bugs when prompted. Advances in models, such as Anthropic’s Mythos (which also highlighted how easily vulnerabilities could be exploited), can now be used to harden apps developed by vibe coders. Bernadett-Shapiro notes that GPT-5.5-Cyber, or even base models of other applications, can assess security and pinpoint issues that even skilled human developers might miss. However, he also points out that users may not fully grasp the security tradeoffs they are making or might dismiss warnings as acceptable risks.

“A lot of security is contextual.”

Some foundational security structures are beginning to emerge. OWASP, the nonprofit behind many web security standards, has published an AI security verification standard targeting organizations. Firms like Trail of Bits are releasing "skills"—add-on instruction packs that direct coding agents to perform specific security tasks, such as flagging insecure default settings or hardcoded passwords before deployment. Cable notes that these skills require specific triggering, which doesn't seamlessly integrate into typical development flows, and maintaining their updates and synchronization across various coding agents and evolving codebases presents challenges.

Moreover, these "skills" can be a double-edged sword, as malicious versions also exist.

In February, Jason Meller of 1Password investigated the most downloaded skill on a popular OpenClaw skill registry and discovered it instructed users to install a malicious dependency. The landscape remains largely unregulated, making it difficult to discern whether a skill will enhance an app's security or inadvertently expose user credentials to attackers.

The issue of insecure vibe-coded applications extends beyond individual hobbyists. Cable observes that engineers, and even sales and marketing teams within large corporations, are now deploying significantly more agent-written code. He emphasizes the need for security teams to have baseline visibility into how these agents are being utilized, alongside enforced guardrails, whether through specialized skills or through products like Corridor’s, which aim to prevent flaws before code is even generated.

For individuals, Cable’s guidelines are simpler: recognize that an app running locally on one's own computer carries substantially less risk than one made public, especially if it handles sensitive data.

“Literally overnight, the way most companies produce software has changed completely,” Cable remarks. He expresses optimism regarding coding agents themselves, provided they operate within appropriate guardrails. The underlying models are increasingly built on memory-safe stacks, inherently eliminating entire classes of vulnerabilities. “I do think there is reason to be optimistic here,” he concludes.

Jeff Rothblum, a government affairs specialist, offers an example of building a vibe-coded app with security as a core consideration for managing tedious data entry. He meticulously analyzed the information the app would handle, its sensitivity, and the potential consequences of a data breach. This proactive approach is notably rare, especially given the rapid evolution of the technology landscape.

During his tenure as head of government affairs and strategy at Lilt, Rothblum faced the arduous task of submitting numerous unique input forms to various government committees to advance legislative ideas. Faced with dozens, sometimes hundreds, of these forms within six-week periods, he developed a tool after enduring eight 75-hour weeks and a subsequent layoff. This app scrapes links and due dates into a single dashboard and leverages a large language model (LLM) to pre-populate each form, requiring users only to review, edit, and paste an account number before submission.

Vibe-code the app of your dreams, but think through what data the app is storing and has access to and what could go wrong.

Rothblum was acutely aware of the inherent risks, particularly because he did not write the code himself. “The last time I wrote code was probably in undergrad in 2006 writing Fortran to analyze fluid flows as an aerospace engineer,” he told The Verge. The primary risk he identified was the inadvertent leakage of sensitive strategies or lobbying rationale, which remain confidential even when filings become public. To mitigate this, he conducts regular security reviews using Claude, keeps user data local rather than on his servers, and is implementing stricter retention safeguards.

His vibe-coded app is designed to clear the browser cache and transparently informs users that data is sent to Claude, linking directly to its retention policy. He is actively developing a version where no user input is stored by the AI, even temporarily, and another version that would allow users to route all data through their own LLM instance rather than his Claude setup.

While Rothblum has considered developing a broader lobbying intelligence tool, he intends to invest four to five figures to engage a professional security engineer to review his code if he begins working with more sensitive data. “I’m happy with open-source stuff and I’m happy with ephemeral stuff, but everything else kind of scares me,” he admits.

The ideal scenario involves human expert code review, but Cable points out that this is becoming a significant bottleneck. The pressing question, he states, is how to secure a future where the majority of code is deployed without any human oversight.

For now, the actionable advice for individuals is more immediate: embrace the creation of your dream app, but critically evaluate what data it stores and accesses, and consider what could potentially go wrong. Instruct the AI to build with security in mind, and conduct code reviews after every modification, including those generated by the AI itself. Exercise extreme caution before migrating an app from your local device to the cloud, or granting it access to any sensitive data or accounts. The distinction between an innovative project and a security nightmare often hinges on asking the right questions upfront.