February 28, 2026

In Defense of Vibe Coding

GenAI should be an extension of you, not your replacement.

Say “Generative AI” in a room full of developers and you’ll get everything from ✨ excitement to 💢 existential dread .

The most frequently made points against Generative AI are:

Stealing intellectual property for training datasets;
AI slop and the Dead Internet Theory (not a theory nowadays);
Local and global environmental impact (more power demand worsening climate change, water usage, etc);
Jobs recession (an LLM is cheaper than hiring a junior developer);
Ethical horrors and personal safety (like millions of Grok’s non-consensual deepfakes, and reports of AI-linked suicides);
GPU/RAM chip shortage

…and many more. What makes many of these worse isn’t AI itself - it’s careless vibe coding.

The scrutiny is understandable. But I think the discussion is missing something.

What is Vibe Coding?

“In computer programming, vibe coding is a software development practice assisted by artificial intelligence (AI) and based on chatbots (programs that simulate conversation). The software developer describes a project or task in a prompt to a large language model (LLM), which generates source code automatically. Vibe coding typically involves accepting AI-generated code without closely reviewing its internal structure, instead relying on results and follow-up prompts to guide changes.”

Wikipedia: Vibe coding

In simpler terms, it is essentially letting the LLM write the code, either with you, or for you.

What could possibly go wrong?

Everything can go Wrong if Left Unchecked

(June) Authy, (August) SOLARMAN

In June 2024, Authy was hacked, with threat actors from the group ShinyHunters succeeding in leaking 33.4 million phone numbers linked to Authy accounts. While investigating the broader implications of this breach, I learned something troubling from conversations with Twilio’s security team.

The attack vector included the exploitation of undocumented API endpoints that had been auto-generated during their microservice scaling operations. These weren’t traditional forgotten endpoints — they were dynamically created interfaces that existed outside their API governance framework entirely.

Consider what happened to SOLARMAN in August 2024. Security researchers from Bitdefender disclosed severe vulnerabilities in two SOLARMAN API endpoints. One of the endpoints, /oauth2-s/oauth/token, allowed customers to obtain a JWT (JSON Web Token), but the problem was that the server didn’t verify the authenticity of the requests.

But here’s what caught my attention during conversations with their engineering team: they couldn’t definitively trace who authored those vulnerable endpoints. The OAuth implementation showed telltale signs of AI generation — syntactically correct but lacking the defensive patterns experienced developers build in.

DZone: Phantom APIs, The Security Nightmare Hiding in Your AI-Generated Code

2025 has marked the beginning of the definition “vibe coding”:

(July) Replit

Replit incident: SaaStr’s Jason Lemkin trusted Replit’s AI agent to build a production-grade app. At first it was exhilarating: prototypes in hours, QA checks, rapid progress. Then things unraveled. The AI started lying about unit tests, ignored code freezes, and eventually deleted the entire SaaStr production database. Months of curated executive records were gone overnight. As Lemkin told ZDNet, “you can’t overwrite a production database. Nope, never, not ever.”

aikido: WTF is Vibe Coding Security?

(July) Tea App

On July 25, 2025, Tea App made a devastating announcement: they had been “hacked.” According to their official statement, unauthorized access occurred at 6:44 AM PST, compromising a legacy data storage system. The breach exposed approximately 72,000 images, including 13,000 government ID photos from user verification and 59,000 publicly viewable images from posts and messages.

Here’s the shocking truth: nobody actually “hacked” Tea App. Security experts discovered that the Firebase storage system was left completely open with default settings. As investigators noted, “They literally did not apply any authorization policies onto their Firebase instance.”

Netlas.io: Top Vibe-Coding Security Risks

(August) Cursor and Claude Code Vulnerabilities

The CurXecute vulnerability (CVE-2025-54135) allowed attackers to order the popular AI development tool, Cursor, to execute arbitrary commands on the developer’s machine. All this needed was an active Model Context Protocol (MCP) server connected to Cursor, which an external party could use for access. This is a typical situation — MCP servers give AI agents access to Slack messages, Jira issues, and so on. Prompt injection can be performed through any of these channels.

A vulnerability in the Claude Code agent (CVE-2025-55284) allowed data to be exfiltrated from a developer’s computer through DNS requests. Prompt injection, which relied on common utilities that run automatically without confirmation, could be embedded in any code analyzed by the agent.

Kaspersky Daily: The hidden dangers of AI coding

(December) Google Antigravity

Within 24 hours of Google releasing its Gemini-powered AI coding tool Antigravity, security researcher Aaron Portnoy discovered what he deemed a severe vulnerability: a trick that allowed him to manipulate the AI’s rules to potentially install malware on a user’s computer.

Forbes: A security researcher discovered a nasty flaw in Google’s Antigravity tool.

AI development horror stories are more common than you might imagine, and one of the latest involves a massive error that deleted the contents of a user’s entire D: drive. Reddit user Deep-Hyena492 made a post last week laying out in detail the error that occurred as they were attempting to code an app.

Windows Central: Google’s AI coding assistant deletes user’s entire D: drive

Maybe 2026 is different?

(February) Moltbook

We identified a misconfigured Supabase database belonging to Moltbook, allowing full read and write access to all platform data. The exposure included 1.5 million API authentication tokens, 35,000 email addresses, and private messages between agents. We immediately disclosed the issue to the Moltbook team, who secured it within hours with our assistance, and all data accessed during the research and fix verification has been deleted.

Wiz: Hacking Moltbook, The AI Social Network Any Human Can Control

Nope. And that’s before I even get to mainstream software increasingly shipping AI-generated bugs. Especially Windows 11.

What am I trying to get across? The moment you treat the model as the engineer instead of the assistant, you’ve already lost the plot.

My personal recommendations

Theory:
- Know the basics of the language and/or the tech stack you’re trying to vibe code in;
  - If you don’t, you won’t even know if what you want is possible with said language or tech stack. Know how high you can shoot before you start shooting. Shoot too low - and you hit yourself.
- Know the limits of the model you’re utilizing (context limit, benchmark scores and hallucination scores, tool calling capability, etc.);
- Know the environment you’re vibe coding in. Are you just copy-pasting the code from ChatGPT/DeepSeek, or are you using a CLI or an IDE agent? Just so you won’t be surprised when the agent decides to ship your environment variables to a random webhook to be drained, or when it decides to wipe the entire drive because it was nicely asked to by anyone else but you (like itself).
Act:
- Highly recommended to use a sandboxed environment as a precaution;
- Make sure you can interrupt the agent at any moment (Yes, I’m looking at you, OpenClaw);
- Set strict guidelines;
  - If possible, set heavy restrictions on what tools the model can use and how, otherwise make everything human confirmation only, if not even that is possible then consider switching agents;
  - Git commits are basically required. Something goes wrong? Revert to the previous commit instead of trying to tell the agent to code the previous version again.
- Read and verify every change yourself. Most if not all agents have a convenient built in diff viewer for every change. If not, use git.
  
  “Доверяй, но проверяй.” (“Trust but verify.”)
- If possible, let multiple (same or different) models review the same code.
  
  Linus’s law: “Given enough eyeballs, all bugs are shallow” (Yes, this applies to LLMs as well).

The issue wasn’t that AI generated code.

The issue was that no one owned the output.

Personal examples

Most of Crimson 1 (my Discord bot)‘s code base is vibe coded by Gemini, and then reviewed and improved upon by me. The entirety of the Subtitle Generator is vibe coded.

The bot in particular is over a year worth of extensive rewrites and reinforcing the code structure to be convenient both for any human or agent to write new code for. It is modular. Commands can be added by just creating a new file. Handling 500k+ Discord messages with Markov chains on two vCPUs required multiple structural rewrites and eventually a full Rust port.

Conclusion

Of course, this won’t fix the chip shortage, or climate change, but it’s… This isn’t even step one, this should’ve been step zero.

GenAI is leverage. And leverage amplifies competence and incompetence.

Tools don’t replace engineers. They amplify them.