Vibe coding or AI-assisted coding, from startups to multi-national enterprises, has accelerated software engineering by removing the barrier to entry and disintermediating small and large companies. And even while AI is maturing in its adoption, we’re already seeing even newer trends in the realm of AI. The rise of vibe coding is one such example where the pace of innovation is introducing security vulnerabilities at an even more accelerated rate than before.
As developers use AI tooling to write code, functional (yet insecure) code patterns are compounding as code is being pulled in from vulnerable libraries. Essentially, amplifying and repeating existing vulnerabilities into new codebases. To further illustrate this reality, there has been a 30% year over year increase in reported vulnerabilities. With this spike in the CVE index, the software development ecosystem will need to adjust. Teams will need to assess how to scale alongside the increasing velocity that AI brings to the development landscape to find and resolve vulnerabilities quickly and effectively.
Recommended: Bypasses in Ubuntu’s User Namespace Restrictions Disclosed: A Call for Layered Defense
If you look at the flood of new code, we’re seeing that every security team in every company throughout all industry verticals is struggling to maintain effective mitigation strategies thanks to AI-assisted development. Outdated, unsafe functions are creating very complex dependencies on the code chain. And of course, attackers know this and are acting on this weakness.
With this growing gap between development speed and security assurance, what can we – as an industry – do about it?
We have to evolve our AppSec approaches to the AI-augmented era. And this is where context comes into view. Analyzing the code through snippet analysis. Assessing whether code was machine generated or human generated. Understanding whether the code was audited, defined, refined and integrated by a human or machine. Complex constructs such as these lead to an overwhelming number of contextual risk prioritizations. It’s like trying to stop the ocean from flooding the shore. You have to selectively apply barriers for select waves that pose the most potential damage. Because there are too many to block them all.
Recommended: Meeting Cybersecurity Challenges Through Strategic Growth
This is why DevSecOps practices exist. Maintaining velocity and applying strategic fixes for the most damaging bugs ASAP, and then autofix tooling can resolve more straightforward bugs. And while AI is creating efficiency benefits, we mustn’t neglect the importance that humans still play. After all, there’s no compression algorithm for experience. You either know it or you don’t. There’s no room for experimentation when dealing with vulnerabilities because they’re coming in faster than we can collectively remediate them.
And emerging regulations such as the EU Cyber Resilience Act and the EU AI Data Act are going to be a part of the solution, but they’re not the cure. What is even more effective is a concerted approach of AI Ops, Responsible AI, and Private AI coming together to build a barrier around the systems that need to be defended first and foremost.
In the nascent “vibe coding” era, it is already breaking things in production despite DevSecOps guardrails. What began as experimentation crept into production workflows. While vibing our way through a hackathon or feature development is fine, pushing prototypes into production without productizing and galvanizing invites regressions, brittle logic, and security gaps. The lesson to take away from this is that while it is easy to be seduced by speed—drop a prompt, get runnable code, and ship—when correctness and scalability are at stake, this approach falls short. Teams are left cleaning up after code that is fine but fails resiliency tests under pressure and software scans under compliance. This is how what felt like momentum soon becomes expensive technical debt.
Recommended: Top 10 PCI DSS Compliance Mistakes Businesses Must Avoid
We are recognizing a line that needs to be drawn between writing code that runs and engineering a product that lasts. Anyone can get a prompt to output code that compiles, but not everyone is able to build durable software and intentionality that is more than just going with the vibes.
History has shown us that innovation can be a powerful catalyst for success. Consider Levi Strauss, who revolutionized the workwear industry with his patented riveted denim pants. His timing was impeccable, as gold miners quickly adopted the durable work pants. Today, we’re on the cusp of a similar revolution, driven by AI. To harness its potential while mitigating risks, we must equip teams with the right tools to secure development efficiency without sacrificing velocity. By doing so, we’ll empower them to thrive in this new era, just as Levi’s did in theirs.
The future is bright. Let’s ensure we embrace AI in a secure way.
Recommended: IT Network Restoration After Ransomware: Why Brownfield Beats Greenfield
To participate in our interviews, please write to our CyberTech Media Room at sudipto@intentamplify.com