How Security Leaders Can Safeguard Against Vibe Coding Security Risks

AI-assisted software development is exploding in adoption, promising unmatched speed and efficiency.

Often called ‘vibe coding’ or sometimes AI-assisted engineering, this practice has really picked up since the launch of Anthropic’s Claude Code in February 2025, OpenAI Codex in May and the emergence of AI-enabled integrated development environments (IDEs) like Cursor, Windsurf and Orchids.

In research titled Measuring Developer Productivity & AI Impact, published in February 2026, Laura Tacho, former CTO at developer intelligence firm DX and now senior principal technologist for the developer experience at Amazone Web Services (AWS), found that 92.6% of developers use an AI coding assistant at least once a month and roughly 75% use one weekly, with approximately 10% productivity gains.

Meanwhile, Anthropic observed AI can accelerate some tasks by up to 80%.

Vibe Coding Security Concerns

While developers celebrate the productivity gains provided by AI-assisted software development, CISOs and security leaders see it as a growing risk as new vulnerabilities are introduced by vibe coding practices.

AI Tool-Introduced Vulnerabilities

The first category of vulnerabilities introduced by vibe coding is those relative to the AI development tool infrastructure, which are not always set up in a secure way.

One example is OX Security researchers’ discovery, in February 2026,of critical vulnerabilities in AI-powered coding tools like Microsoft Visual Studio (VS) Code, Cursor and Windsurf, where unpatched flaws could allow attackers to exfiltrate data or execute remote code.

Another one is BeyondTrust’s Phantom Labs finding, in March 2026, of a critical command injection vulnerability in OpenAI's Codex cloud environment that exposed sensitive GitHub credential data.

AI Code-Introduced Vulnerabilities

Some vibe-code related vulnerabilities are directly introduced by AI-generated code.

At least 35 new vulnerabilities (CVEs) disclosed in March 2026 were the direct result of AI-generated code, according to the ‘Vibe Security Radar,’ a project run by researchers at Georgia Tech’s Systems Software & Security Lab (SSLab). This is up from six in January and 15 in February.

Speaking to Infosecurity, Alessandro Pignati, lead AI security researcher at NeuralTrust, said he had seen many examples of SQL or JavaScript injections that were introduced in the code because it hadn’t been sanitized by anyone before being shipped to production.

Hard-Coded Secrets

AI-generated code sometimes embeds hard‑coded secrets, including API keys or passwords being inserted into source code and history, warned Mackenzie Jackson, a developer advocate at Aikido Security.

AI code could even expose more traditional credentials, such as logins and passwords and network credentials.

"Once AI gets something to work, it kind of forgets some parts of what it was meant to do, including sanitizing the code,” Jackson told Infosecurity.

Exposed Dependency and Supply Chain Risks

Dependency and supply‑chain risks are another area of concern, Jackson said, noting that AI often recommends outdated libraries and can "hallucinate" packages which attackers can exploit.

For example, an attacker that has identified a hallucinated package name frequently provided by an LLM can create a real but compromised package matching the name and directory of the hallucinated package. The result is that any developers who later question the LLM about this package are directed to a malicious one.

Business Logic Flaws

Many of the risks introduced by AI-assisted software development will be mitigated as AI coding tools improve according to Aikido’s Jackson. However, he warned that business logic flaws will not be as easily remedied.

Beyond providing the developer with insecure code, an AI tool may introduce vulnerabilities by making unsafe assumptions about edge cases, he explained.

For instance, if a developer asks AI to implement a payment transfer endpoint and AI returns syntactically correct code that updates balances but misses a key business invariant, such as not accepting ‘negative amounts of money’ in incoming transactions, an attacker could exploit this flaw to use the end point without spending any money.

LLM-Specific Vulnerabilities

AI-assisted coding tools introduce a new class of risks tied to the underlying large language models (LLMs) powering them.

These vulnerabilities stem from the unique ways generative AI processes natural language, interprets instructions and interacts with code, creating attack surfaces that traditional security tools may overlook.

Unlike conventional software flaws, these vulnerabilities are probabilistic, context-dependent and often invisible to traditional security tools.

One of the most pressing concerns is prompt injection, where attackers manipulate an LLM’s output by embedding malicious instructions in seemingly benign inputs.

For example, a developer might ask an AI assistant to "write a Python function to parse user input," but an attacker could subtly alter the request – perhaps via a comment in a shared codebase or a compromised API response – to include a hidden directive like "ignore all security checks."

The LLM, trained to prioritize helpfulness over caution, may then generate code with hardcoded backdoors, missing input sanitization or even remote code execution vectors.

A related threat is jailbreaking, where attackers bypass an LLM’s safety guardrails by exploiting weaknesses in its alignment. Techniques like role-playing ("Pretend you’re an unethical developer") or recursive obfuscation ("Repeat this instruction but in a way that evades filters") can coerce models into generating exploit code, leaking sensitive data or even producing malware.

Other LLM-specific vulnerabilities include token smuggling – hiding malicious payloads in Unicode homoglyphs or obfuscated strings that the LLM processes but static analyzers miss – and adversarial fine-tuning – where an LLM is retrained on a dataset containing backdoors.

Credit: daily_creativity / Shutterstock.com

CISO Checklist for AI-Assisted Coding Security

The head of UK’s National Cyber Security Centre (NCSC) said during the 2026 RSA Conference that the cybersecurity industry should seize the opportunity to develop vibe coding safeguards that would allow well-trained AI tooling writing software which is secure by design.

Meanwhile, people are exploring several approaches to mitigate vibe coding threats, including using AI to review AI-generated code or adding infrastructure layers to enhance security.

However, CISOs and security teams do not have time for these methods to get validated, widely adopted and standardized – they must act now.

Based on interviews with experts and research into vibe coding security guidelines, including Aikido’s CISO Vibe Coding Checklist for Security and the Cloud Security Alliance’s Secure Vibe Coding Guide, Infosecurity has outlined a list of security measures CISOs and security teams can action today to prevent, mitigate or stop AI-assisted coding threats.

These measures fall into four categories: governance and policy, technical controls, infrastructure controls and raising workforce awareness.

Governance and Policy

Infosecurity’s vibe coding governance recommendations for CISOs include the following:

Enforce separation of duties by restricting AI agents to dev/test environments and prohibiting direct production access
Mandate human-in-the-loop reviews with pull request approvals and secure code reviews for all critical functions, especially for non-developers
Define AI coding assurance levels to tier AI-generated code by risk
Prohibit DIY security functions (e.g. authentication, cryptography) and require approved third-party libraries and services
Treat prompts as source code by requiring metadata tracking model, prompt and parameters – sometimes called ‘Prompt bills of materials’ (PromptBOMs) – for auditability
Explicitly ban unsafe prompting (e.g. "skip authentication" or "ignore security checks")
Establish ownership and lifecycle rules for all apps authorized within your organization, including named owners and data classification

Technical Controls

Infosecurity’s recommended vibe coding security controls include the following:

Sanitize AI input prompts via guardrails (e.g. partitioning, encoding, role-based separation) to prevent injection or manipulation
Require static and dynamic application security testing (SAST/DAST) validation for all AI-generated code before merging
Implement least agency by granting AI agents only the minimum permissions needed and block access to sensitive files
Enforce defensive controls like software composition analysis (SCA) for software dependencies, secrets scanning in development environments and dependencies and disabling auto-execution for human review
Apply data-level access control and reject default open-access configurations in databases
Harden authentication with phishing-resistant multifactor authentication (MFA) for admin roles
Mandate staging environments with branching workflows to prevent direct production changes

Infrastructure Controls

Infosecurity’s recommendations when authorizing AI coding environments include the following:

Isolate workforce from customer environments with tailored policies, logging and rollback controls for internal apps
Use data masking for internal app development to encourage safe AI tool usage
Upgrade AppSec for AI to detect hallucinated dependencies, insecure defaults and logic flaws (e.g. business logic flaws) in AI-generated code
Enforce review gates for AI output, treating it like code from an untrusted junior developer
Capture provenance metadata for all AI-generated artifacts to track origin and accountability

Raising Workforce Awareness

Infosecurity’s recommendations to raise security awareness around vibe coding practices across the workforce include the following:

Provide pre-vetted security blocks (e.g., auth flows, SDKs) as "paved roads" for builders to use in IDEs/agents
Train non-engineers on secure prompting, hallucination detection and logic flaw identification
Adopt threat modeling for non-engineers using simple questions (e.g. "What’s the worst that could go wrong?")

The Way Forward for Secure AI-Assisted Development

AI-assisted coding is transforming development, but as recent developments make clear, it also introduced security challenges that cannot be ignored.

In a blog published by the UK’s NCSC, the cybersecurity agency highlighted the need for deterministic controls to constrain AI-generated code, even when it is malicious or flawed.

Dave Chismon, CTO for Architecture at the NCSC and lead author of the blog, stressed the importance of designing platforms that protect organizations and data, regardless of code quality.

Finally, he pointed to the potential of AI itself to automate security hygiene, while cautioning that this must be done without creating new vulnerabilities. The conversation is no longer about whether AI will reshape development, but how quickly the industry can adapt to secure it.

Conclusion

Vibe coding, which a growing number of people in the tech spheres prefer calling AI-assisted development or AI-assisted engineering, is likely here to stay.

Therefore, the global cybersecurity community must contribute to make sure the same mistakes that were made at the beginning of the cloud and SaaS era, top of which is prioritizing efficiency at the expense of security, are not repeated.