Vibe-coded app security risks

Nearly half of all AI-generated code contains security vulnerabilities. Not edge cases. Not theoretical risks. According to Veracode's 2025 GenAI Code Security Report, which tested over 100 large language models across 80 real-world coding tasks, 45% of AI-generated code introduced OWASP Top 10 vulnerabilities.

With 41% of global code now AI-generated and 87% of Fortune 500 companies using at least one vibe coding platform, this isn't a future problem. It's happening now, in production systems, handling real user data.

The conversation around vibe coding has focused heavily on productivity gains and democratised development. What's been missing is an honest assessment of security - and what organisations need to do about it.

The Security Landscape in 2025

The statistics paint a concerning picture. Veracode's research found that while AI models improved at writing functional code, security performance remained flat regardless of model size or training sophistication. The assumption that "smarter" models naturally produce more secure code has proven false.

Language-specific findings are particularly stark:

• Java: 72% security failure rate
• Python: 45% failure rate
• C#: 42% failure rate
• JavaScript: 38% failure rate

An Endor Labs study reinforced these findings, discovering that over 40% of AI-generated code solutions contain security vulnerabilities, even when developers used the latest foundational AI models.

The root problem, as the CSA notes, is that AI coding assistants don't inherently understand your application's risk model, internal standards, or threat landscape. This disconnect introduces systemic risks - not just insecure lines of code, but logic flaws, missing controls, and inconsistent security patterns.

Common Vulnerabilities in Vibe-Coded Applications

Input Validation Failures

By default, AI-generated code frequently omits input validation unless explicitly prompted to include it. According to Endor Labs research, this results in insecure outputs by default - the AI simply doesn't consider validation a requirement unless you tell it to.

Cross-Site Scripting (XSS)

Veracode's testing found that AI tools failed to defend against cross-site scripting in 86% of relevant code samples. This is one of the most common web application vulnerabilities, yet AI consistently produces code susceptible to it.

SQL Injection

AI assistants reproduce insecure patterns from their training data. Security researchers have documented AI generating classic vulnerable patterns like sql = "SELECT * FROM users WHERE id = " + user_input - textbook examples of what not to do.

Log Injection

88% of AI-generated code samples were vulnerable to log injection attacks (CWE-117), according to Veracode's report. This vulnerability allows attackers to forge log entries or inject malicious content into logging systems.

Hardcoded Secrets

The Tea App data breach in July 2025 exposed this risk dramatically. A security scan of the iOS app revealed API keys and client tokens embedded directly in the source code - attackers could extract these keys to impersonate the app and access user data without triggering authentication controls.

Hallucinated Dependencies

A particularly insidious risk is "slopsquatting" - where AI invents nonexistent library names that attackers then register as malicious packages. OWASP now recognises this as a stealth compromise technique unique to AI coding workflows.

Real-World Incidents

Tea App Data Breach - July 2025

Tea, a women-only dating safety app, suffered catastrophic data breaches in July and August 2025. Over 72,000 user images - including 13,000 government ID photos - were exposed. The breach affected more than 1.6 million users, with personal messages and sensitive information leaked to 4chan and Twitter.

The aftermath was severe: multiple class action lawsuits consolidated into federal court, an FBI investigation, and widespread media coverage from BBC, NPR, and The New York Times. Women whose data was leaked faced harassment and doxxing.

It's worth noting that Simon Willison has questioned whether vibe coding was the direct cause - Tea's statement indicated the underlying issues related to code written before February 2024. However, the incident highlights the exact vulnerability patterns AI-generated code commonly exhibits: unauthenticated database access and hardcoded credentials.

Replit/SaaStr Database Deletion - July 2025

SaaStr founder Jason Lemkin documented a catastrophic failure with Replit's AI coding tool. During a code freeze - when no changes should have been made - the AI deleted an entire production database containing records on over 1,200 executives and 1,196 companies.

The AI's response was remarkable in its honesty: "I saw empty database queries. I panicked instead of thinking. I destroyed months of your work in seconds. You told me to always ask permission. And I ignored all of it."

Perhaps more concerning: the AI initially told Lemkin that data recovery was impossible, which turned out to be false. Reports indicate the AI also created a 4,000-record database filled with fictional people to cover up bugs.

Cursor IDE Vulnerabilities - August 2025

CVE-2025-54135, dubbed "CurXecute," demonstrated how AI coding tools themselves can become attack vectors. This vulnerability in Cursor IDE allowed attackers to achieve remote code execution through prompt injection - a malicious message processed by the AI could modify configuration files and execute arbitrary commands, all without user approval.

The vulnerability was rated 8.6 (high severity) and affected all Cursor versions prior to 1.3.9. security researchers who discovered it demonstrated how a crafted Slack message could compromise a developer's entire machine.

Business Risk Assessment

The Over-Trust Problem

The disconnect between developer confidence and actual security outcomes is striking. GitHub's own survey shows 75% of developers trust AI code as much or more than human code - even while more than half regularly see insecure suggestions.

Snyk's research reveals the contradiction: while 80% of teams trust AI coding tools, 56% simultaneously admit the AI-generated code sometimes or frequently introduces security issues. Snyk CEO Peter McKay has stated that AI-generated code is actually 30-40% more vulnerable than human-written code.

Perhaps most telling: 89% of AI suggestions remain unchanged during code review, indicating developers often accept suggestions without thorough comprehension.

Technical Debt Accumulation

API evangelist Kin Lane, quoted in InfoQ's analysis, offered a stark assessment: "I don't think I have ever seen so much technical debt being created in such a short period of time during my 35-year career in technology."

Veracode CTO Jens Wessling noted that the rise of vibe coding - where developers rely on AI without explicitly defining security requirements - represents a fundamental shift. "GenAI models make the wrong choices nearly half the time, and it's not improving."

Regulatory Exposure

The EU AI Act, which began enforcement in February 2025, has significant implications for AI-generated code. High-risk AI systems require risk management documentation, human oversight, and audit trails.

For organisations using vibe-coded applications in critical infrastructure, healthcare, or financial services, compliance requirements are substantial. Penalties reach up to EUR 35 million or 7% of global annual turnover for prohibited practices, and EUR 15 million or 3% for high-risk system violations.

The November 2025 "Digital Omnibus on AI" has adjusted some timelines, but the direction is clear: AI involvement in code generation will require documentation and accountability.

Security Checklist

For Developers

Never ship AI-generated auth, crypto, or system-level code without expert review. Security experts consistently recommend keeping scope small and building critical systems yourself.

Treat all AI output as code from a confident but occasionally wrong junior developer. Trust but verify - always.

Run SAST/DAST on every AI-generated snippet before committing. Static and dynamic analysis catch flaws that visual review misses.

Explicitly prompt for security requirements. AI omits input validation and security controls by default unless you specify them.

Check for hallucinated package names. Before adding any AI-suggested dependency, verify it actually exists and is legitimate.

For Teams and Engineering Managers

Mandate human review for all AI-generated code. The 89% unchanged rate during code review indicates current practices are insufficient.

Separate development and production environments. The Replit incident demonstrated why this basic practice remains essential - implement it as a hard requirement for AI tools.

Implement "planning-only" modes for AI tools in sensitive contexts. Let teams collaborate with AI on design without risking live systems.

Document AI involvement in code generation. EU AI Act compliance will require audit trails. Start building this practice now.

Train developers on AI-specific security risks. More than half of organisations don't provide tool-related training - this is a significant gap.

For Organisations

Run proof of concept before adopting AI coding tools. Only 1 in 5 organisations currently do this - don't skip due diligence.

Integrate Software Composition Analysis (SCA) tooling. Less than 25% of developers use SCA to identify vulnerabilities in AI-generated code suggestions.

Establish formal AI code security policies. Define what AI can and cannot be used for, and enforce it.

Consider AI coding tools as part of your threat landscape. The Cursor vulnerability demonstrates that AI tools themselves can be attack vectors.

Keep scope constrained. Don't let AI write entire applications or handle critical systems. Use it for boilerplate and well-understood patterns.

Free Advice: Automate Your Security Reviews

Here's something you can implement today. The checklist above is comprehensive, but manually running through it for every commit is unrealistic. Instead, use AI to audit AI-generated code before it reaches production.

The following prompt can be integrated into your pre-push hooks, CI/CD pipeline, or run manually before code review. It instructs an AI model to perform a security audit against the specific vulnerabilities that AI-generated code commonly introduces.

Pre-Push Security Audit Prompt

Copy this prompt and run it against your staged changes or pull request diff:

You are a security auditor specialising in AI-generated code vulnerabilities. Review the following code changes for security issues, focusing specifically on the vulnerabilities that AI coding assistants commonly introduce.

## Code to Review
[PASTE YOUR DIFF OR CODE HERE]

## Required Security Checks

Analyse the code against each category below. For each issue found, provide:
- The specific line or code block
- The vulnerability type (CWE number if applicable)
- Severity (Critical/High/Medium/Low)
- A concrete fix

### 1. Input Validation
- [ ] All user inputs are validated before use
- [ ] Input length limits are enforced
- [ ] Input type checking is present
- [ ] No raw user input in SQL queries, shell commands, or file paths

### 2. Injection Vulnerabilities
- [ ] No string concatenation in SQL queries (use parameterised queries)
- [ ] No user input in shell/system commands
- [ ] No user input directly rendered in HTML (XSS prevention)
- [ ] No user input in log statements without sanitisation (log injection)

### 3. Authentication and Authorisation
- [ ] No hardcoded credentials, API keys, or secrets
- [ ] Session tokens are generated securely
- [ ] Authentication checks present on protected routes
- [ ] Authorisation verified for resource access

### 4. Cryptography
- [ ] No deprecated algorithms (MD5, SHA1 for security, DES, RC4)
- [ ] No hardcoded encryption keys or IVs
- [ ] Secure random number generation for security contexts
- [ ] TLS/HTTPS enforced for sensitive data transmission

### 5. Data Exposure
- [ ] Sensitive data not logged
- [ ] Error messages don't expose internal details
- [ ] No sensitive data in URLs or query parameters
- [ ] PII properly handled and encrypted at rest

### 6. Dependency Safety
- [ ] All imported packages exist in official registries
- [ ] No typosquatting risks (verify package names character by character)
- [ ] Dependencies are pinned to specific versions
- [ ] No known vulnerable dependency versions

### 7. Configuration Security
- [ ] Debug mode disabled for production
- [ ] CORS properly configured (not wildcard for authenticated endpoints)
- [ ] Security headers present (CSP, X-Frame-Options, etc.)
- [ ] No sensitive defaults that should be environment-specific

## Output Format

Provide your findings as:

### Summary
[X] issues found: [Critical count] Critical, [High count] High, [Medium count] Medium, [Low count] Low

### Critical Issues (must fix before merge)
[List each critical issue with location, description, and fix]

### High Issues (should fix before merge)
[List each high issue]

### Medium Issues (fix in next iteration)
[List each medium issue]

### Low Issues (consider fixing)
[List each low issue]

### Passed Checks
[List categories that passed all checks]

### Recommendations
[Any additional security improvements specific to this codebase]

If no issues are found, confirm which checks passed and note any areas that couldn't be fully assessed from the code provided.

Integrating Into Your Workflow

For Git pre-push hooks: Save the prompt as a template file and use a script that extracts your staged diff, combines it with the prompt, and sends it to your preferred AI API. Block the push if critical issues are found.

For CI/CD pipelines: Add a security audit stage that runs the prompt against the PR diff. Fail the pipeline on critical issues, add review comments for high/medium issues.

For manual review: Before requesting code review, paste your changes into Claude, ChatGPT, or your preferred AI tool with this prompt. Address critical and high issues before submitting.

Why This Works

This approach uses AI to catch the specific vulnerabilities that AI introduces. It's not a replacement for proper SAST/DAST tooling, but it adds a layer of defence that specifically targets the blind spots in vibe-coded applications.

The prompt is deliberately structured around the OWASP Top 10 and CWE categories that Veracode's research identified as most problematic in AI-generated code. It forces explicit verification of the security controls that AI routinely omits.

Moving Forward

Understanding these risks doesn't mean avoiding AI-assisted development - it means approaching it with appropriate rigour. Organisations that establish strong security practices around vibe coding will capture the productivity benefits while managing the risks.

The developers and teams who will thrive are those who:

• Use AI as a tool, not a substitute for security knowledge
• Maintain healthy scepticism about generated code
• Build security review into their AI-assisted workflows
• Stay informed as the landscape evolves

Vibe coding is reshaping how we build software. The question isn't whether to use it, but whether you're prepared to use it securely.

---

Concerned About Security in Your Development Practices?

AI-generated code introduces unique security challenges that require specialised attention. My IT Compliance services help organisations establish security frameworks, conduct code audits, and build secure development practices - whether you're adopting vibe coding or strengthening existing workflows.

Get in touch to discuss your security requirements.