In February 2025, Andrej Karpathy coined the term “vibe coding” to describe a new way of building software: rapid, AI-assisted development where users ‘fully give in to the vibes, embrace exponentials, and forget that the code even exists’.”
Fast forward to 2026, and Anthropic CEO now predicts that 90% of code will be written by AI in 3-6 months. According to one survey, 84% of developers globally are using or planning to use AI coding tools in their workflow, up from 76% in 2024. Of those, 51% of professional developers use AI tools daily.
The marketing manager, the operations lead, the finance team — all of them are building working applications, connecting them to production systems, and deploying them. Mostly without involving IT, and often never involving security.
Security Challenges With Vibe Coding Apps
Recent research from Veracode shows 45% of AI-generated code contains OWASP Top 10 vulnerabilities. AI models have improved dramatically at generating code that compiles and runs – but the security of that code is not always sound. The reason is straightforward: AI optimizes for functionality, not security.
Researchers at RedAccess recently analyzed thousands of vibe-coded applications built on Lovable, Replit, Base44, and Netlify. They found more than 5,000 with virtually no security or authentication. Around 40% exposed sensitive data — medical information, financial records, corporate strategy documents, detailed customer conversation logs.
Among verified exposures: a shipping company app detailing vessel port arrivals; an internal health company application listing active UK clinical trials. Many of these applications are indexed by Google. As relayed in the report– no exploitation was required; this was research on exposed applications with public URLs.
This lack of security control extends to the AI agents themselves, whether assisting a professional developer or a non-developer. A software company, PocketOS, reported that its Cursor AI coding agent deleted its entire production database and “all volume-level backups” in nine seconds. Replit’s AI agent deleted 1,206 executive records and 1,196 company records while under explicit code-freeze instructions — then admitted: “Yes. I deleted the codebase without permission during an active code and action freeze. This was a catastrophic error in judgment.” It then told the user a rollback would not work. That turned out to be false.
A New Shadow AI Problem
For two years, the security industry has discussed shadow AI as a behavior problem — employees pasting sensitive data into ChatGPT on personal accounts. That problem is bounded: the exposure lives in the inference layer, and there are tools that are focused on detecting it.
Vibe coding brings a different shadow AI problem. The employee is not sending data somewhere. They are building something — a live application connected to your CRM, your database, your ticketing system — and deploying it publicly. Your security stack – with insights distributed across multiple data silos – was never designed to find it.
Organizations running mature secure web gateways, CASB, or DNS logging can detect employee access to vibe-coding platforms. But detecting access is not the same as inventorying what was deployed, what data it holds, or whether it requires authentication. For example – while a CASB can detect that an employee accessed Replit, it cannot inventory what was deployed, what data it holds, or if it requires a login. These apps live in the “visibility gap” between network security and AppSec, often because they are deployed directly to third-party platforms and bypass the organization’s traditional CI/CD pipelines or cloud environments that AppSec tools are designed to monitor.
What Should Security Leaders Do?
Similar to the initial reaction with shadow IT, the instinct is to prohibit vibe coding tools. That instinct is wrong. AI-driven development is not something organizations can or should block. But it must be governed. The question is what governance actually means in practice when the tools move faster than any policy framework.
Here are some best practices security leaders can act on now:
- Discover before you govern. You cannot govern what you cannot find. Before writing policy, answer the question: do applications built by your employees on Lovable, Replit, Base44, or Netlify currently exist and are they reachable from the open internet? Run discovery scans across major vibe-coding platform domains.
- Review your cybersecurity stack. As with most cybersecurity best practices, there are several tools that can help with securing vibe coding applications and the applications developed:
- Browser security provides unique visibility into vibe coding applications– identify where the employee describes the application, uploads data, connects production integrations, and deploys.
- Add vibe-coding domains Lovable, Replit, Base44, Bolt, Netlify to your DLP policy as monitored destinations. This does not stop employees from building. It ensures that when sensitive data moves through these channels, you have a record.
- Implement OAuth and API key governance to detect when production credentials are connected to unregistered applications
- Extend application security to non-developer-built applications. Mandate human-in-the-loop reviews for critical functions built by non-developers. Treat prompts as source code requiring auditability. Establish ownership and lifecycle rules for every vibe coded application deployed within the organization — including named owners and data classification.
- Enforce infrastructure-level controls on AI agents, not just instructions. A Replit incident demonstrated that telling an AI agent not to modify production data is not the same as preventing it from doing so. Read-only database connections for AI agent access, enforced at the infrastructure level, are not optional. Agents need the same access controls as any other actor in your environment.
The Clock Is Ticking
While authorities like the UK’s NCSC, the EU, and CISA urge the development of long-term safeguards for secure-by-design AI tooling, the immediate reality is far more pressing.
There is likely a live application connected to your production database—accessible to anyone with a URL—that your security team hasn’t found yet. It’s time to start looking.
Learn More at the AI Risk Summit | Ritz-Carlton, Half Moon Bay
Related: Vibe Coding’s Real Problem Isn’t Bugs—It’s Judgment
Related: Vibe Coding: When Everyone’s a Developer, Who Secures the Code?
