The adoption of artificial intelligence in software development is prompting cybersecurity leaders to reassess how secure modern systems truly are. Speaking at the RSA Conference on March 24 in San Francisco, the head of the UK’s National Cyber Security Centre (NCSC) called on the global security community to prioritize “vibe coding safeguards” as AI-generated code becomes more common.
Dr. Richard Horne, CEO of the NCSC, emphasized that while AI-assisted development, often referred to as vibe coding, offers clear efficiency gains, its long-term impact on cybersecurity depends on how responsibly it is implemented. Without proper safeguards, he warned, the technology could deepen existing weaknesses in software systems.
Why Vibe Coding Safeguards Are Critical
During his keynote at the RSA Conference, Horne highlighted a persistent issue in digital systems: the prevalence of exploitable vulnerabilities. He described this as a “fundamental issue with the quality of technology we use,” stressing that AI must not replicate or scale these flaws.
“The attractions of vibe coding are clear,” Horne said. “Disrupting the status quo of manually produced software that is consistently vulnerable is a huge opportunity, but not without risk of its own.”
He added that AI tools must be designed carefully from the beginning. “The AI tools we use to develop code must be designed and trained from the outset so that they do not introduce or propagate unintended vulnerabilities.”
NCSC’s Position on AI-Generated Code
Alongside Horne’s address at the RSA Conference, the NCSC published a blog post on March 24 warning that AI-generated code currently presents “intolerable risks” for many organizations. At the same time, it acknowledged that vibe coding shows “glimpses of a new paradigm” in software development.
The agency expects adoption to grow due to clear business benefits. As a result, it urges organizations to act early by embedding core security principles and implementing effective vibe coding safeguards.
Horne also pointed to the broader cybersecurity landscape, noting that cyber risk is now of “greater consequence than ever before.” He attributed this to increased exposure, inherent vulnerabilities, and a complex network of threat actors who collaborate and overlap.
To address these challenges, he compared cyber defense to a coordinated strategy, where collective action across the ecosystem produces the strongest results.
Market Shifts and the SaaSpocalypse
The push for vibe coding safeguards comes amid wider disruption in the technology sector. In February 2026, fears that AI could undermine the Software-as-a-Service (SaaS) model triggered significant volatility in U.S. tech stocks, referred to as the “SaaSpocalypse.”
This development reflects growing uncertainty about how software will be built and maintained in the future. Historically, SaaS adoption reduced the burden of managing on-premises systems but introduced concerns around provider trust, shared risk, and data sovereignty.
The NCSC suggests that AI-driven development could follow a similar path. As the cost and effort required to create tailored software decrease, organizations may rethink whether to buy, build, or forgo certain systems altogether.
Implementing Vibe Coding Safeguards Now
David C, CTO for architecture at the NCSC, reinforced the need for immediate action. He noted that while current AI-generated code is not consistently secure or reliable, it can significantly improve developer productivity.
He argued that organizations should begin implementing vibe coding safeguards now, rather than waiting for the technology to mature.
AI tools, he explained, could help strengthen security practices in practical ways. These include improving legacy systems, reducing technical debt, maintaining allow-lists of approved connections, and rewriting critical components using more secure frameworks or memory-safe programming languages.
He also outlined a potential future where AI-generated code is more secure by default than many existing on-premises or SaaS solutions, offering a possible path forward for organizations still cautious about cloud adoption.
