Everybody Is Vibe Coding But Nobody Told the Security Team

In February 2025, Andrej Karpathy coined the term “vibe coding” to describe a new way of building software: rapid, AI-assisted development where users ‘fully give in to the vibes, embrace exponentials, and forget that the code even exists’.”

Fast forward to 2026, and Anthropic CEO now predicts that 90% of code will be written by AI in 3-6 months. According to one survey, 84% of developers globally are using or planning to use AI coding tools in their workflow, up from 76% in 2024. Of those, 51% of professional developers use AI tools daily.

The marketing manager, the operations lead, the finance team — all of them are building working applications, connecting them to production systems, and deploying them. Mostly without involving IT, and often never involving security.

Security Challenges With Vibe Coding Apps

Recent research from Veracode shows 45% of AI-generated code contains OWASP Top 10 vulnerabilities. AI models have improved dramatically at generating code that compiles and runs – but the security of that code is not always sound. The reason is straightforward: AI optimizes for functionality, not security.