Vibe-Coding Vulnerabilities With Claude Code

A decade ago there was a joke that IoT stands for "Internet of Vulnerabilities", given how vulnerable many Internet of Things devices were and how easy it was to exploit them.

I think we will enter an even bigger era of vulnerabilities with vibe-coded systems, especially with agents handling everything from feature development to deployment. You are outsourcing the security of your product/application to a probabilistic mathematical model, which hallucinates by design.

For a sufficiently complex system, it's not a question of IF but of WHEN the LLM will make a security-compromising mistake. Unfortunately, large customer data leaks may become the norm.

If you care about the secrecy of your data, I would advise you be very wary of products developed in such manner. Of course, for many use cases you may also not care about this, and prioritize lower cost or specific features. But you must be aware of the risks.

You are essentially one prompt away from compromising your system and its data. We will probably even have new laws/regulations coming out to address this.