Great piece. I’ve been waiting for someone to tackle this unglamorous but important topic. I appreciate that you consistently share multiple perspectives, not just your own. I subscribed to Farida and Skelly as well.
Thank you so much for the kind words! I really appreciate Karo for giving both Skelly and me the opportunity to share our perspectives on this important topic. It’s great to see that it resonated with you, and I’m glad we could contribute to the conversation!
I totally understand! Striking that balance between neutral and engaging can be tricky, but it sounds like you nailed it with your approach. I agree, sometimes a more direct, approachable tone works better for the message, especially when talking about something as important (but often overlooked) as security in vibecoding.
I also want to give a huge thanks to @Skelly for contributing to this guide. His insights into the hidden risks especially around untested functionality were invaluable.
I’m incredibly grateful to Karo for hosting me to write this article! Her expertise and vision for vibecoding and AI-driven development is outstanding. She’s been a fantastic collaborator, helping me frame the security lessons in a way that resonates with the community.
Karo's perspective, especially on vibecoding responsibly, is such a crucial part of the conversation. It's one thing to innovate quickly with AI tools, but another to make sure we're laying down the right engineering foundations. I’m really excited about the opportunities this collaboration opens up, this is just the beginning of bridging the gap between rapid development and secure, sustainable code!
This is a masterclass in responsible AI coding. Balances speed with security, showing that thoughtful prompts, synthetic data, and pre-commit hooks aren’t optional, they’re essential.
Great article! I liked how you addressed “internal tools” which, without credentials, can become a vulnerability threat if left open. It’s an area that’s often ignored.
It's easy to dismiss AI-assisted coding as inherently risky, but the problem, as this article brilliantly points out, is not the speed...it's the amplified assumptions and the lack of basic guardrails that speed allows us to skip.
I really like the "Five Quiet Failures" especially The Prototype That Never Dies and Prompt Leakage.
You’re absolutely right, the risk isn't the speed itself, but the assumptions that speed can amplify when we skip over those crucial security checks. The 'Five Quiet Failures' are something I’ve seen play out in real-world projects, so I’m glad you found them valuable, especially 'The Prototype That Never Dies' and 'Prompt Leakage.' It’s these quiet, overlooked issues that can cause the most damage over time. Appreciate you reading and sharing your thoughts!"
Everyone’s vibecoding like they’re building the next unicorn, when half of them don’t even realize their “internal tools” are basically open to the internet.
And the “AI wasn’t wrong, our prompt was incomplete” line sums up the entire problem. Everyone’s blaming models when it’s really just lazy thinking wrapped in hype.
I agree. My general take is that these tools don't fail at coding, we fail at instructing. Every bug or vulnerability is something we didn't spec and review properly.
Thanks so much for the kind words, Jenny! I’m glad the breakdown was helpful. Huge thanks to Karo for bringing me on to share this, it really means a lot. Vibecoding is such an exciting space, and it’s great to see more people like you jumping in and pushing the boundaries. Let’s keep this conversation going and make sure we’re building securely along the way!
Great piece. I’ve been waiting for someone to tackle this unglamorous but important topic. I appreciate that you consistently share multiple perspectives, not just your own. I subscribed to Farida and Skelly as well.
Thank you for reading!
Thank you so much for the kind words! I really appreciate Karo for giving both Skelly and me the opportunity to share our perspectives on this important topic. It’s great to see that it resonated with you, and I’m glad we could contribute to the conversation!
It takes a bit of work to do that as well. I try to keep neutral, but I think this was a better style for the thoughts being conveyed.
I totally understand! Striking that balance between neutral and engaging can be tricky, but it sounds like you nailed it with your approach. I agree, sometimes a more direct, approachable tone works better for the message, especially when talking about something as important (but often overlooked) as security in vibecoding.
Fantastic work. Added a subscriber here. Also you structured this in a really readable way, thanks for that.
Thank you for saying that! And thank you for reading!
It was my pleasure. Looking forward to your next piece!
I am happy that it resonates with you.
I also want to give a huge thanks to @Skelly for contributing to this guide. His insights into the hidden risks especially around untested functionality were invaluable.
happy to meet you virtually :)
Is that Karpov Chains or Markov Chains?
I’m incredibly grateful to Karo for hosting me to write this article! Her expertise and vision for vibecoding and AI-driven development is outstanding. She’s been a fantastic collaborator, helping me frame the security lessons in a way that resonates with the community.
Karo's perspective, especially on vibecoding responsibly, is such a crucial part of the conversation. It's one thing to innovate quickly with AI tools, but another to make sure we're laying down the right engineering foundations. I’m really excited about the opportunities this collaboration opens up, this is just the beginning of bridging the gap between rapid development and secure, sustainable code!
This is a masterclass in responsible AI coding. Balances speed with security, showing that thoughtful prompts, synthetic data, and pre-commit hooks aren’t optional, they’re essential.
Thank you
Great article! I liked how you addressed “internal tools” which, without credentials, can become a vulnerability threat if left open. It’s an area that’s often ignored.
I am happy it resonates with all of you
It's easy to dismiss AI-assisted coding as inherently risky, but the problem, as this article brilliantly points out, is not the speed...it's the amplified assumptions and the lack of basic guardrails that speed allows us to skip.
I really like the "Five Quiet Failures" especially The Prototype That Never Dies and Prompt Leakage.
Thank you for reading Sharyph 🤗
You’re absolutely right, the risk isn't the speed itself, but the assumptions that speed can amplify when we skip over those crucial security checks. The 'Five Quiet Failures' are something I’ve seen play out in real-world projects, so I’m glad you found them valuable, especially 'The Prototype That Never Dies' and 'Prompt Leakage.' It’s these quiet, overlooked issues that can cause the most damage over time. Appreciate you reading and sharing your thoughts!"
For once cybersecurity made me want to keep reading. All three narratives are great.
Thank you Pinterest for the Mind!
Amazing resource, and great point about the dangers of casual “internal apps” that access user data! I’ve bookmarked this for a closer read. 🙏
Thank you Karen!
You’re welcome! 🤗 Adding that I’m so glad you picked this topic and offered sensible alternatives to “No, never use AI for coding!”
That was definitely a great point.
So true.
Everyone’s vibecoding like they’re building the next unicorn, when half of them don’t even realize their “internal tools” are basically open to the internet.
And the “AI wasn’t wrong, our prompt was incomplete” line sums up the entire problem. Everyone’s blaming models when it’s really just lazy thinking wrapped in hype.
I agree. My general take is that these tools don't fail at coding, we fail at instructing. Every bug or vulnerability is something we didn't spec and review properly.
The problem isn't that AI writes bad code, it's that we ask it for "fast" instead of "secure." Thanks for this!!
I'm bookmarking those secure prompts. It really shows that vibecoding secure applications does require security knowledge!
100% agree
That’s great!!
Thank you @Luis Llorens
Love reading your detailed breakdown Fafi! Karo, thank you for bringing her work to us, it’s really needed in the vibe coding space!
Thank you Jenny!
Thanks so much for the kind words, Jenny! I’m glad the breakdown was helpful. Huge thanks to Karo for bringing me on to share this, it really means a lot. Vibecoding is such an exciting space, and it’s great to see more people like you jumping in and pushing the boundaries. Let’s keep this conversation going and make sure we’re building securely along the way!
Love your work ❤
Yes, absolutely! So glad you’re bringing that needed layer of security to Vibe coding.
Great work and thank you for the mention, appreciate it.
Our pleasure :) Thank you for reading Rohit!
Great as always!
Thank you on behalf of Farida :)
Thank you @Claryssa