# Vibe Coding

> Security guardrails for AI-assisted and AI-generated code, built on Aikido.

Source: https://fmcybersecurity.com/en/services/vibe-coding/
Locale: English
Other locale: https://fmcybersecurity.com/services/vibe-coding/

Vibe coding lets developers (and others) ship solutions at very high tempo. That strength comes with some obvious security challenges, because even though it shares a lot with ordinary application security, certain security issues are over-represented in vibe coding.

- Supply chain attacks. AI assistants invent package names that don't exist (slopsquatting), suggest abandoned libraries, or typo-squats — meaning the program fetches and loads a misspelled library with the same description as the original but containing malicious code.
- Developers paste production data, keys, and customer information into prompts, while assistants embed secrets in the generated code. At vibe coding speed with minimal review, it ends up in production before anyone catches it.
- Logical errors, for example in access control. Did the AI understand that the Caseworker role should not see the same cases as the Manager role?
- Authentication errors. The login screen looks right, but is trivial to bypass. A test user is hardcoded in source code that ships to production.
- Modern applications use AI to perform tasks themselves. Is the prompt adequately protected? See also [Prompt Protection](/en/services/prompt-protection/).

At the development tempo vibe coding produces, it is irresponsible not to use tooling that watches the full lifecycle, from the first line of code to production.

---

For the full documentation index, see https://fmcybersecurity.com/llms.txt
For the complete corpus as a single document, see https://fmcybersecurity.com/llms-full.txt