IN early 2025, Andrej Karpathy introduced 'vibe coding', a software development method driven by AI that emphasizes rapid and user-friendly application building, often without traditional IT involvement. By 2026, Anthropic's CEO predicted that AI would account for 90% of all code written. However, recent studies highlight significant security risks, with 45% of AI-generated code containing vulnerabilities from OWASP's Top 10, leading to thousands of insecure applications exposing sensitive data.
The article discusses the concept of 'shadow AI', where employees deploy applications without oversight, which traditional security measures can't adequately monitor. It outlines best practices for security leaders, including the necessity for governance, increased visibility into vibe-coded applications, and enforcing strict controls over AI development tools. Immediate action is urged as many insecure applications likely exist within organizational networks.