Redazione RHC : 28 August 2025 14:36
Martyn Ditchburn, CTO in residence Zscaler
Artificial intelligence, like any technology, is not inherently good or bad: it all depends on who uses it and for what purpose. What is certain, however, is that AI is evolving faster than its more conservative counterpart—regulation—as legislators struggle to keep pace. Complicating the situation, AI is also innovating internally, generating an unprecedented acceleration in technological development.
This scenario is paving the way for a new set of security challenges, the latest of which is vibe coding. As with any AI innovation cycle, it’s crucial to understand what it is and what its security implications are.
Fundamentally, vibe coding is a modern approach to software development. This shift is best understood by looking at the evolution of the developer’s role. Previously, a developer would have been tasked with manually writing each line of code, then proceeding with the traditional phases of inspection, testing, debugging, and release. Now, with the introduction of vibe coding, a software developer—and even an ordinary person—can skip the first step, entrusting the code to artificial intelligence, simply guiding it, and then testing and refining it.
On paper, the benefits are clear. Developers can work more efficiently, access to programming is democratized, opening it up to even novice developers, and creativity and experimentation are stimulated, resulting in the creation of new, intuitive, and easy-to-use consumer-facing applications. Even Google CEO Sundar Pichai got involved, saying that “it’s a wonderful feeling to be a programmer” after letting slip that he was trying to build a web application.
As with every AI-driven innovation—and given the growing accessibility of the tools—the phenomenon is taking hold in the industry, changing habits, and leading to the emergence of new companies and tools. Just a few weeks ago, vibe-coding company Lovable was in talks for a $1.5 billion valuation. It’s clear that this trend cannot be stopped: we must learn to manage it, create adequate barriers, and properly manage risks. But what are these risks?
Just as vibe coding can be used for innovative purposes, it can also become a vehicle for new cyber threats. To effectively address this scenario, companies need secure, compliant, and manageable code. The truth is, malicious code doesn’t have to be sophisticated or particularly long-lasting to cause damage.
In today’s AI-driven threat landscape, criminals can even use voice commands to generate malicious code aimed at exploiting vulnerabilities. Taking this thinking a step further, the picture becomes even more complicated with the introduction of AI agents, which add another dangerous dimension. While generative AI can already produce code as part of vibe coding, code execution still needs to occur in isolated environments, at least until an AI agent takes over.
Vibe coding can also cause problems within security teams themselves. It’s often a one-person activity, compromising the collaborative and agile nature of DevOps practices. Without structured programming and security awareness, vibe coding can introduce hidden risks.
Vibe coding represents a leap in abstraction, allowing programmers to generate code using natural language. While it lowers the barrier to entry and democratizes access to programming, it also increases the risk of misuse by unskilled users. Companies must take a long-term view. Vibe coding is just the latest evolution of AI-driven attacks, and while it’s easy to focus on the technology of the moment, companies must prepare to defend themselves from this phenomenon and what comes next.
The first and most important defense strategy is adopting a Zero Trust architecture. This security process assumes that no entity (user, device, or application) should be trusted a priori, even if it’s within the corporate network. The old adage “if you can reach it, you can hack it” has never been more relevant. For this reason, reducing or eliminating the attack surface is one of the most effective ways to strengthen your security posture.
Second, platform-based technologies offer high value. Platform providers, in fact, collect and analyze enormous amounts of data thanks to the support of millions of customers, and the resulting insights are extremely valuable. It’s a bit like the concept of herd immunity; if a vulnerability is identified and fixed in one organization, the solution can be quickly extended to many others. Essentially, by adopting a shared platform, companies benefit from the collective experience and protection derived from the entire ecosystem. Finally, it’s crucial for companies to adopt a proactive approach to security, shifting from a defensive to an offensive approach, commonly referred to as “threat hunting.” By mitigating risks before they escalate, companies can strengthen their overall security posture.
Ultimately, for reasons such as cost efficiency, AI will continue to change the way we work and thus influence how we protect ourselves from evolving threats. In the future, vibe coding could involve multiple AI agents managing different aspects of the process, with one agent for areas such as creativity, security, and structure.
When implemented well, security can drive growth and revenue, fostering market expansion, operational agility, and the adoption of business best practices. However, if neglected, it makes companies vulnerable to risks associated with the latest AI innovations and trends. By taking a long-term view of the threat landscape, implementing a Zero Trust model, and adopting a proactive approach to their security, companies can better protect themselves and grow successfully.
Redazione