Researchers say a programming style called "vibe coding" is releasing batches of insecure code. They found many cases where generative AI tools helped create code that had security problems. Vibe coding can involve tools such as Claude, Gemini and GitHub Copilot.
A research team at Georgia Tech built the Vibe Security Radar to find these cases. The radar scans public vulnerability databases and looks at code history to see who introduced a bug. If it finds an AI signature in metadata, it flags the case.
Researchers advise reviewing AI-produced code like a junior developer's pull request. They especially warn to check input handling and authentication and to use tools that search for vulnerabilities.
Difficult words
- insecure — not safe from attacks or security problems
- generative — able to create new content or data
- metadata — data that gives information about other data
- vulnerability — a weakness that allows security problems
- flag — to mark something for attention or actionflags
- authentication — process to check that a user is who they claim
Tip: hover, focus or tap highlighted words in the article to see quick definitions while you read or listen.
Discussion questions
- Would you review AI-produced code like a junior developer's pull request? Why?
- The researchers mention input handling and authentication. Which would you check first?
- Have you used a generative AI tool to write code or text? What did you check?
Related articles
AI and fake media in Bangladesh’s election
Before the February 12 election that followed a July 2024 student uprising, AI-generated images, videos and edited photocards spread false stories. Fact-checkers and a study found many cases of manipulation that targeted leaders and parties.
AI expands sexual and reproductive health access in Latin America
Research groups in Peru and Argentina use AI tools to give sexual and reproductive health information to young and marginalised people. Experts praise potential but warn of bias and call for better data, rules and oversight.
