Question 1

BN: Vibe coding is very popular. Can you explain how this approach is redefining the software development landscape and enterprise cybersecurity strategies?

Accepted Answer

PD: Vibe coding, agentic AI coding and other AI-powered software development models are here to stay, and they have already greatly impacted the way many developers approach their jobs. Vibe coding specifically enables both developers, and non-developers, to guide software development through prompts, using agentic AI coding tools to significantly accelerate code creation. Basically, you’re trusting the AI to develop software on auto-pilot. From the developer perspective, this technology does have the ability to offer several advantages, including increased productivity, rapid development and the ability to explore and innovate. However, in order to reap the benefits and actually leverage the productivity gain, security must be taken seriously and adequately prepared for with each developer and the enterprise security program as a whole.

Question 2

BN: As excitement continues to grow around the potential benefits of AI-assisted coding technology, many of the flaws fly under the radar. Can you talk about your concerns with this technology?

Accepted Answer

As mentioned above, this shift in technology can have its benefits, but the key is that it should be utilized by a security-proficient developer. It is unwise to ignore the blatant risks and challenges associated with AI-assisted coding technology being leveraged by developers that do not have the appropriate level of expertise, which turns out, is a larger sum than you might think. Almost 90 percent of developers have reported their own struggles in practicing secure coding. So, while pairing skilled developers with AI tooling can boost productivity and open areas of opportunity, most developers lack this necessary level of expertise. As a result, we need to be cautious with AI, as it can assist in the acceleration, creation and deployment of insecure code and increase the risk of hidden bugs, security vulnerabilities and technical debt if handled poorly.

Question 3

BN: Can you point to a specific scenario where these tools have caused more harm than good? What could have prevented this?

Accepted Answer

The issue is, vibe coding is still very new, it’s just that it has experienced relatively fast, widespread adoption. In the very near future, we are likely to see the result of this swift uptake, with vibe-coded apps and sites hitting the mainstream market. That is the point where we will get a sense of the cyber risk involved, and how damaging potential attacks might be. However, data from BaxBench has revealed that no current AI tool can consistently produce secure code to the level required for safe enterprise deployment. Further, vibe coding startup Lovable recently made headlines for failing to address a critical authentication vulnerability in its software -- affecting 70 vibe-coded applications so far -- that allows threat actors to access users’ PII, including names, email addresses, payment information and secret API keys that could allow the attacker to run up charges that would be billed to the compromised customers. The only way we can prevent an onslaught of cyberattacks affecting vibe-coded applications is to ensure that only security-proficient developers are sending them to production. These tools are fun, and it’s exciting for non-developers to experiment with them, but coding an application or site that contains sensitive data capture, payment gateways and other complex features without the skills to ensure they are created with robust security parameters is a recipe for disaster.

Question 4

BN: It’s important to remember that the technology and processes being used to improve defenses are almost always being utilized by the bad guys, too. Are AI-assisted tools helping malicious actors expand their attack surface?

Accepted Answer

Absolutely. Malicious actors are using AI in many of the same ways that defenders are, but with a very different goal in mind. AI has helped threat actors with automation, speed, innovation and adaptation, to name a few. Additionally, when insecure code is produced with vulnerabilities, you are essentially rolling out the welcome mat for attackers. Hackers can and will take advantage of mistakes such as unchecked inputs and weak authentication, and there are several ways vulnerable code can be exploited, further underscoring the need for strong security guardrails.

Question 5

BN: How can organizations best protect themselves from evolving threats in a landscape that is constantly shifting and how can secure by design help defenders stay ahead of adversaries?

Accepted Answer

Secure by design (SbD) is what all organizations should be looking to achieve. Security must be implemented from the very start of the software development lifecycle (SDLC) and the collaboration between security leaders and developers is paramount. It is not in our best interest to attempt to apply security when applications are already in production, as it puts us significantly behind. By prioritizing security at the beginning of the SDLC, we make it more difficult for hackers to gain an edge and tip the scale in our favor. What makes SbD such an effective strategy is the commitment to the education of the developers. By establishing programs that focus on improving the knowledge, expertise, and skills of developers, we’re arming ourselves with arguably one of the best lines of defense: adept professionals that are highly capable of working with security teams to reduce the risk of flaws in software. By ensuring that we have developers who can create secure code from the start, and who can identify if code generated by AI is secure from the start, we’re making significant strides as an industry. Image credit: serezniy/depositphotos.com

Secure by Design

AI is an even playing field -- how secure by design can tip the scale [Q&A]

TP-Link becomes a CVE Numbering Authority to improve cybersecurity

Incorporating 'secure by design' into the software supply chain [Q&A]

Inside Pluton -- Microsoft's security processor that's coming to a PC near you soon

Google shows its commitment to Secure by Design

Recent Headlines

Disney and OpenAI strike deal to bring classic characters to Sora

GenAI lacks the creativity to make scientific discoveries [Q&A]

AI use grows in the workplace but organizations struggle to secure the human element

Industrial routers on the front line of attacks

Opera Neon, Opera's experimental agentic AI browser, is now available to all

Over a third of organizations adjust security strategy for AI-driven threats

Stardock releases Fences 6.20 with new Rollup options and desktop fixes

Most Commented Stories

Microsoft will let you remove AI Action from the Windows 11 context menu

Ashampoo announces Burning Studio 27 with smarter ripping and better audiobook tools

Microsoft is preparing to give the Windows 11 Run dialog a much-needed makeover

Google reveals Year in Search 2025

Tuxedo unveils Gemini 17 Gen4 Linux laptop for high performance workloads

Threats improve to slip past firewalls and filters

Microsoft is bringing some massive visual changes to PowerToys v0.97

WhatsApp group chats are about to become much more useful

NEWS

UNITED KINGDOM