"Vibe coding" is the practice of using LLMs like Cursor, Bolt, Lovable, Replit Agent, and Claude Code to generate working software from natural-language prompts, often without thorough review. Andrej Karpathy coined the term in February 2025. In May 2026, a Red Access report identified more than 380,000 publicly accessible web assets across the leading vibe-coding platforms, with over 2,000 of them exposing sensitive corporate, operational, or personal data on the open web, deployed without basic access controls. A Georgia Tech-led study published in April ("Bad Vibes: AI-Generated Code is Vulnerable") tracked 74 confirmed CVEs (Common Vulnerabilities and Exposures) in vibe-coded apps, including 14 critical and 25 high-severity. Ox Security puts the share of AI-generated code shipping with at least one vulnerability at 62%. And 35 of those CVEs came in March 2026 alone -- more than all of 2025 combined.

1. The Bomb Already Went Off (security researchers)

This isn't a warning anymore. It's a description.

2,000 vibe-coded apps are already leaking data on the open internet. Red Access identified more than 380,000 publicly accessible web assets across the major vibe-coding platforms; the 2,000+ leaking sensitive data were deployed without basic access controls. Hacker News framed it bluntly: most companies' security stacks can't see vibe-coded apps at all.

The CVE rate is so high. Georgia Tech's "Bad Vibes" paper finds AI-generated code structurally vulnerable, not occasionally. March 2026 logged more vibe-coding CVEs than all of 2025 combined. Futurism described the result as apps "spilling personal information directly into the maw of greedy hackers."

2. But Just Look How Quick This Happened (Karpathy and the vibe-coder defense)

If you wait for production-grade security, nobody ships. That's the trade.

Karpathy never sold vibe coding as a security model. His original framing was to "fully give in to the vibes, embrace exponentials, and forget that the code even exists" -- explicitly the prototyping and personal-software lane, where the trade-off is intentional.

Defenders say the alternative is no software at all. The Pragmatic Engineer's case is more cautious -- vibe coding is best suited for prototyping, and conflating throwaway apps with production systems is the actual error. The people using it as a prototyping tool understand they're skimping on security.

3. The Model Is Broken, Not the Vibes (the structural read)

The AI was trained to make code run, not to make code safe. Fix the AI.

The vulnerabilities trace to what LLMs optimize for. Code-generation models reward "it compiles and works" not "it's secure," because that's the loss function they trained on; that's why the same prompt produces the same SQL-injection-prone snippet across providers.

Don't ban it -- fix the toolchain. Cloud Security Alliance and Ox Security have published prescriptive frameworks: code-security AI tools inside the loop, automated sandboxing, mandatory review for anything user-facing. The capability isn't going away -- the production pipeline around it has to catch up.

Where This Lands

Red Access found 2,000 vibe-coded apps spilling sensitive data on the open web this month, on top of a CVE rate that's overtaken all of last year in a single quarter. The security camp says the bomb already went off; Karpathy and his side say speed was always the trade-off; and yet others say the right move is to fix the AI tools and the review pipeline.

Sources