Just like you You probably don’t grow and crush wheat to make flour for your bread, most software developers do not write each code line in a new project from scratch. Doing so will be very slow and can create more security issues than solving it. Therefore, developers gain existing libraries – most of which are open source projects – to obtain various basic software components.
While this approach is efficient, it can cause exposure to the software. However, increasingly, the emergence of Vibe programming is used in a similar way and enables developers to quickly rotate the code so that they can adapt from the beginning instead of writing. Security researchers warn that this new genre of plug -in and game will create a more sophisticated and more sophisticated software chain.
“We are now hitting the fact that AI is going to lose its grace for security,” says Alex Ganla, chief technology manager for the Cloud EDERA. “And artificial intelligence is its worst enemy in terms of production of code, which is insecure. If artificial intelligence teaches some of the old, vulnerable or low -quality software available there, then all the vulnerabilities that have been reused and re -introduced, not new.”
In addition to sucking potentially insecure educational data, the reality of vibe coding is that it produces a draft code that may not consider all specific areas or considerations about a specific product or service. In other words, even if a company teaches a local model on the source code of a project and describing the natural language of the goals, the production process still relies on the ability of human referees to identify any defect or potential incompatibility in the code initially created by artificial intelligence.
“Engineering groups need to think about the development cycle in the Vibe Coding period,” says Eran Kinsbrune, a researcher at the CHECKMARX Program. “If you want to write exactly the same LLM model for their own source code, each time the output will have a slightly different output. One developer in the team creates an output and the other developer intends to gain a different output, so it introduces an additional complication beyond the open source.”
In a checkmarx review of senior information security officers, program security managers and development chiefs, one -third of the respondents said more than 60 % of their organization code was produced by artificial intelligence in 2024. Checkmarx voted for thousands of experts and released the findings in August – emphasizing that the development of artificial intelligence makes the “ownership” of the code harder.
