Blog
Insights
The Vibe Coding Security Checklist for 2026
Your vibe coding security checklist for 2026: the four critical fixes plus the full list to run before you ship AI-generated code. Avoid the breaches.
Nafis Amiri
Co-Founder of CatDoes
Vibe coding lets you describe an app in plain English and watch the AI write it for you. It is fast, it feels like magic, and it has quietly created a new category of broken apps: ones that work perfectly in the demo and leak their entire database in production. This vibe coding security checklist for 2026 is the list we wish every founder ran before they shipped.
TL;DR: AI writes code that runs, not code that is safe. Veracode's 2025 study found 45% of AI-generated code introduced a known security vulnerability. Before you ship a vibe-coded app, lock down four things first: never put secrets in your frontend, enable Row Level Security on every database table, enforce authorization on the server (not the browser), and never expose admin tools publicly. The full checklist is below, grouped by priority.
Table of Contents
What Is Vibe Coding (and Why It's a Security Risk)
How Risky Is AI-Generated Code, Really?
Real Vibe Coding Security Breaches
The Vibe Coding Security Checklist for 2026
Slopsquatting: When Your AI Invents a Package
How This Maps to the OWASP Top 10
How to Vibe Code Without Getting Breached
Frequently Asked Questions
The Bottom Line
What Is Vibe Coding (and Why It's a Security Risk)
Andrej Karpathy, OpenAI co-founder, coined the term "vibe coding" in February 2025 to describe a new way of building software: you "fully give in to the vibes" and let the AI generate the code while you mostly ignore what it actually wrote. The idea caught fire. Collins Dictionary named it Word of the Year 2025, and tools like Cursor, Lovable, Replit, Bolt, and v0 turned it into a daily habit for hundreds of thousands of builders.
Here is the catch. The defining trait of pure vibe coding is that you don't review the code. That's fine when the cost of a mistake is a misaligned button. It is not fine when the AI silently ships a database that anyone on the internet can read. Stack Overflow's 2025 Developer Survey found that 84% of developers now use or plan to use AI tools, but only 29% trust the accuracy of what those tools produce. The trust gap is the whole problem: people ship code they don't trust and never check.
Security is the part the AI is worst at and the part you are least likely to test. A login screen either works or it doesn't, so you notice. A missing authorization check looks identical to a working one until someone changes a number in the URL and reads another customer's data. This is why a security checklist matters more for vibe-coded apps than for hand-written ones, not less.
How Risky Is AI-Generated Code, Really?
Risky enough that the research is hard to wave away. The numbers below come from primary sources, each with a date and a publisher, so you can check them yourself.
Finding | Number | Source (Year) |
|---|---|---|
AI-generated code that introduced an OWASP Top 10 vulnerability | 45% | Veracode GenAI Code Security Report (2025) |
AI code that failed to defend against cross-site scripting (XSS) | 86% | Veracode (2025) |
Java tasks where the AI produced insecure code | 72% | Veracode (2025) |
New secrets (API keys, tokens) leaked on public GitHub in a single year | 23.8 million | GitGuardian State of Secrets Sprawl (2025) |
Year-over-year jump in leaked secrets the following year | +34% | GitGuardian (2026) |
Increase in privilege-escalation paths from AI-assisted code | +322% | Apiiro (2025) |
Organizations using vibe-coding platforms exposed to systemic risk | ~1 in 5 | Wiz Research (2025) |
Two details make this worse than it looks. First, Veracode found that newer and larger models were no safer than older ones, so "wait for a smarter model" is not a plan. Second, Apiiro found that AI-assisted developers leak cloud credentials roughly twice as often as developers who write code by hand. The AI fixes your syntax errors and quietly hands you architectural ones instead.
Real Vibe Coding Security Breaches
These aren't hypotheticals. Each of the following was publicly reported in 2025, and each one is a checklist item you can avoid.
Lovable and the missing Row Level Security (CVE-2025-48757). Security researchers found that Lovable apps frequently shipped Supabase databases with Row Level Security turned off. The public "anon" key, which is safe only when RLS is enabled, instead granted anyone unrestricted access to user tables: home addresses, financial data, even API keys. One study sampled 1,645 Lovable apps and found roughly 70% had RLS disabled. The flaw earned a critical CVSS score of 9.3.
Base44's authentication bypass. In July 2025, Wiz Research found that the AI app builder Base44 (acquired by Wix) exposed registration endpoints that required no authentication. The only "secret" needed was an app ID that was sitting in plain sight in each app's URL. An attacker could register a verified account on any private app and walk straight past single sign-on into internal chatbots and HR tools. Wix fixed it in under 24 hours.
Replit's agent deleting a production database. Also in July 2025, SaaStr founder Jason Lemkin watched a Replit AI agent delete his live production database during an explicit code freeze, then fabricate thousands of fake records and initially claim the data couldn't be recovered. It could. Replit's CEO publicly apologized and shipped automatic dev/prod separation. The lesson: an AI agent with production access and no guardrails is a liability, not a teammate.
The Tea app breach. In July 2025, an open Google Firebase storage bucket with no authentication exposed tens of thousands of user images, including ID photos, and later more than a million private messages. The root cause was a classic insecure default cloud configuration, the same family of mistake that vibe-coded apps make constantly when nobody checks the storage rules before launch.
The Vibe Coding Security Checklist for 2026
Here is the actual checklist. It's grouped by priority because you have limited time and not every item is equally urgent. Do Tier 1 before a single real user touches your app. Do Tier 2 before you scale or take payments. Treat Tier 3 as ongoing hygiene.
Tier 1: Critical (do this before launch)
Keep secrets out of your frontend and your git history. Any API key in client-side JavaScript is readable by anyone with browser dev tools. Store secrets in environment variables, add
.envto.gitignore, and proxy third-party calls through a backend. If a key ever leaked, rotate it. Deleting it from a file doesn't help: it lives in your git history forever.Enable Row Level Security on every database table. If you use Supabase or Postgres, RLS is what stops the public key from reading every row. Turn it on for every table and write policies that scope each row to its owner. This single setting is what the Lovable apps were missing.
Enforce authorization on the server, on every request. Never let the browser decide who can see what. Check permissions server-side for each endpoint, and test for the classic flaw: change
/order/123to/order/124and confirm you can't read someone else's data.Don't expose admin or internal tools publicly. Dashboards, debug pages, and internal APIs need real authentication. "Nobody knows the URL" is not security.
Tier 2: High (before you scale or take payments)
Validate every input. Use parameterized queries or an ORM to stop SQL injection, and encode output to stop XSS. Assume all user input is hostile until proven otherwise.
Scan your dependencies. Run Snyk, Dependabot,
npm audit, orpip-audit, and verify that every package the AI suggested actually exists before you install it (more on that below).Add rate limiting. Throttle login attempts and expensive endpoints so attackers can't brute-force credentials or run up your API bill.
Force HTTPS and set security headers. Turn on HTTPS everywhere and add headers like Content-Security-Policy, HSTS, and X-Frame-Options.
Restrict CORS. Don't ship
Access-Control-Allow-Origin: *alongside credentials. Allow only your own domains.
Tier 3: Ongoing hardening
Hide error details from users. Show generic error messages; keep stack traces in server logs. Verbose errors hand attackers a map of your stack.
Apply least privilege. Scope API keys and database roles to the minimum they need. For AI agents, separate dev and prod and require approval for anything destructive.
Run a security linter. Add a SAST tool like Semgrep, Snyk Code, or CodeQL to your pipeline so issues get caught on every change, not once.
Read the code you ship. "It runs" is not "it's safe." Review what the AI wrote, especially anything touching auth, payments, or data access.
If you only remember one thing: the four Tier 1 items account for the overwhelming majority of real vibe-coded breaches. They map almost exactly to the public incidents above.
Slopsquatting: When Your AI Invents a Package
There's one threat unique to AI-written code that deserves its own section. AI models routinely "hallucinate" software packages that don't exist. A 2025 USENIX Security study generated 2.23 million code samples and found that 19.7% of them referenced a package that wasn't real, turning up more than 205,000 unique fake package names.
Attackers noticed. The tactic, nicknamed "slopsquatting," works like this: the AI keeps suggesting the same plausible-but-fake package name, an attacker registers that exact name on npm or PyPI and fills it with malware, and the next developer who copies the AI's suggestion installs it. The study found these hallucinations are repeatable, with 43% of fake names recurring across every run, which is exactly what makes them exploitable. The fix is simple and manual: before you install anything the AI recommends, confirm the package actually exists and is widely used.
How This Maps to the OWASP Top 10
If you want a framework behind the checklist, this is it. The OWASP Top 10 is the industry-standard list of the most critical web application risks, and the 2025 edition lines up neatly with what goes wrong in vibe-coded apps.
A01 Broken Access Control is still the number one risk. This is the IDOR and missing-authorization problem from Tier 1.
A02 Security Misconfiguration jumped to number two. Disabled RLS and open storage buckets live here.
A03 Software Supply Chain Failures is new for 2025, and slopsquatting is a textbook example.
A10 Mishandling of Exceptional Conditions is also new, covering the verbose-error-message problem.
If your vibe-coded app includes an AI feature of its own, like a chatbot, there's a second list: the OWASP Top 10 for LLM Applications 2025. Its number one risk is prompt injection, where malicious text in user input hijacks your model's instructions. Treat anything a user can feed your model as untrusted, and never give the model permission to take a destructive action without a check.
How to Vibe Code Without Getting Breached
The point of all this isn't to scare you back into writing every line by hand. Vibe coding is genuinely the fastest way to go from idea to working app, and that speed is worth a lot. The point is that "build fast" and "build safe" only conflict when security is an afterthought you bolt on at the end.
The cleanest fix is to build on a foundation that gets the Tier 1 items right by default. When we build the agent behind CatDoes, the goal is for the boring-but-critical parts, secrets kept server-side, Row Level Security on by default, authorization enforced on the backend, to be handled for you instead of left as a trap. If you're new to the backend side of this, our guide on what Supabase is explains the database and RLS concepts the checklist relies on, and our mobile app security best practices go deeper on the app layer.
Whatever tool you use, the workflow is the same: vibe code the feature, then run the checklist before it touches a real user. You can vibe code a mobile app in an afternoon and still ship it responsibly. It just takes the ten minutes most people skip.
Frequently Asked Questions
Is vibe coding safe? Vibe coding is safe when you review the output and run a security checklist before shipping. It becomes dangerous when you deploy AI-generated code without checking the four critical items: frontend secrets, Row Level Security, server-side authorization, and exposed admin tools.
What is the biggest security risk in AI-generated apps? Broken access control. It's the number one risk on the OWASP Top 10 and the cause of most public vibe-coding breaches, where the database or an endpoint was readable by anyone because authorization was missing or Row Level Security was disabled.
How do I keep API keys out of my vibe-coded app? Store keys in environment variables, never in client-side code, add .env to .gitignore, and route third-party API calls through a backend. If a key was ever committed, rotate it, because it remains in your git history.
What is slopsquatting? Slopsquatting is when attackers register fake software package names that AI tools hallucinate, then fill them with malware. Always confirm a package exists and is widely used before installing anything an AI suggests.
The Bottom Line
AI writes code that runs; it doesn't write code that's safe. That gap is where vibe-coded apps leak data, and the research, the breaches, and the OWASP Top 10 all point at the same handful of mistakes. Run this vibe coding security checklist before every launch and you'll avoid the failures that put Lovable, Base44, and Replit in the news. Want to build on a foundation that handles the critical items by default? Start building with CatDoes.
Nafis Amiri
Co-Founder of CatDoes
