99
‘Vibe coding’ using LLMs susceptible to most common security flaws (www.scworld.com)
submitted 1 week ago by neme@lemm.ee to c/security@programming.dev
16 comments fedilink hide all child comments
top 16 comments
sorted by: hot top controversial new old
[-] ptz@dubvee.org 31 points 1 week ago

Who would have thought letting an AI shit out slop code would produce insecure, slop code? I'm shocked, I tell you. Shocked.

[-] i_dont_want_to 17 points 1 week ago

Just keep giving it more prompts and editing the output until the squiggles go away and it runs. It will be just fine, surely.

[-] 18USCode2381@infosec.pub 25 points 1 week ago* (last edited 1 week ago)

Vibe coding = VaaS, Vulnerabilities as a Service.

[-] iAvicenna@lemmy.world 13 points 1 week ago

[-] Valmond@lemmy.world 10 points 1 week ago

Even classic coders doesn't automatically write safe and secure code.

[-] meliante@lemm.ee 6 points 1 week ago

That's the crux of it. People talk like most coders are some kind of know all security and best practices wise.

That's just a lie or virgin innocence.

Most coders are just keyboard monkeys, those are the replaceable ones.

[-] nexas_XIII@lemm.ee 6 points 1 week ago

Ah yes, as they gain experience and learn they’re still just keyboard monkeys. Guess we should go back and try to type up some Shakespeare eh?

[-] meliante@lemm.ee 3 points 1 week ago

LLMs have been improving at a much faster pace than a programmer gaining experience and learning.

Y'all are just burying your head in the sand.

[-] underscore_@sopuli.xyz 6 points 1 week ago

Bogus comparison. Babies also gain skills and knowledge at a much higher rate than adults but they make poor software architects and are prone to being sick on hardware.

[-] meliante@lemm.ee 1 points 1 week ago

What? That doesn't make any sense. You must be a pRoGrAmMeR!1!!11

[-] nexas_XIII@lemm.ee 2 points 1 week ago

Maybe in pure technical experience. But to fully integrate the business logic, legacy logic, and new logic it’s going to take more than just LLMs (at least for now)

[-] meliante@lemm.ee 2 points 1 week ago

That's the part where there's a person doing the vibe coding. If that person is not completely ignorant, helps.

[-] fubarx@lemmy.world 7 points 1 week ago

Vibecoding without git (so you can revert back to a last working version) is like:

  • Walking into a nightclub without condoms
  • Trick bicycling without a seat
  • Jumping out of a plane without a reserve chute
  • ...
[-] Kissaki@programming.dev 5 points 1 week ago

In Vibecoding you can let the AI do the git commits and reverts

[-] hperrin@lemmy.ca 5 points 1 week ago

Vibe coding is just like passing all your coding tasks off to that friend who’s been doing coding as a hobby for the last four months.

[-] Glitch@lemmy.dbzer0.com 3 points 1 week ago

Lol and hammers are terrible at setting screws. I appreciate the heck out of vibe coding a prototype and massaging it into place. It doesn't work well for security, polish, performance, heck most things really. Vibe coding only really replaced stack overflow lol

this post was submitted on 25 Apr 2025
99 points (100.0% liked)

Security

858 readers
1 users here now

A community for discussion about cybersecurity, hacking, cybersecurity news, exploits, bounties etc.

Rules :

  1. All instance-wide rules apply.
  2. Keep it totally legal.
  3. Remember the human, be civil.
  4. Be helpful, don't be rude.

Icon base by Delapouite under CC BY 3.0 with modifications to add a gradient

founded 2 years ago
MODERATORS
LinearArray@programming.dev