Vibe coding, leveraging AI tools for automated code generation, has gained popularity among developers, but recent research by Backslash Security raises security concerns. They evaluated various AI modelsâ coding outputs based on prompt complexity, discovering that naïve prompts consistently resulted in insecure code. While prompts specifying security needs led to somewhat better outcomes, vulnerabilities were still present. OpenAI's GPT-4o notably performed poorly, emphasizing the need for caution in adopting AI for secure software development amidst these risks.
For security teams, AI-generated code - or vibe coding - can feel like a nightmare," said Yossi Pik, co-founder and CTO of Backslash Security. "It creates a flood of new code and brings LLM risks like hallucinations and prompt sensitivity.
Researchers tested the code output for its resilience against ten Common Weakness Enumeration (CWE) use-cases, finding that 'naïve' prompts generated insecure code, vulnerable to at least four CWEs.
Collection
[
|
...
]