Vibe Coding Security: A Practical Guide to AI-Generated Code Risks
What are the security risks in vibe-coded apps, and how do you catch them?
The main vibe coding security risks are not exotic exploits — they are ordinary misconfigurations that ship because AI-generated code optimizes for "works on the first try," not "safe in production." The usual suspects: secrets baked into the client bundle, committed .env files, missing or default access controls, absent security headers, permissive CORS, leftover debug and admin endpoints, exposed source maps, and outdated dependencies with known CVEs. The good news is that most of these are visible from the outside, so an external black-box scan of your deployed domain catches them in seconds — no repo access required.
This guide is the calm version of the topic. No scare statistics, no named breaches — just the well-established classes of AI generated code security issues and a checklist you can act on before you ship.
Why does vibe coding produce these gaps?
"Vibe coding" — building apps fast by prompting tools like Cursor, Lovable, Bolt, v0, or Replit and accepting the output — is great for momentum. But the same speed that makes it useful skips the review steps where security normally gets caught. The Lovable incident (CVE-2025-48757), where a wave of generated apps shipped with their database wide open, is the canonical example of how this plays out.
A model asked to "connect to Stripe and charge the card" will cheerfully put the call in a React component, secret key and all, because that makes the demo work. It does not know that the component compiles into a bundle every visitor can read. It will scaffold an admin route and leave it unauthenticated because authentication wasn't in the prompt. None of this is the model being malicious — it is the model being literal. The vibe coding vulnerabilities below are the predictable shadow of "make it work, fast."
These map cleanly onto long-standing categories in the OWASP Top 10, particularly Security Misconfiguration and Vulnerable and Outdated Components. Nothing here is new. What's new is how quickly the gaps now appear.
The common vibe-coding vulnerabilities
| Vulnerability | Why it happens in AI-generated apps | How an external scan catches it |
|---|---|---|
| Secrets in the client bundle | The model wires an API key directly into frontend code to make a feature work | Pattern-matches the shipped HTML and JS bundles for credential shapes (AWS, Stripe, GitHub, database URLs) |
Committed / exposed .env files | .env gets deployed or committed instead of .gitignored | Probes for /.env, /.env.local, /.env.production and confirms the body looks like real KEY=VALUE content |
Exposed .git/ directory | The whole project folder is served as static files | Requests /.git/config and /.git/HEAD and verifies the git signature |
| Missing security headers | Headers aren't in the prompt, so the framework default ships | Reads response headers, flags missing CSP, HSTS, X-Frame-Options, etc. |
| Weak Content-Security-Policy | A CSP is added but with unsafe-inline / unsafe-eval / wildcards | Parses the CSP and evaluates each directive for known weaknesses |
| Permissive CORS | Access-Control-Allow-Origin: * to "fix" a fetch error | Sends cross-origin requests and inspects the reflected CORS policy |
| Leftover debug / admin endpoints | Scaffolded routes shipped without auth | Content discovery probes for common admin/debug paths on a deep scan |
| Exposed source maps | .map files left in the production build, re-exposing source | Fingerprinting and path probing surface source-map exposure |
| Outdated dependencies (known CVEs) | The model pins whatever version it learned | Technology fingerprint plus the full Nuclei template set on a deep scan |
Secrets in the frontend are the headline risk
This one deserves emphasis because it's both the most common and the most damaging. Anything shipped to the browser is public: inline scripts, bundled JS, JSON config blobs, source maps. If a secret lands there, every visitor can read it with DevTools or a one-line fetch.
Worth knowing: not every key in the frontend is a leak. Some are meant to be public — a Stripe publishable key, a Maps API key locked to your domain by HTTP-referrer restriction, a Supabase anon key gated by row-level policies. The danger is the secret counterpart: a Stripe secret key, an AWS access key, a raw database URL. SteelSuit's secret detection is pattern-based and deliberately does not verify keys against the provider (probing a third party with your credential isn't ours to do), so treat every match as real until you've confirmed otherwise — then rotate and move it server-side. For a deeper walkthrough, see how to find exposed API keys on a website.
The underlying weakness has a name: CWE-798: Use of Hard-coded Credentials.
The vibe coding security checklist
A short, ordered pass you can run before shipping any AI-generated app:
- Search the bundle for secrets. Open DevTools, grep the shipped JS, or run a scanner. Any AWS/Stripe-secret/GitHub/database credential in client code = rotate immediately and move server-side.
- Probe for exposed files. Hit
/.env,/.env.local,/.env.production,/.git/config,/.git/HEAD,/config.json. None should return real content. - Check security headers. Confirm Content-Security-Policy, Strict-Transport-Security (HSTS), X-Frame-Options, and X-Content-Type-Options are present and sane. The MDN HTTP headers reference is the canonical source. For framework-specific setup, see Next.js security headers.
- Test CORS. Make sure you're not reflecting arbitrary origins or pairing
Allow-Origin: *withAllow-Credentials: true. The OWASP CORS guidance covers the pitfalls. - Verify access controls. Every admin, debug, and internal API route should require authentication — even the ones the AI scaffolded "for later."
- Remove debug artifacts. Strip source maps, verbose error pages, and stack traces from production.
- Audit dependencies. Check for outdated packages with known CVEs.
- Re-scan after every deploy. Vibe-coded apps change fast; a clean scan last week says nothing about today's build.
For a broader, framework-agnostic version of this, see the full web app security checklist.
Where external scanning fits
External black-box scanning is the fastest safety net for AI-generated code because it tests the thing that actually matters — what your deployed site serves — without needing your repo, your AI tool's project, or an installed agent. It sees exactly what an attacker sees.
SteelSuit runs that pass from the outside: it inspects the JS bundle for credential patterns, probes for .env and .git exposure, evaluates headers and CSP, runs deep CORS checks, fingerprints your stack, and on a deep scan adds the full Nuclei template set plus subdomain enumeration. A free fast scan takes about 26 seconds; the deep scan (~5–6 minutes) runs after a one-time DNS-TXT proof you own the domain. It hands back a prioritized findings list with stack-specific fix advice — the obvious leaks caught before they reach a single user.
It is not a substitute for reading your own code or for a real penetration test. It is the cheap, repeatable check you run on every deploy so the obvious leaks never reach production. When the scan returns a finding you don't recognize, this guide to reading a vulnerability scan report will help you triage it.
Vibe coding is here to stay, and that's fine — the speed is the point. Just pair it with a thirty-second look from the outside before you call it done.
Frequently asked
Is AI-generated code secure?
AI-generated code is not inherently insecure, but it tends to optimize for 'works on first run' rather than 'safe in production.' The model happily wires a secret into the frontend or skips an auth check if that gets the demo working. The code itself can be fine; the security gaps usually live in configuration, secret handling, and access control — exactly the parts a quick demo glosses over.
How do I check a vibe-coded app for vulnerabilities?
Run an external black-box scan against the deployed domain and walk a short checklist: search the JS bundle for secrets, probe for exposed .env and .git paths, check security headers and CSP, test CORS, look for leftover debug/admin routes and exposed source maps, and review dependencies for known CVEs. SteelSuit automates the external half of that in about 26 seconds for a fast scan.
Can someone steal API keys from my frontend?
Yes. Anything shipped to the browser — inline scripts, bundled JS, source maps — is readable by every visitor via DevTools or a simple fetch. If a private key (AWS, Stripe secret, database URL) ends up in client-side code, treat it as already leaked: rotate it and move the call server-side behind an API route or backend proxy.
What is vibe coding?
Vibe coding is building software by describing what you want to an AI tool (Cursor, Lovable, Bolt, v0, Replit, and similar) and accepting the generated code with minimal manual review. It is fast and great for prototypes, but the speed that makes it useful also skips the review steps where security issues normally get caught.
Does a security scan need access to my source code or AI tool?
No. An external black-box scan only looks at the deployed domain from the outside, the same way an attacker would. It does not read your repository, your AI tool's project, or any installed agent — it inspects what your site actually serves: headers, exposed paths, the JS bundle, CORS behavior, and fingerprinted technologies.