From Vibes to Vulnerabilities: Preventing AI’s Code Apocalypse
AI writes code faster than ever. But what happens when it writes SQL injections, broken auth, and data leaks faster than we can say ‘FOSS’?”
In this 15-minute talk, I’ll explore the dark side of vibe coding (AI-generated code) and protocols like Anthropic’s MCP, which are democratizing software development but also introducing massive security gaps.
What I’ll show:
A live demo of hacking an AI-built app: Watch me trick an AI into writing vulnerable code (spoiler: it takes one vague prompt), then exploit it to dump fake user data.
FOSS to the rescue: I’ll introduce VibeGuard– a community-driven, open-source tool* that scans AI-generated code and MCP integrations for risks like:
- 🚨 Unsanitized inputs (hello, SQLi!).
- 🔓 Overprivileged MCP servers (goodbye, sensitive databases!).
KEY TAKEAWAYS
- By the end of this talk, attendees walk away with: The Good, the Bad, and the AI
- How vibe coding and MCP are reshaping development – and what could go horribly wrong.
- Community as a Superpower - How you can contribute to VibeGuard – because securing AI shouldn’t be a solo mission.
Why this matters:
AI is making coders of everyone – but without FOSS-powered security, we’re building a ticking time bomb.
Here is the blog which I've written on this topic where you can find all the relevant proofs related to this:
Blog for Vibe to Vulnerability
https://www.rohan.sh/blogs/4/vibe-coding-to-vulnerability
Open Source Repo link
link to project
KEY TAKEAWAYS
By the end of this talk, attendees walk away with: The Good, the Bad, and the AI
How vibe coding and MCP are reshaping development – and what could go horribly wrong.
Community as a Superpower - How you can contribute to VibeGuard – because securing AI shouldn’t be a solo mission.
Rohan Sharma
