Good Vibes or Bad? Experts Weigh In on the AI Trend That Could Shake Hosting Security

A buzzword born from a new wave of AI-assisted development, “vibe coding” is changing the way websites and apps are built.

The hottest trend in development is vibe coding, an AI-based programming technique that refers to asking an LLM to write code.

For example, instead of writing JS to create a button that changes color on hover, a user might say: “Make a button that turns red when hovered over.” Then the AI translates it into code.

It’s a practically effortless way for both novice and experienced developers to get websites, apps, and updates out there faster than before.

For hosting providers in particular, integrating AI-driven web building lessens the competition between some of the most popular low- to no-coders, like Wix, Squarespace, and Shopify.

It’s a good business decision because it’s what the market wants. But experts warn that its rapid rise comes with hidden risks.

Ed Charbeneau from software company Progress is a strong supporter of AI. That is as long as it’s used within the right boundaries — because sometimes, reputation precedes reality.

“‘Vibe coding’ is the hot new influencer term for using AI to generate apps. While it looks impressive on the surface, I have my reservations,” he said.

The concern is that vibe coding might just be another shiny trend without long-term staying power.

“Development tools have a long history of promising coding solutions that produce complete applications with little to no effort,” he said, comparing it to Microsoft Access.

Once marketed as a user-friendly, low-code platform, Microsoft Access was ultimately criticized for its limited flexibility and scalability.

He continued: “[T]he latest vibe-coded AI-powered solutions of today share similar challenges. Can it scale, is it secure and is it maintainable?”

Zooming out, Charbeneau said he believes that what’s really needed is stronger lifecycle management behind the scenes.

“In the short term, these solutions are perfect for proving concepts and prototyping. Long-term solutions still require a well-planned SDLC.”

AI — particularly LLMs like ChatGPT — is known for its occasional issues. For instance, ChatGPT has consistently made the same mistakes in basic spelling and math.

Yes, LLMs are constantly being trained to improve reliability, but is it smart enough for total control over code development?

Josh Jacobson, from cybersecurity platform HackerOne, doesn’t think so: Going all-in on AI coding can leave your applications exposed.

“Just as GenAI democratizes tools for cybercriminals, sole reliance on AI to develop code puts applications at risk by enabling developers with little to no experience to generate code, without the training or best practices needed to secure it.”

He added: “This shift removes human review fully from essential parts of the development loop, leading to gaps in code quality ripe for attackers to exploit.”

The same goes for vibe coding: Without proper oversight, you’re too late to realize what AI could sneak in.

“Even the best models can still be prone to hallucinations and errors,” Jacobson said. “Which could cause more harm than good.”

AI tools have completely democratized the software development process.

But with more people comes more responsibility, warns Greg Foster of Graphite, a code review platform — and a fellow vibe coder himself.

“We need more rigorous review and testing to ensure the AI-generated code is correct, performant, and secure,” he said.

That’s especially important because vibe coders often lack the engineering experience to properly evaluate or safely deploy what the AI spits out.

So maybe keep a human in the loop, even if it’s off to the sidelines, as long as they’re ready to step in when it matters.

“Without AI companions in the review, testing, and deployment processes, teams risk shipping code with bugs or security vulnerabilities,” he warned.

“And that creates a bottleneck in website and app development, despite the promised speed boost from AI.”

Manish Kapur, Sr. Director of Product & Solutions at Sonar (code quality and code security leader), echoed that sentiment, adding that education is just as important as oversight.

“Vibe coding with AI can feel like a creative flow, but it’s easy to overlook critical issues when you’re in the zone. AI-generated code should always be validated for quality, security, and maintainability, ensuring that the speed and creativity of vibe coding can be embraced without sacrificing reliability or long-term code health,” he said.

“Without a strong foundation in coding basics, it can lead to bugs, vulnerabilities, and unmaintainable code.”

Whether you lean on a human reviewer or a smart tool, the bottom line stays the same: Always check your code.

Amir Kazemi from Cycode, an application security management platform, understands the appeal of vibe coding, where speed and creative freedom are the main draws.

But “It can dangerously lower the bar for introducing security flaws,” he warned. “We need to make sure it doesn’t end up as an excuse for low-quality, risky work.”

Modern apps are filled with landmines, from SQL injections and cross-site scripting (XSS) to exposed secrets and supply chain attacks.

“Catching these issues requires careful scanning and broad security coverage,” Kazemi said.

He believes enterprises are the most at risk. It makes sense. Given the amount of precious data they store, enterprise data is a hot-ticket item.

That’s likely why current and previous administrations have pushed for enterprises to collaborate on setting cybersecurity standards.

Some agreed-upon best practices include regular security audits, strong encryption policies, adopting zero-trust models, and using AI-powered threat detection.

Whichever side of the fence you find yourself on, vibe coding promises to make software development faster, more inclusive, and more efficient.

But as experts have warned, speed without security is a risky trade-off, because the fact is that innovation cuts both ways.