Skip to content
AI Trivia

Jin Daily AI Trivia:

By

Jin Daily AI Trivia: You Dunno What You Dunno — The False Sense of Security in Vibe Coding

The problem is not vibe coding.

The problem is when someone becomes a “FULL vibe coder”, gets one AI answer about Supabase RLS, and suddenly talks like security is solved.

My brother in production, { ok: true } is not a pentest report. “AI would have thought ahead” is not a threat model. “Learn RLS” is not a security audit.

And “I got hacked before, now I can teach paid security class” is not automatically the flex you think it is.

This is exactly the problem with careless vibe coding: the code can look secure, the explanation can sound secure, the AI can mention the right words, but the system can still be wide open.

You don’t know what you don’t know.

That is why security is not about whether the code was written by AI or by a human. Security is about verification.

  • Can a normal user read things they should not read?
  • Can a normal user modify things they do not own?
  • Can public app credentials reach backend surfaces directly?
  • Can storage, realtime, RPC, GraphQL, edge functions, and admin flows be abused outside the app UI?
  • Are the policies actually enforced server-side, or are we just trusting the client because the app screen looks correct?

These are not “traditional coder fear-mongering” questions.

These are basic security questions.

The worst thing for the AI-assisted coding community is not people criticizing vibe coding.

The worst thing is people using vibe coding as a personality, then showing the public that confidence can run faster than competence.

Vibe coding is not the issue. Vibe coding without humility is.

PS: No meaningful rate limiting on login attempts…hmm… That is how “security concern” becomes “give me a few minutes.” And adding captcha later is not the solution when people can easily bypass it.

Jin Daily AI Trivia: illustration

Related trivia