Vibe code needs careful debugging to avoid introducing vulnerabilities, says Tenzai.

InfoWorld is a source of news, analysis, and commentary on technology trends, IT strategies, and business innovation. With a focus on enterprise technology and digital transformation, InfoWorld offers insights and guidance for IT decision-makers, software developers, and technology professionals. From  articles on cloud computing and cybersecurity to product reviews and industry trends, InfoWorld helps readers navigate the complexities of modern IT environments and make informed decisions to drive business success.

InfoWorld

A Tenzai study found that popular AI coding tools like Claude Code, OpenAI Codex, Cursor, Replit, and Devin generated 69 vulnerabilities across 15 test applications, including critical flaws in API authorization and business logic. While these tools successfully avoid common issues like SQL injection and XSS, they struggle with context-dependent security decisions. The tools lack the intuitive understanding human developers bring to business logic, making them prone to authorization and workflow vulnerabilities. Experts recommend integrating security checks directly into AI coding environments rather than relying solely on post-generation debugging and code review.

Output from vibe coding tools prone to critical security flaws, study finds