This was a great read, thanks. Definitely provides evidence for my fears about vibe coded projects built by people who lack expertise to guide AI well. And if these are the issues you can see, it makes you wonder about what's hard to discover. Security to me is one of those things you want to be thinking about throughout the whole process of building it, not something you tack on at the end.
I audited 3 vibe coded products that were posted on Reddit in a single afternoon. All three had critical security vulnerabilities. One was a live marketplace with real Stripe payments where any logged-in user could grant themselves admin and hijack payment routing with a single request. Another had development endpoints still in production that let anyone mark themselves as a paid user and give themselves unlimited credits. The third had its entire database of 681,000 salary records downloadable by anyone with no authentication at all.
I wasn't looking for these. They appeared in my feed. I signed up as a normal user and opened dev tools
Common situation for vibe-coded apps. They should really pay you for this. No jokes. Sooner or later, all vibe-coded apps needan expert audit and improvement. AI is good for fun, but not for sustainable businesses.
I wasn't looking for these. They appeared in my feed. I signed up as a normal user and opened dev tools