DEV Community: 문세환 The latest articles on DEV Community by 문세환 (@_55c9ae90dd2b13bd715f5). https://dev.to/_55c9ae90dd2b13bd715f5 https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F3994380%2F6a9ca436-175c-4718-a26e-fd72accfb161.png DEV Community: 문세환 https://dev.to/_55c9ae90dd2b13bd715f5 en I built a security scanner for AI-generated code — here's what it found 문세환 Sat, 20 Jun 2026 16:28:43 +0000 https://dev.to/_55c9ae90dd2b13bd715f5/i-built-a-security-scanner-for-ai-generated-code-heres-what-it-found-3ii https://dev.to/_55c9ae90dd2b13bd715f5/i-built-a-security-scanner-for-ai-generated-code-heres-what-it-found-3ii <p>Vibe coding is everywhere. You prompt Claude or ChatGPT, paste the output, ship it. Fast. But here's the problem nobody talks about: <strong>AI models consistently produce the same security mistakes, over and over</strong>.</p> <p>I spent the last few months building a scanner specifically for this pattern. Here's what I found.</p> <h2> The Problem With AI-Generated Code </h2> <p>When an LLM writes code, it optimizes for <em>working</em> code, not <em>secure</em> code. And it tends to make the same class of mistakes:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="c1"># AI loves this pattern — looks clean, is dangerous </span><span class="k">def</span> <span class="nf">get_user</span><span class="p">(</span><span class="n">user_id</span><span class="p">):</span> <span class="n">query</span> <span class="o">=</span> <span class="sa">f</span><span class="sh">"</span><span class="s">SELECT * FROM users WHERE id = </span><span class="si">{</span><span class="n">user_id</span><span class="si">}</span><span class="sh">"</span> <span class="c1"># SQL injection </span> <span class="k">return</span> <span class="n">db</span><span class="p">.</span><span class="nf">execute</span><span class="p">(</span><span class="n">query</span><span class="p">)</span> </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="c1"># AI generates this constantly for file handling </span><span class="k">def</span> <span class="nf">read_file</span><span class="p">(</span><span class="n">filename</span><span class="p">):</span> <span class="n">path</span> <span class="o">=</span> <span class="n">os</span><span class="p">.</span><span class="n">path</span><span class="p">.</span><span class="nf">join</span><span class="p">(</span><span class="n">BASE_DIR</span><span class="p">,</span> <span class="n">filename</span><span class="p">)</span> <span class="c1"># path traversal if filename = "../../etc/passwd" </span> <span class="k">return</span> <span class="nf">open</span><span class="p">(</span><span class="n">path</span><span class="p">).</span><span class="nf">read</span><span class="p">()</span> </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="c1"># The "vibe coding" stub — looks implemented, does nothing </span><span class="k">def</span> <span class="nf">save_user_data</span><span class="p">(</span><span class="n">data</span><span class="p">):</span> <span class="c1"># TODO: implement database saving </span> <span class="k">return</span> <span class="p">{</span><span class="sh">"</span><span class="s">status</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">saved</span><span class="sh">"</span><span class="p">}</span> <span class="c1"># MISSING_WRITE: no actual DB write </span></code></pre> </div> <p>These aren't obscure edge cases. They're patterns that appear in AI-generated code <em>constantly</em> because the models learned from code that had these issues.</p> <h2> What I Built: VibeGuard </h2> <p>VibeGuard is an AST-based scanner with 48 detection patterns specifically tuned for AI-generated code:</p> <ul> <li> <strong>33 security patterns</strong>: SQL injection, command injection, path traversal, XSS, SSRF, hardcoded secrets, eval/exec, weak crypto...</li> <li> <strong>15 vibe-coding patterns</strong>: stub skeletons, missing DB writes, fake async, dead call results, hardcoded lookup tables...</li> <li> <strong>9 languages</strong>: Python, JavaScript, TypeScript, Go, Ruby, Java, PHP, Kotlin, C/C++</li> </ul> <p>The key difference from tools like Bandit or Semgrep: <strong>VibeGuard knows what AI-generated code looks like</strong>. It doesn't just find security bugs — it finds the specific anti-patterns that emerge when LLMs write code.</p> <h2> Try It Right Now (30 seconds) </h2> <p>No install needed. Just curl:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>curl <span class="nt">-X</span> POST https://pleasing-transformation-production-90c2.up.railway.app/v1/scan <span class="se">\</span> <span class="nt">-H</span> <span class="s2">"X-API-Key: vg_free_test"</span> <span class="se">\</span> <span class="nt">-F</span> <span class="s2">"file=@your_file.py"</span> </code></pre> </div> <p>Response:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="p">{</span><span class="w"> </span><span class="nl">"filename"</span><span class="p">:</span><span class="w"> </span><span class="s2">"app.py"</span><span class="p">,</span><span class="w"> </span><span class="nl">"blocks"</span><span class="p">:</span><span class="w"> </span><span class="mi">2</span><span class="p">,</span><span class="w"> </span><span class="nl">"warns"</span><span class="p">:</span><span class="w"> </span><span class="mi">5</span><span class="p">,</span><span class="w"> </span><span class="nl">"issues"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"kind"</span><span class="p">:</span><span class="w"> </span><span class="s2">"SQL_INJECTION_RISK"</span><span class="p">,</span><span class="w"> </span><span class="nl">"severity"</span><span class="p">:</span><span class="w"> </span><span class="s2">"BLOCK"</span><span class="p">,</span><span class="w"> </span><span class="nl">"line"</span><span class="p">:</span><span class="w"> </span><span class="mi">23</span><span class="p">,</span><span class="w"> </span><span class="nl">"detail"</span><span class="p">:</span><span class="w"> </span><span class="s2">"f-string interpolation in SQL — use parameterized queries"</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">]</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <p><strong>Python:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">import</span> <span class="n">requests</span> <span class="k">with</span> <span class="nf">open</span><span class="p">(</span><span class="sh">"</span><span class="s">app.py</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">rb</span><span class="sh">"</span><span class="p">)</span> <span class="k">as</span> <span class="n">f</span><span class="p">:</span> <span class="n">r</span> <span class="o">=</span> <span class="n">requests</span><span class="p">.</span><span class="nf">post</span><span class="p">(</span> <span class="sh">"</span><span class="s">https://pleasing-transformation-production-90c2.up.railway.app/v1/scan</span><span class="sh">"</span><span class="p">,</span> <span class="n">headers</span><span class="o">=</span><span class="p">{</span><span class="sh">"</span><span class="s">X-API-Key</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">vg_free_test</span><span class="sh">"</span><span class="p">},</span> <span class="n">files</span><span class="o">=</span><span class="p">{</span><span class="sh">"</span><span class="s">file</span><span class="sh">"</span><span class="p">:</span> <span class="n">f</span><span class="p">}</span> <span class="p">)</span> <span class="nf">print</span><span class="p">(</span><span class="n">r</span><span class="p">.</span><span class="nf">json</span><span class="p">())</span> </code></pre> </div> <h2> Add It to GitHub CI (2 minutes) </h2> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="c1"># .github/workflows/vibeguard.yml</span> <span class="na">name</span><span class="pi">:</span> <span class="s">VibeGuard Security Scan</span> <span class="na">on</span><span class="pi">:</span> <span class="pi">[</span><span class="nv">pull_request</span><span class="pi">]</span> <span class="na">jobs</span><span class="pi">:</span> <span class="na">scan</span><span class="pi">:</span> <span class="na">runs-on</span><span class="pi">:</span> <span class="s">ubuntu-latest</span> <span class="na">steps</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">uses</span><span class="pi">:</span> <span class="s">actions/checkout@v4</span> <span class="pi">-</span> <span class="na">uses</span><span class="pi">:</span> <span class="s">Moonsehwan/aina-vibeguard-action@v1</span> <span class="na">with</span><span class="pi">:</span> <span class="na">api-key</span><span class="pi">:</span> <span class="s">${{ secrets.VIBEGUARD_KEY }}</span> <span class="na">fail-on-block</span><span class="pi">:</span> <span class="s1">'</span><span class="s">true'</span> </code></pre> </div> <p>Every PR gets scanned. AI-generated SQL injection or stub skeleton → merge blocked.</p> <h2> The 15 Vibe-Coding Patterns </h2> <p>This is what makes VibeGuard different. These patterns don't exist in traditional scanners:</p> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Pattern</th> <th>What It Looks Like</th> </tr> </thead> <tbody> <tr> <td><code>STUB_SKELETON</code></td> <td> <code>def process(data): return {}</code> — LLM left a placeholder</td> </tr> <tr> <td><code>MISSING_WRITE</code></td> <td> <code>def save_user(data): return {"status": "saved"}</code> — no INSERT</td> </tr> <tr> <td><code>FAKE_ASYNC</code></td> <td> <code>async def fetch(): return data</code> — async without await</td> </tr> <tr> <td><code>DEAD_CALL_RESULT</code></td> <td>Calls 3 modules, ignores all return values</td> </tr> <tr> <td><code>HARDCODED_TABLE</code></td> <td>Replaces DB lookup with giant hardcoded dict</td> </tr> <tr> <td><code>INPUT_OUTPUT_DISCONNECTED</code></td> <td>Parameters don't affect return value</td> </tr> <tr> <td><code>MOCK_PATTERN</code></td> <td> <code>unittest.mock</code> in production code</td> </tr> </tbody> </table></div> <p>If you've used Claude Code, Cursor, or Copilot heavily, I promise you have at least one of these.</p> <h2> Real Finding </h2> <p>I scanned a popular open-source AI coding assistant (25K+ stars):<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="n">BLOCK</span> <span class="n">COMMAND_INJECTION</span> <span class="n">agent</span><span class="p">.</span><span class="n">py</span><span class="p">:</span><span class="mi">1222</span> <span class="n">subprocess</span><span class="p">.</span><span class="nc">Popen</span><span class="p">(</span><span class="n">cmd</span><span class="p">,</span> <span class="n">shell</span><span class="o">=</span><span class="bp">True</span><span class="p">)</span> <span class="nb">any</span> <span class="n">malicious</span> <span class="n">config</span> <span class="nb">file</span> <span class="n">can</span> <span class="n">execute</span> <span class="n">arbitrary</span> <span class="n">commands</span> </code></pre> </div> <p>Found in 3 seconds. Bandit missed it. Semgrep missed it.</p> <h2> vs Bandit / Semgrep </h2> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th></th> <th>VibeGuard</th> <th>Bandit</th> <th>Semgrep</th> </tr> </thead> <tbody> <tr> <td>AI code patterns</td> <td>15 specific</td> <td>none</td> <td>none</td> </tr> <tr> <td>Languages</td> <td>9</td> <td>Python only</td> <td>30+</td> </tr> <tr> <td>GitHub Action</td> <td>yes</td> <td>yes</td> <td>yes</td> </tr> <tr> <td>Free tier</td> <td>50 files/day</td> <td>unlimited</td> <td>limited</td> </tr> </tbody> </table></div> <p>The gap is the AI-specific patterns. Bandit and Semgrep are great — they just weren't designed for LLM-generated code.</p> <h2> Try It </h2> <ul> <li> <strong>Free API key:</strong> <code>vg_free_test</code> (50 files/day, Pro features free until June 24)</li> <li> <strong>GitHub:</strong> <a href="https://github.com/Moonsehwan/aina-scan" rel="noopener noreferrer">github.com/Moonsehwan/aina-scan</a> </li> <li> <strong>GitHub Action:</strong> <a href="https://github.com/Moonsehwan/aina-vibeguard-action" rel="noopener noreferrer">Moonsehwan/aina-vibeguard-action</a> </li> </ul> <p>Scan your AI-generated code before it ships. 30 seconds, you'll be surprised what you find.</p> <p><em>AST-based, deterministic. Same input always gives same output. No LLM in the scan pipeline.</em></p> security python ai webdev