— Insights · The Vibe Coding Reckoning
The Vibe Coding Reckoning: Why Enterprises Should Rethink Fully AI-Built Software
Lovable. Vercel. Bitwarden. Moltbook. In a single quarter, the AI-built software movement met production reality — and lost. Here is what every CIO, CTO, and board needs to understand before the next sprint.
Profecia Links Editorial · 12 min read · Enterprise AI Strategy · May 2026
Three months ago, the vibe coding narrative was simple. Describe what you want, an AI builds it, ship to production, scale to millions. Investors valued the platforms in the billions. Collins Dictionary made vibe coding its word of the year. By April 2026, that story had collided with something it could not prompt its way out of: a real-world security record.
In a single week in April, three different AI tooling incidents made headlines. A fourth, from January, had already foreshadowed the pattern. Together they form the clearest evidence to date that fully AI-built software is not yet a production-grade methodology — and that enterprises treating it as one are accumulating a particular kind of debt that does not show up in a velocity dashboard.
This is not a piece against AI in engineering. Profecia uses these tools every day. This is a piece against a specific and increasingly common decision: ship a vibe-coded application to production without engineers in the loop, and hope.
What actually happened in Q1 and Q2 2026
Four documented incidents. Four named platforms. Each one shows a different way the no-human-in-the-loop model breaks.
Lovable — 48 days of exposed projects
BOLA · April 2026
$6.6B platform · 8M users · 48-day exposure
Any free-tier account could read another user's source code, database credentials, and AI chat histories — via a Broken Object Level Authorization flaw (#1 on OWASP's API Security Top 10). The endpoints checked that you were logged in. They never checked that you owned what you were asking for. A follow-up scan found 170 of 1,645 Lovable-built apps had the same class of access-control failure.
The lesson: a working application is not a safe one. AI agents generate auth code that compiles, passes tests, and looks correct — while skipping the ownership check that separates "logged in" from "authorised."
Moltbook — breached in three days
Supabase exposure · Jan 2026
Founder publicly stated he wrote zero lines of code
A vibe-coded social network launched on January 28, 2026. Within three days, security firm Wiz found a misconfigured Supabase deployment exposing 1.5 million authentication tokens, 35,000 email addresses, and private messages. There was no one on the team capable of auditing what the AI had shipped.
The lesson: when nobody can audit the generated output, the first audit your application gets is from an attacker.
Vercel — compromised via an AI evaluation tool
Third-party AI breach · April 2026
Stolen data listed at $2M on BreachForums
Attackers reached Vercel's internal systems through Context.ai — a third-party AI evaluation tool an employee had connected. A compromised Google Workspace OAuth integration escalated into production access. API keys, source code, and employee records ended up for sale.
The lesson: AI tools are no longer just productivity. They are privileged identities inside your environment. Every agent your team connects is a new attack surface most security models were not designed to cover.
Bitwarden CLI — malware targeting AI credentials
Supply chain attack · April 2026
Malware harvesting Claude, Cursor, Codex credentials
A supply-chain compromise of the Bitwarden CLI delivered malware engineered to scan for and steal credentials belonging specifically to AI coding tools.
The lesson: your AI tools' secrets are now a top-tier asset for organised attackers — on the same shelf as your cloud keys. An enterprise has not finished securing its AI workflow until those credentials are governed.
The data behind the headlines
Individual incidents make a narrative; aggregate data makes a case. Both, in this instance, point the same way.
| 45% Of AI-generated code samples failed OWASP security tests Veracode, 100+ LLMs, 80 tasks | 91.5% Of vibe-coded apps had at least one AI-hallucination-related flaw Q1 2026 assessment, 200+ apps | 5.8× CVE rise: 6 in Jan 2026 to 35 in Mar 2026, traced to AI-generated code Georgia Tech Vibe Security Radar |
The Veracode benchmark is especially worth pausing on. Java performed worst at a 72% failure rate; 86% of generated samples failed cross-site scripting tests, 88% were vulnerable to log injection. These are not edge-case flaws. These are OWASP Top 10 staples — precisely the security ground every senior engineer is trained to defend, and precisely the ground AI generators are statistically most likely to miss.
One finding from a 2025 IEEE-ISTAS controlled experiment deserves to be on every CTO's wall: critical vulnerabilities rose by 37.6% after just five rounds of AI-assisted code refinement. Iterating on AI output does not self-correct security flaws. It compounds them. The "fix it" prompt that feels like progress is, statistically, the prompt most likely to introduce the next problem.
“
The flaws were not in the AI's syntax. They were in the assumptions no one made it state. That is the gap a human engineer fills — and the gap a fully AI-built application leaves open.
So what should the enterprise takeaway actually be?
It is tempting to read these stories and conclude that AI in development is a mistake. That would be the wrong conclusion, and a more dangerous one than the original hype. The productivity gains from AI-assisted engineering are real and measurable, and the platforms are improving fast.
The right conclusion is more specific. Fully AI-built software — software produced and shipped without a competent engineer in the review path — is currently the highest-risk way an enterprise can adopt this technology. The same AI tools, used inside a disciplined engineering process, are an extraordinary force multiplier. The differentiator is the workflow, not the model.
The Profecia view
The question is not "should we use AI to build software?" It is "who owns the output before it ships?"
Lovable, Moltbook, and the rest are not failures of artificial intelligence. They are failures of governance — of organisations adopting a generation tool faster than they adopted a review discipline. The technology was not the weakest link. The absent human was.
For enterprises, the path forward is not less AI. It is AI with the right humans in the right places.
The Profecia Approach
AI Native Apps. Human in the Loop.
Enterprise.AI is how Profecia builds with AI for production. It is not a tool, a platform, or a vendor relationship. It is a delivery discipline — designed so the speed of generative tooling is captured, and the failure modes documented above are not.
— The Human-in-the-Loop Workflow —
| 01 · Generate AI Agents Scaffolding, boilerplate, drafts, tests, refactors at machine speed | → | 02 · Review Profecia Engineers Architecture, security, business logic, compliance, edge cases | → | 03 · Ship Production-Grade Auditable, maintainable, secure software the client actually owns |
— What Enterprise.AI Guarantees —
| i. Engineer-Reviewed by Default No AI-generated code reaches your production environment without sign-off from a senior Profecia engineer who understands your stack, your security posture, and your business rules. | ii. Security Built In, Not Bolted On OWASP Top 10, BOLA, RBAC, secrets handling, dependency hygiene — the checks Lovable missed are not a final pre-launch step in our process. They are continuous, automated, and human-verified. |
| iii. Auditable AI Provenance Every AI-generated commit is tagged, traceable, and reviewable. When a vulnerability is found anywhere, we can identify every other piece of related code that may share the same pattern — in hours, not 48 days. | iv. Designed for Maintenance, Not Demos Vibe-coded prototypes are architectural Frankensteins. Enterprise.AI deliverables follow consistent patterns, are documented for human engineers, and are designed to be safely extended in years two, three, and beyond. |
| v. Governed AI Tooling We treat AI agents as privileged identities. Approved tool lists, credentialled access, monitored egress, OAuth governance. The Vercel and Bitwarden incidents are categorically harder to repeat inside a Profecia-governed environment. | vi. Business Logic Stays Human The thirteen-branch invoicing rule. The regulatory carve-out from 2019. The contract clause that only the finance director remembers. AI handles the structure. Profecia engineers handle what the AI cannot know. |
Work with us
Already shipped something AI-built? Or about to?
Whether you have a vibe-coded application in production that needs an honest audit, an AI workflow that needs governance, or a new build where you want the speed of generative tooling without the security debt — Profecia's Enterprise.AI practice is built exactly for this moment.
Top comments (2)
The enterprise angle sharpens this well - what's a fun shortcut for a solo hacker is a compliance/liability nightmare at enterprise scale, where "we can't explain how this code works or prove it's secure" is a dealbreaker, not a quirk. Enterprises don't fear AI-built software because it's AI-built; they fear UNVERIFIED software with no audit trail, no test coverage, and no one who understands it. The reckoning isn't "stop using AI," it's "AI-built without governance is unacceptable here."
Which is the more precise framing I'd push: the answer isn't rejecting AI-generated software, it's demanding the governance layer enterprises always required - verification gates, test coverage, security scanning, an audit trail of what was generated and reviewed. AI-built CAN meet that bar; ungoverned vibe code can't. That governed-generation stance is exactly what I build toward in Moonshift (a multi-agent pipeline that ships a prompt to a deployed SaaS) - generated AND verified/gated/logged, so the output could actually pass an enterprise review. Sharp, needed counterweight to the hype. Do you think enterprises reject AI-built software wholesale, or just demand the verification/governance that consumer vibe-coding skips? I'd bet the latter is where it lands.
The "reckoning" framing is fair, the honeymoon where everyone celebrated AI-built software is meeting the maintenance-and-accountability bill. The enterprise concern was never can-AI-write-it, it's who-owns-it-when-it-breaks and can-you-explain-what-it-does. Fully AI-built without a verification and ownership layer is a liability, not because the code is bad, but because nobody understands it and nothing proves it's correct. The path forward isn't less AI, it's AI plus a hard verify gate and human ownership of the critical decisions. That's the line I draw in Moonshift. Where should enterprises draw it, which layers stay human?