Two things happened this week that every vibe coder needs to know about.
On March 24, the head of the UK's National Cyber Security Centre stood on stage at RSA Conference and told the global security community that vibe coding is creating "intolerable risks." The same day, attackers backdoored LiteLLM, a Python package with 95 million monthly PyPI downloads, through a poisoned security scanner in its CI/CD pipeline.
One is a warning. The other is proof.
What the NCSC Actually Said
Richard Horne, CEO of the NCSC (the UK's equivalent of CISA), didn't mince words.
"The attractions of vibe coding are clear. Disrupting the status quo of manually produced software that is consistently vulnerable is a huge opportunity, but not without risk of its own."
He went further: "The AI tools we use to develop code must be designed and trained from the outset so that they do not introduce or propagate unintended vulnerabilities."
The NCSC also published a blog post the same day calling AI-generated code an "intolerable risk" for many organizations. They referenced the term "SaaSpocalypse" to describe what happens when everyone starts vibe coding replacements for their SaaS subscriptions without thinking about security.
Their core message: if the security community doesn't get involved now, the vibe coding future will be built without them. Just like what happened with early cloud adoption.
The LiteLLM Attack: What Actually Happened
While Horne was on stage warning about supply chain risks, the security community was already dealing with one.
On March 24, malicious versions of LiteLLM (1.82.7 and 1.82.8) were uploaded to PyPI. The attacker didn't compromise LiteLLM directly. They went upstream. They poisoned Trivy, a popular open-source security scanner, through a rewritten GitHub Action tag. When LiteLLM's CI/CD pipeline ran Trivy as part of its normal build process, the malicious code injected a credential stealer into the published package.
Read that again: a security scanner was used as the attack vector.
The malicious versions were designed to steal credentials and exfiltrate encrypted data. Multiple security firms (Endor Labs, JFrog, Snyk) confirmed the attack. The compromised packages were live on PyPI for hours before removal.
95 million monthly downloads. Credential theft payload. Injected through a security tool.
Why This Matters for Vibe Coders
If you're shipping apps with Cursor, Lovable, Bolt, or Replit, here's why these two events should change how you think:
1. Your dependencies are the attack surface.
You're not writing most of the code. AI is. And AI pulls from package ecosystems that are actively targeted. The LiteLLM attack shows that even security tools themselves can be compromised. npm install and pip install are trust decisions.
2. AI-generated code inherits AI-generated vulnerabilities.
The NCSC is right. Current AI tools don't consistently produce secure code. They produce code that works. "Works" and "secure" are different things. Exposed API keys, missing authentication, open database policies, CORS wildcards. These are the defaults AI gives you.
3. Nobody is coming to save you.
The NCSC is calling for safeguards, but they don't exist yet. There's no "vibe coding security standard." No built-in scanning in most AI coding tools. If you shipped an app last week, its security is your problem today.
What You Can Actually Do
Stop reading security news and panicking. Start doing these five things:
Check your dependencies. Run npm audit or pip audit on every project. Today. If you don't understand the output, paste it into your AI coding tool and ask it to explain.
Scan your deployed app. Tools like Aikido, Snyk, and VibeCheck scan for the basics: exposed secrets, missing security headers, open databases. Most have free tiers. Use them.
Pin your dependency versions. Don't use ^ or ~ in package.json. Don't use >= in requirements.txt. Lock exact versions. The LiteLLM attack only hit people who pulled the latest version.
Add security headers. If you're on Vercel or Netlify, add a vercel.json or _headers file with Content-Security-Policy, X-Frame-Options, and Strict-Transport-Security. AI can generate these for you in 30 seconds.
Review what your AI built. You don't need to read every line. Search your codebase for: hardcoded API keys, CORS: *, disabled authentication, public database policies. These are the four things that get vibe-coded apps hacked.
The Bigger Picture
The NCSC compared vibe coding to early cloud adoption. When SaaS first appeared, security professionals raised concerns. The business benefits were so obvious that the industry moved forward anyway, and we spent the next 20 years fixing the problems they warned about.
Vibe coding is at the same inflection point. The productivity gains are real. The security gaps are real. And right now, there's a window where the tools and practices are being defined.
The NCSC's CTO put it clearly: organizations should start implementing safeguards now, not when the technology matures.
For solo founders and indie builders, the translation is simple: scan your code, check your dependencies, add security headers. These aren't difficult. They take minutes. And they're the difference between being part of the problem the NCSC is warning about and being ahead of it.
I test every vibe coding security scanner so you don't have to. Full comparison: I Tested Every Vibe Coding Security Scanner (2026)
Top comments (0)