TL;DR
If you're hiring vibe coders, think again before it's too late. This post isn't about dissing Dioxus; It's about raising awareness...
For further actions, you may consider blocking this person and/or reporting abuse
"Vibe coders" should just hack on fun hobby/weekend projects - employers or companies who hire "vibe coders" to work on mission critical projects are out of their mind :)
True, but some companies might outsource their staff and hire the cheapest options available, thinking that when paired with LLMs, they can function as senior professionals. So, always hire based on actual experience.
Yeah you get what you pay for :-)
Of course it's fine to use AI, but anyone calling themselves a "web developer" should at least have a solid understanding of how HTTP works, plus HTML/CSS/JS, plus a grasp of security fundamentals ... and that's the bare minimum, the bar should of course be a lot higher than that for more complex projects - otherwise how can our 'vibe coder' possibly know if their "AI" is generating anything that makes sense, or meets minimal quality standards? ;-)
But of course I'm preaching to the converted ;-)
Absolutely! AI can help, but it's only as good as the dev using/reviewing it. Without that baseline knowledge, you're just gambling with product reliability and security ;-)
Totally agree security should be the default, not an afterthought. How do you think frameworks could best help newer devs gain the right depth without just locking them out?
Frameworks can help newer developers by providing clear patterns and tools to build real-world projects, while also encouraging them to explore underlying concepts instead of relying solely on abstractions.
In case you're wondering, from my experience in the Rust ecosystem, here's the security tier list:
Leptos is the most type-safe framework I've ever seen/used πΏ.
In terms of developer experience:
Dioxus is the most developer friendly framework in the wild, offering a complete set of features, including CLI tooling, SSR, SSG, server functions, and cross-platform support. For ease of use and prototyping, I always start with Dioxus. I really like its features.
How do you know that these issues were introduced by AI and even more specifically by vibe coding?
Good question! The rise in security vulnerabilities in deployed applications correlates directly with the mainstream adoption of AI-assisted development, especially what's now called "vibe coding". While correlation doesn't automatically imply causation, the timing and scale of these issues are too aligned to ignore. Before 2022 or so, before AI coding tools became omnipresent, we simply did not see this volume or this type of critical security failures appearing at such a rapid rate across the software ecosystem.
"Vibe coding", rapid, intuition-based development with little to no traditional architecture, review, or testing rigor, is inherently at odds with the foundations of software engineering: precision, responsibility, reliability, and security, as mentioned in this post. Scaling code generation by the hundreds or thousands of lines through AI doesn't scale quality, it scales risk. You can't mass-produce reliability. You can't shortcut deep understanding. AI-generated code still hallucinates, makes assumptions, and often lacks contextual awareness of the larger system architecture or evolving threat models. That introduces attack surface, every single time.
Even the best prompt engineering can't prevent these hallucinations completely. And in security, a single oversight, a misplaced validation, an overly permissive config, a missed auth check, is all it takes. The more you flood the codebase with AI-generated snippets, the more surface area you have to secure, and the more likely it is something slips through.
Let's be clear: software engineering is one of the hardest disciplines to fully automate. If we could reliably, securely automate it end-to-end, it would mean nearly all knowledge work could be automated, and we're just not there yet, no matter what the marketing says. That means we're in a transitional era, where AI can assist, but if used recklessly (as it often is under "vibe coding" culture), it degrades the integrity of the product.
So yeah, AI, and especially the culture of unstructured, rapid AI-assisted coding, is absolutely a driving force behind the rise of insecure applications. And this is exactly the moment to double down on learning cybersecurity, because behind every vibe coded app is a job opportunity waiting to be filled.
Good luck π!
Yep, I guess your AI generated response is a good example, but poor way to demonstrate correlation between the 2. We have decades of examples of engineers producing similar and worse vulnerabilities despite the foundations you mentioned. I personally would take your accusations with caution, especially given your low credibility.
Looks objectively human to me, gg!
I am still working on a white paper to demonstrate the correlation between the 2. Expected release: this summer, unless it escapes first.
But, decades of vulnerabilities reflect systemic issues, not the work of well-trained engineers who follow secure design principles since day 0. When precise engineering practices are applied, critical flaws are rare, proving that discipline and training make a measurable difference.
I am scared π±!
Bruh, who even are you? Talking about credibility with zero facts and/or logic, try again.
You can't reason with "vibes", just hack something that use this framework. Will be way more effective.
That's right! You can't reason through "vibes". Vibes in coding are early signals of deeper architectural flaws, developer friction, or systemic weaknesses. Seasoned engineers know that when something looks off, it often is, even if the exploit hasn't surfaced yet. Ignoring those signals just because they aren't immediately actionable is like ignoring smoke because you don't see fire. Vibes are what often guide us to problems before they become critical.
And yes, if you're about results, just hack something using the framework. That absolutely proves a point. Being a locksmith can make you rich, especially when responsible disclosure gets you ghosted or dismissed. Many vendors deny issues, delay fixes, or offer no reward. So ethically reporting a security vulnerability? Often useless. Meanwhile, those same vulnerabilities can quietly bankroll black-hat folks. It's not legal or recommended, but it works. Proof wins the argument, but vibes start the investigation. Ignore them at your own risk π€.
This kind of conversation is exactly what the ecosystem needs...
π―
Vibe coding works if you're already a software engineer. It makes the development significantly faster. But it can backfire if your fundamental as a software engineer is not strong.
I personally built my project Kattalog with vibe-coding initially. Around 50% of the codes are generated by AI, with with careful code-reviews. I shared the story here:
I Built My 1st AI SaaS, It's Not as Hard as You Think
Syakir γ» May 27
"Vibe coders" should just hack on fun hobby/weekend projects - employers or companies who hire "vibe coders" to work on mission critical projects are out of their mind :)
This comment isn't just peak AI slop, it's the Mount Everest of laziness. You didn't even bother using your brain or AI. Just straight-up
CTRL+C'd someone else's comment (@leob). Inspirational stuff, really. Bravo!