DEV Community

Cover image for πŸ‘¨πŸ»β€πŸ’» Hacking Dioxus: How Vibe Coding Is Destroying Software Engineering

πŸ‘¨πŸ»β€πŸ’» Hacking Dioxus: How Vibe Coding Is Destroying Software Engineering

Mahmoud Harmouch on May 26, 2025

TL;DR If you're hiring vibe coders, think again before it's too late. This post isn't about dissing Dioxus; It's about raising awareness...
Collapse
 
leob profile image
leob

"Vibe coders" should just hack on fun hobby/weekend projects - employers or companies who hire "vibe coders" to work on mission critical projects are out of their mind :)

Collapse
 
wiseai profile image
Mahmoud Harmouch

True, but some companies might outsource their staff and hire the cheapest options available, thinking that when paired with LLMs, they can function as senior professionals. So, always hire based on actual experience.

Collapse
 
leob profile image
leob • Edited

Yeah you get what you pay for :-)

Of course it's fine to use AI, but anyone calling themselves a "web developer" should at least have a solid understanding of how HTTP works, plus HTML/CSS/JS, plus a grasp of security fundamentals ... and that's the bare minimum, the bar should of course be a lot higher than that for more complex projects - otherwise how can our 'vibe coder' possibly know if their "AI" is generating anything that makes sense, or meets minimal quality standards? ;-)

But of course I'm preaching to the converted ;-)

Thread Thread
 
wiseai profile image
Mahmoud Harmouch

Absolutely! AI can help, but it's only as good as the dev using/reviewing it. Without that baseline knowledge, you're just gambling with product reliability and security ;-)

Collapse
 
dotallio profile image
Dotallio

Totally agree security should be the default, not an afterthought. How do you think frameworks could best help newer devs gain the right depth without just locking them out?

Collapse
 
wiseai profile image
Mahmoud Harmouch

Frameworks can help newer developers by providing clear patterns and tools to build real-world projects, while also encouraging them to explore underlying concepts instead of relying solely on abstractions.

In case you're wondering, from my experience in the Rust ecosystem, here's the security tier list:

  1. Leptos
  2. Yew
  3. Dioxus

Leptos is the most type-safe framework I've ever seen/used πŸ—Ώ.

In terms of developer experience:

  1. Dioxus
  2. Yew
  3. Leptos

Dioxus is the most developer friendly framework in the wild, offering a complete set of features, including CLI tooling, SSR, SSG, server functions, and cross-platform support. For ease of use and prototyping, I always start with Dioxus. I really like its features.

Collapse
 
cmacu profile image
Stasi Vladimirov

How do you know that these issues were introduced by AI and even more specifically by vibe coding?

Collapse
 
wiseai profile image
Mahmoud Harmouch

Good question! The rise in security vulnerabilities in deployed applications correlates directly with the mainstream adoption of AI-assisted development, especially what's now called "vibe coding". While correlation doesn't automatically imply causation, the timing and scale of these issues are too aligned to ignore. Before 2022 or so, before AI coding tools became omnipresent, we simply did not see this volume or this type of critical security failures appearing at such a rapid rate across the software ecosystem.

"Vibe coding", rapid, intuition-based development with little to no traditional architecture, review, or testing rigor, is inherently at odds with the foundations of software engineering: precision, responsibility, reliability, and security, as mentioned in this post. Scaling code generation by the hundreds or thousands of lines through AI doesn't scale quality, it scales risk. You can't mass-produce reliability. You can't shortcut deep understanding. AI-generated code still hallucinates, makes assumptions, and often lacks contextual awareness of the larger system architecture or evolving threat models. That introduces attack surface, every single time.

Even the best prompt engineering can't prevent these hallucinations completely. And in security, a single oversight, a misplaced validation, an overly permissive config, a missed auth check, is all it takes. The more you flood the codebase with AI-generated snippets, the more surface area you have to secure, and the more likely it is something slips through.

Let's be clear: software engineering is one of the hardest disciplines to fully automate. If we could reliably, securely automate it end-to-end, it would mean nearly all knowledge work could be automated, and we're just not there yet, no matter what the marketing says. That means we're in a transitional era, where AI can assist, but if used recklessly (as it often is under "vibe coding" culture), it degrades the integrity of the product.

So yeah, AI, and especially the culture of unstructured, rapid AI-assisted coding, is absolutely a driving force behind the rise of insecure applications. And this is exactly the moment to double down on learning cybersecurity, because behind every vibe coded app is a job opportunity waiting to be filled.

Good luck πŸ€!

Collapse
 
cmacu profile image
Stasi Vladimirov

Yep, I guess your AI generated response is a good example, but poor way to demonstrate correlation between the 2. We have decades of examples of engineers producing similar and worse vulnerabilities despite the foundations you mentioned. I personally would take your accusations with caution, especially given your low credibility.

Thread Thread
 
wiseai profile image
Mahmoud Harmouch

your AI generated response

Looks objectively human to me, gg!

broof

but poor way to demonstrate correlation between the 2.

I am still working on a white paper to demonstrate the correlation between the 2. Expected release: this summer, unless it escapes first.

We have decades of examples of engineers producing similar and worse vulnerabilities despite the foundations you mentioned.

But, decades of vulnerabilities reflect systemic issues, not the work of well-trained engineers who follow secure design principles since day 0. When precise engineering practices are applied, critical flaws are rare, proving that discipline and training make a measurable difference.

I personally would take your accusations with caution,

I am scared 😱!

especially given your low credibility.

Bruh, who even are you? Talking about credibility with zero facts and/or logic, try again.

Collapse
 
asmyshlyaev177 profile image
Alex

You can't reason with "vibes", just hack something that use this framework. Will be way more effective.

Collapse
 
wiseai profile image
Mahmoud Harmouch

That's right! You can't reason through "vibes". Vibes in coding are early signals of deeper architectural flaws, developer friction, or systemic weaknesses. Seasoned engineers know that when something looks off, it often is, even if the exploit hasn't surfaced yet. Ignoring those signals just because they aren't immediately actionable is like ignoring smoke because you don't see fire. Vibes are what often guide us to problems before they become critical.

And yes, if you're about results, just hack something using the framework. That absolutely proves a point. Being a locksmith can make you rich, especially when responsible disclosure gets you ghosted or dismissed. Many vendors deny issues, delay fixes, or offer no reward. So ethically reporting a security vulnerability? Often useless. Meanwhile, those same vulnerabilities can quietly bankroll black-hat folks. It's not legal or recommended, but it works. Proof wins the argument, but vibes start the investigation. Ignore them at your own risk 🀞.

Collapse
 
parag_nandy_roy profile image
Parag Nandy Roy

This kind of conversation is exactly what the ecosystem needs...

Collapse
 
wiseai profile image
Mahmoud Harmouch

πŸ’―

Collapse
 
syakirurahman profile image
Syakir

Vibe coding works if you're already a software engineer. It makes the development significantly faster. But it can backfire if your fundamental as a software engineer is not strong.

I personally built my project Kattalog with vibe-coding initially. Around 50% of the codes are generated by AI, with with careful code-reviews. I shared the story here:

Collapse
 
epubreader profile image
Mason Yang

"Vibe coders" should just hack on fun hobby/weekend projects - employers or companies who hire "vibe coders" to work on mission critical projects are out of their mind :)

Collapse
 
wiseai profile image
Mahmoud Harmouch

This comment isn't just peak AI slop, it's the Mount Everest of laziness. You didn't even bother using your brain or AI. Just straight-up CTRL+C'd someone else's comment (@leob). Inspirational stuff, really. Bravo!

Image