AI can write code in minutes. Can it keep it secure?

AI-driven vibe coding accelerates software development significantly. This rapid pace often bypasses traditional security and review processes. Security debt accumulates through small, speed-driven decisions made without scrutiny. Organizations mu...

BCCL
As AI-powered "vibe coding" accelerates software development, organisations must embed security into development workflows to prevent speed from outpacing accountability and creating costly cyber risks.
At the crux of vibe coding - an intent-driven software development approach where you use natural language to describe what you want, and an AI handles the generation, testing and updating of the code - lies speed. Describe it, build it, ship it.

The tech industry has embraced it with open arms. Developers are writing entire applications with a few lines of instruction. Non-coders are spinning up functional tools without understanding a line of syntax. Founders are compressing months of product development into days. The barrier to building software has never been lower. This is transformative.

But every revolution carries a shadow. Vibe coding is outpacing frameworks designed to keep it safe. This risk is quietly building across organisations and accumulating in gaps between speed and scrutiny. Traditional software development was methodical by design. Code was written, reviewed, challenged and tested before it reached end users. Every stage was a deliberate checkpoint to ensure it was built responsibly.


Vibe coding compresses - and, in many cases, eliminates - that deliberation. When a team's primary benchmark becomes functionality, hard questions around security crop up. Does it run and behave as expected? Can it ship, with structural integrity taking the backseat? The result is not failure of intent but of process. Guard rails haven't been removed. They've just not kept pace with the speed at which code is now being produced.

What makes AI-generated code consequential is how much it brings along silently. A prompt for something as routine as a login feature, or data processing module, can result in code that carries third-party dependencies the team never consciously selected, default configurations suited for a test environment but dangerously permissive in production, and logic built for ideal user behaviour that falls apart when users behave otherwise.

No single element appears alarming in isolation. Each decision looks reasonable under pressure. This is precisely how security debt accumulates - through a series of small, well-intentioned choices made in the interest of speed. By the time the problem surfaces, it's always more costly to fix than it would have been to prevent.
ADVERTISEMENT

Among the least-discussed consequences of AI-generated development is what it does to ownership. When a developer writes every line of code, accountability is traceable. When that code is generated by AI, reviewed briefly and deployed at pace, responsibility recedes and diffuses. The individual who submitted the prompt, the team lead who it signed off, the automated system that produced the output - none of them fully owns what was built. Organisations that can't answer who's responsible for what they have shipped will always struggle to respond decisively when something breaks.

Vibe coding does not dismantle the existing security frameworks. It overwhelms them. Review processes, approval workflows and security checks were designed for a specific volume of output at a specific pace. AI has changed all the variables significantly. The infrastructure governing software quality was never built to evaluate what AI can now generate, and the gap between production speed and review capacity continues to widen.

Slowing the adoption of AI-assisted development is neither practical nor strategic. Efficiency gains are real, as is competitive pressure to move quickly. Resistance is not the response. Adaptation is. Issues need to be caught early.

An alert raised after deployment is far less valuable than a signal surfaced during development. Guard rails must be automatic. Security cannot depend on every developer remembering every rule while prompting at speed. This is where platforms, not point tools, become important. When code security is integrated into the same place teams already manage risk and tied directly into CI/CD (continuous integration/continuous deployment) workflows, it becomes part of how software is built.
ADVERTISEMENT

Critically, controls put in place must fit naturally into existing workflows. Security that creates friction gets bypassed. But the one that fits the flow gets adopted. The risk was never AI writing code. It's organisations deploying code that no one had the opportunity or the framework to secure properly. To win in this era is to build fast and fortify your fences at the same pace.

The writer is country manager, India and SAARC, TrendAI
ADVERTISEMENT
(Disclaimer: The opinions expressed in this column are that of the writer. The facts and opinions expressed here do not reflect the views of www.economictimes.com.)
Download
The Economic Times Business News App
for the Latest News in Business, Sensex, Stock Market Updates & More.
READ MORE
ADVERTISEMENT

READ MORE:

LOGIN & CLAIM

50 TIMESPOINTS

More from our Partners

Loading next story
Business News › Opinion › ET Commentary › AI can write code in minutes. Can it keep it secure?
Text Size:AAA
Success
This article has been saved

*

+