Development PracticesLunch Talk15min
Vibe Coding: 5 Minutes to Ship, 5 Seconds to Get Hacked
The talk exposes security risks in AI-generated code—nearly half contains vulnerabilities—and introduces “vibe coding,” where developers rely on AI to ship fast but dangerously. Through real exploits, new attack types, and common flaws, it offers a five-step checklist and practical methods to adopt AI coding tools safely and responsibly.
Abdelkrim BellagnechENSIBS
41% of code is now AI-generated. 85% of developers use AI coding assistants. But here's the stat nobody talks about: 45% of AI-generated code contains security vulnerabilities.
Welcome to the era of "Vibe Coding" — Collins Dictionary's 2025 Word of the Year. We describe what we want, AI generates the code, and we ship. Fast. Intuitive. Dangerous.
In this talk, I'll show you:
- Real CVEs from 2025: How Cursor, Claude Code, and Replit got exploited
- "Slopsquatting": The new supply chain attack exploiting AI hallucinated packages (205,000 fake package names discovered!)
- The 3 most common vulnerabilities in vibe-coded apps: hardcoded secrets, missing input validation, client-side auth
- A 5-point security checklist you can apply TODAY before shipping AI-generated code
This isn't about stopping AI adoption — it's about doing it safely. Whether you're a junior dev discovering AI tools or a senior engineer reviewing AI-generated PRs, you'll leave with practical techniques to vibe code without getting pwned.
No fear-mongering. Just facts, demos, and actionable fixes.
Welcome to the era of "Vibe Coding" — Collins Dictionary's 2025 Word of the Year. We describe what we want, AI generates the code, and we ship. Fast. Intuitive. Dangerous.
In this talk, I'll show you:
- Real CVEs from 2025: How Cursor, Claude Code, and Replit got exploited
- "Slopsquatting": The new supply chain attack exploiting AI hallucinated packages (205,000 fake package names discovered!)
- The 3 most common vulnerabilities in vibe-coded apps: hardcoded secrets, missing input validation, client-side auth
- A 5-point security checklist you can apply TODAY before shipping AI-generated code
This isn't about stopping AI adoption — it's about doing it safely. Whether you're a junior dev discovering AI tools or a senior engineer reviewing AI-generated PRs, you'll leave with practical techniques to vibe code without getting pwned.
No fear-mongering. Just facts, demos, and actionable fixes.
Abdelkrim Bellagnech
I build things that don't break—and when they do, I make sure they break securely.
Four years ago in Morocco, I was debugging a simple e-commerce site when I discovered my first SQL injection vulnerability. That 'oh no' moment sparked an obsession: how do we create systems that are both powerful and impenetrable?
Now, as a 21 years old Double Degree Cybersecurity Engineering student bridging ENSET Morocco and ENSIBS France, I've turned that obsession into expertise.
Four years ago in Morocco, I was debugging a simple e-commerce site when I discovered my first SQL injection vulnerability. That 'oh no' moment sparked an obsession: how do we create systems that are both powerful and impenetrable?
Now, as a 21 years old Double Degree Cybersecurity Engineering student bridging ENSET Morocco and ENSIBS France, I've turned that obsession into expertise.
comments.speakerNotEnabledComments