BigAI firm that started the vibe coding craze now warns against it

They unleashed vibe coding madness, and now expect developers to fix the mess, or get tethered to CodeX.

The trend of vibe coding just received a splash of cold water from a BigAI firm.

OpenAI, the firm that started the whole craze, has just issued a strong warning against the growing practice where developers rely on AI to generate code from casual natural language prompts without thorough review or understanding.

The firm’s developer experience team, including Katia Gil Guzman, has highlighted serious security risks associated with vibe coding, especially for enterprise organizations.

Following are what is at stake:

• While vibe coding accelerates software development and lowers barriers to entry, it often produces code riddled with security vulnerabilities such as cross-site scripting, SQL injection, weak authentication, and hardcoded secrets.
• Various studies report that nearly 45% of AI-generated code contains critical security flaws. This pattern is problematic as vibe coders accept AI-produced code without traditional safeguards such as thorough code reviews, static analysis, or dynamic testing, increasing exposure to exploitation.
• Vibe coding also complicates compliance with regulations like the EU’s GDPR due to the unpredictability and lack of oversight in AI-generated code. Insecure dependencies pulled in by AI can add to software supply chain risks, creating long-term liabilities for organizations when code ownership, documentation, and maintainability degrade. Security experts are urging firms to enforce server-side authentication and proxy sensitive API calls to minimize exposures.

For example, a notable security incident involved a critical vulnerability in the vibe coding platform Base44, allowing unauthorized access to private applications before the flaw was quickly fixed. This highlights the urgent need for rigorous security frameworks around AI-driven development platforms.

OpenAI’s latest AI coding system apparently seeks to address these concerns with sandboxed environments, default network restrictions, and embedded security controls meant for enterprise use. In essence, the firm and external security professionals recommend that while vibe coding may continue due to its speed and accessibility, enterprises need to incorporate strict human oversight, code vetting, and structured AI tools to mitigate widespread vulnerabilities and ensure regulatory compliance.