I was doing vibe coding and saw AI generated this code.
Notice anything?
Notice anything? 👉 It hardcodes a fallback JWT secret (‘supersecretjwtkey’) right in the code.
It is a typical example of vibe coding output.
If you push this code straight to production without reading it, you’re basically planting a time bomb in your system.
💡 One way to avoid this is to instruct your AI coding assistant upfront with rules based on best practices. For example, in this case:
“Never use hardcoded secrets. Always load them securely from environment variables.”
By giving your AI secure coding guidelines as rules, you reduce the chance of these mistakes slipping through.
Generative AI can accelerate us, but blind trust can sink us. ⚡️
Always: ✅ Set clear coding instructions for your AI ✅ Review the code for security pitfalls ✅ Replace placeholders with proper environment variables
What are the rules you give your AI coding assistant to keep your code safe and clean?
#vibecoding #security #vibecode
Enjoyed this? Subscribe for more.
Practical insights on AI, growth, and independent learning. No spam.
More in Vibe Coding
Don't believe the BS that you can use Claude Code for free.
Ollama recently made their API compatible with Claude Code. Many creators quickly jumped on the opportunity to farm engagement with the hook: "You can now u...
Hot Take: Vibe Coding Won't Replace Software Engineers
Here, I share my journey from a strong believer to a skeptic.
"My Claude Code performance has tanked and I'm not sure why"
This is one of the most common posts in Reddit's Claude Code community.
Claude Code can code nice UI. But nice UI doesn't mean good UI.
Manual UI testing is becoming one of my biggest bottlenecks when coding with AI now.
Am I the only one feeling uneasy building AI agents with OpenCrawl after testing it for a while?
I've been building AI agents before OpenClaw, and building skills using Claude Code for a while. It's powerful. When I learned about OpenClaw, I knew exactly...
Your OpenClaw Agent Is One Message Away from Getting Hacked
I gave a talk yesterday on OpenClaw security, at the largest OpenClaw event at Amazon Web Services (AWS), with 400 audience, organized by OpenClaw Singapore....
Don't believe the BS that you can use Claude Code for free.
Ollama recently made their API compatible with Claude Code. Many creators quickly jumped on the opportunity to farm engagement with the hook: "You can now u...
Claude Code can code nice UI. But nice UI doesn't mean good UI.
Manual UI testing is becoming one of my biggest bottlenecks when coding with AI now.
Your OpenClaw Agent Is One Message Away from Getting Hacked
I gave a talk yesterday on OpenClaw security, at the largest OpenClaw event at Amazon Web Services (AWS), with 400 audience, organized by OpenClaw Singapore....
Hot Take: Vibe Coding Won't Replace Software Engineers
Here, I share my journey from a strong believer to a skeptic.
"My Claude Code performance has tanked and I'm not sure why"
This is one of the most common posts in Reddit's Claude Code community.
Am I the only one feeling uneasy building AI agents with OpenCrawl after testing it for a while?
I've been building AI agents before OpenClaw, and building skills using Claude Code for a while. It's powerful. When I learned about OpenClaw, I knew exactly...