I was doing vibe coding and saw AI generated this code.
Notice anything?
Notice anything? 👉 It hardcodes a fallback JWT secret (‘supersecretjwtkey’) right in the code.
It is a typical example of vibe coding output.
If you push this code straight to production without reading it, you’re basically planting a time bomb in your system.
💡 One way to avoid this is to instruct your AI coding assistant upfront with rules based on best practices. For example, in this case:
“Never use hardcoded secrets. Always load them securely from environment variables.”
By giving your AI secure coding guidelines as rules, you reduce the chance of these mistakes slipping through.
Generative AI can accelerate us, but blind trust can sink us. ⚡️
Always: ✅ Set clear coding instructions for your AI ✅ Review the code for security pitfalls ✅ Replace placeholders with proper environment variables
What are the rules you give your AI coding assistant to keep your code safe and clean?
#vibecoding #security #vibecode
Enjoyed this? Subscribe for more.
Practical insights on AI, growth, and independent learning. No spam.
More in Vibe Coding
Claude Code is for software developers, and OpenClaw is more for business users.
A learner said this to another learner during a recent workshop. I think this is the most common and most dangerous misconception about these two tools.
How To Create Agent Skill To Write LinkedIn Posts That Sound Like You
Most people are surprised when I tell them I use AI to write all of my LinkedIn posts.
Has Cursor Gotten Worse Over the Last 4 Months?
When I first started using Cursor, I was blown away. With a single prompt, it generated clean, multi-file codes that mirrored exactly how I would have writte...
Most people design AI agent systems wrong. They put AI agents inside the security boundary instead of outside. This exposes their system to prompt injection.
--
What Publishers Think About AI Image Generation
I couldn’t find the original source of the meme—happy to credit the author if anyone knows the source.
I finally concede that AI is smarter than me.
For 2 years, I held onto reasons like “AI can't solve my kid's homework” or “It can't play tic-tac-toe” to believe I was still smarter.
Claude Code is for software developers, and OpenClaw is more for business users.
A learner said this to another learner during a recent workshop. I think this is the most common and most dangerous misconception about these two tools.
Has Cursor Gotten Worse Over the Last 4 Months?
When I first started using Cursor, I was blown away. With a single prompt, it generated clean, multi-file codes that mirrored exactly how I would have writte...
What Publishers Think About AI Image Generation
I couldn’t find the original source of the meme—happy to credit the author if anyone knows the source.
How To Create Agent Skill To Write LinkedIn Posts That Sound Like You
Most people are surprised when I tell them I use AI to write all of my LinkedIn posts.
Most people design AI agent systems wrong. They put AI agents inside the security boundary instead of outside. This exposes their system to prompt injection.
--
I finally concede that AI is smarter than me.
For 2 years, I held onto reasons like “AI can't solve my kid's homework” or “It can't play tic-tac-toe” to believe I was still smarter.