I was doing vibe coding and saw AI generated this code.
Notice anything?
Notice anything? 👉 It hardcodes a fallback JWT secret (‘supersecretjwtkey’) right in the code.
It is a typical example of vibe coding output.
If you push this code straight to production without reading it, you’re basically planting a time bomb in your system.
💡 One way to avoid this is to instruct your AI coding assistant upfront with rules based on best practices. For example, in this case:
“Never use hardcoded secrets. Always load them securely from environment variables.”
By giving your AI secure coding guidelines as rules, you reduce the chance of these mistakes slipping through.
Generative AI can accelerate us, but blind trust can sink us. ⚡️
Always: ✅ Set clear coding instructions for your AI ✅ Review the code for security pitfalls ✅ Replace placeholders with proper environment variables
What are the rules you give your AI coding assistant to keep your code safe and clean?
#vibecoding #security #vibecode
Enjoyed this? Subscribe for more.
Practical insights on AI, growth, and independent learning. No spam.
More in Vibe Coding
I finally went down the rabbit hole.
After resisting for months, I subscribed to Claude Max 20x.
AI Coding Assistants Have a Security Blind Spot
A few months ago, I wrote about a non-technical founder whose SaaS got exploited right after he publicly showed his build process using Cursor (https://lnkd....
Your OpenClaw Agent Is One Message Away from Getting Hacked
I gave a talk yesterday on OpenClaw security, at the largest OpenClaw event at Amazon Web Services (AWS), with 400 audience, organized by OpenClaw Singapore....
When AI Hallucination Becomes A Security Feature.
Two months ago, something unexpected happened with our AI Lead Response agent.
Claude Code can code nice UI. But nice UI doesn't mean good UI.
Manual UI testing is becoming one of my biggest bottlenecks when coding with AI now.
Has Cursor Gotten Worse Over the Last 4 Months?
When I first started using Cursor, I was blown away. With a single prompt, it generated clean, multi-file codes that mirrored exactly how I would have writte...
I finally went down the rabbit hole.
After resisting for months, I subscribed to Claude Max 20x.
Your OpenClaw Agent Is One Message Away from Getting Hacked
I gave a talk yesterday on OpenClaw security, at the largest OpenClaw event at Amazon Web Services (AWS), with 400 audience, organized by OpenClaw Singapore....
Claude Code can code nice UI. But nice UI doesn't mean good UI.
Manual UI testing is becoming one of my biggest bottlenecks when coding with AI now.
AI Coding Assistants Have a Security Blind Spot
A few months ago, I wrote about a non-technical founder whose SaaS got exploited right after he publicly showed his build process using Cursor (https://lnkd....
When AI Hallucination Becomes A Security Feature.
Two months ago, something unexpected happened with our AI Lead Response agent.
Has Cursor Gotten Worse Over the Last 4 Months?
When I first started using Cursor, I was blown away. With a single prompt, it generated clean, multi-file codes that mirrored exactly how I would have writte...