I was doing vibe coding and saw AI generated this code.
Notice anything?
Notice anything? 👉 It hardcodes a fallback JWT secret (‘supersecretjwtkey’) right in the code.
It is a typical example of vibe coding output.
If you push this code straight to production without reading it, you’re basically planting a time bomb in your system.
💡 One way to avoid this is to instruct your AI coding assistant upfront with rules based on best practices. For example, in this case:
“Never use hardcoded secrets. Always load them securely from environment variables.”
By giving your AI secure coding guidelines as rules, you reduce the chance of these mistakes slipping through.
Generative AI can accelerate us, but blind trust can sink us. ⚡️
Always: ✅ Set clear coding instructions for your AI ✅ Review the code for security pitfalls ✅ Replace placeholders with proper environment variables
What are the rules you give your AI coding assistant to keep your code safe and clean?
#vibecoding #security #vibecode
Enjoyed this? Subscribe for more.
Practical insights on AI, growth, and independent learning. No spam.
More in Vibe Coding
What Is an API Key? What Is an Access Token? And Why Setting Up Claude Code Takes So Many Steps
There is also a question of why we don't need the Anthropic API keys. So what is the Claude Console for, and when would we ever need it?
**GenAI Pitfalls**
ChatGPT has recently encountered various outages. These outages took down our AI services and disrupted business operations, both for us and our clients.
We were promised autonomous AI agents. But got Workflow Automation 2.0 instead.
2025: The Year of AI Agents 😄
What Publishers Think About AI Image Generation
I couldn’t find the original source of the meme—happy to credit the author if anyone knows the source.
Vibe coding without reviewing the code is like riding an autonomous vehicle without safety features.
Sure, it’ll probably get you to the neighborhood shop most of the time, with the occasional bump into a neighbor’s bushes.
"Guys, I’m under attack"
I came across this post where a founder shared how his SaaS got exploited right after he started sharing how he built his SaaS using Cursor.
What Is an API Key? What Is an Access Token? And Why Setting Up Claude Code Takes So Many Steps
There is also a question of why we don't need the Anthropic API keys. So what is the Claude Console for, and when would we ever need it?
We were promised autonomous AI agents. But got Workflow Automation 2.0 instead.
2025: The Year of AI Agents 😄
Vibe coding without reviewing the code is like riding an autonomous vehicle without safety features.
Sure, it’ll probably get you to the neighborhood shop most of the time, with the occasional bump into a neighbor’s bushes.
**GenAI Pitfalls**
ChatGPT has recently encountered various outages. These outages took down our AI services and disrupted business operations, both for us and our clients.
What Publishers Think About AI Image Generation
I couldn’t find the original source of the meme—happy to credit the author if anyone knows the source.
"Guys, I’m under attack"
I came across this post where a founder shared how his SaaS got exploited right after he started sharing how he built his SaaS using Cursor.