I was doing vibe coding and saw AI generated this code.
Notice anything?
Notice anything? 👉 It hardcodes a fallback JWT secret (‘supersecretjwtkey’) right in the code.
It is a typical example of vibe coding output.
If you push this code straight to production without reading it, you’re basically planting a time bomb in your system.
💡 One way to avoid this is to instruct your AI coding assistant upfront with rules based on best practices. For example, in this case:
“Never use hardcoded secrets. Always load them securely from environment variables.”
By giving your AI secure coding guidelines as rules, you reduce the chance of these mistakes slipping through.
Generative AI can accelerate us, but blind trust can sink us. ⚡️
Always: ✅ Set clear coding instructions for your AI ✅ Review the code for security pitfalls ✅ Replace placeholders with proper environment variables
What are the rules you give your AI coding assistant to keep your code safe and clean?
#vibecoding #security #vibecode
Enjoyed this? Subscribe for more.
Practical insights on AI, growth, and independent learning. No spam.
More in Vibe Coding
3 months ago, a few friends (including Wan Wei, Soh) asked me to run an AI workshop.
The only tool I use is Claude Code. It covers 99% of my AI needs. If I were to conduct any AI workshop, I would be teaching Claude Code.
Can AI really write production-quality code?
Here's a chance to peek how it is used in an actual project.
What Publishers Think About AI Image Generation
I couldn’t find the original source of the meme—happy to credit the author if anyone knows the source.
I finally went down the rabbit hole.
After resisting for months, I subscribed to Claude Max 20x.
I caught Cursor trying to be lazy.
The AI agent couldn’t solve the typing error, so it cast the variable to 'any' to suppress the error, just like a sloppy software engineer would.
💡 Little-known hack to get the most out of Cursor for FREE
If you're using Cursor on the free plan, you will eventually hit the dreaded "servers overload" screen.
3 months ago, a few friends (including Wan Wei, Soh) asked me to run an AI workshop.
The only tool I use is Claude Code. It covers 99% of my AI needs. If I were to conduct any AI workshop, I would be teaching Claude Code.
I finally went down the rabbit hole.
After resisting for months, I subscribed to Claude Max 20x.
I caught Cursor trying to be lazy.
The AI agent couldn’t solve the typing error, so it cast the variable to 'any' to suppress the error, just like a sloppy software engineer would.
Can AI really write production-quality code?
Here's a chance to peek how it is used in an actual project.
What Publishers Think About AI Image Generation
I couldn’t find the original source of the meme—happy to credit the author if anyone knows the source.
💡 Little-known hack to get the most out of Cursor for FREE
If you're using Cursor on the free plan, you will eventually hit the dreaded "servers overload" screen.