Vibe-Coding Without Security Review

also known as Agent-Scaffolded Code Without Audit, Copilot-Authored Agent Deployed

Anti-pattern: developer scaffolds an agent prototype with a code-generation tool and ships the generated code with no security review; ~90% of agent-generated code contains vulnerabilities without explicit security prompts.

Context

An internal developer uses Copilot, Cursor, or Claude to scaffold a new agent prototype (HTTP wrapper, tool clients, config loading). The output works. The developer commits and deploys without reading line-by-line and without a security review.

Problem

Generated code routinely contains hardcoded API keys, missing input validation, world-readable file modes, unsanitized SQL, secrets in logs, and missing authentication on internal endpoints. Studies cited in the t3n German press piece put the vulnerability rate near 90% without explicit security prompts. 'It worked' becomes the entire QA. Differs from existing agent-generated-code-rce (which is the runtime attack surface); this is the *shipping* anti-pattern.

Forces

Generated code is 'plausible looking' which substitutes for review.
Agent-scaffolded prototypes feel like throwaways but get shipped.
Security review is treated as a separate workflow not triggered by scaffolded code.

Example

A developer asks Copilot to scaffold an agent endpoint. The output hardcodes the OpenAI key in source, has no auth on the /agent/run route, and logs full request bodies including PII. The developer reviews the test passes and merges. The repo is mirrored to a public GitHub for backup. The key is exfiltrated within 4 hours.

Diagram

flowchart TD Dev[Developer prompts coding tool] --> Gen[Code generated] Gen --> Plausible[Looks plausible, tests pass] Plausible --> Commit[Commit + deploy] Commit --> Vuln[~90% contain vulnerabilities] Vuln --> Exploit[Secrets leaked, injection, auth bypass] classDef bad fill:#fee,stroke:#c33; class Plausible,Commit,Vuln,Exploit bad;

Solution

Therefore:

Treat coding-tool-generated code as untrusted contribution requiring full review. Run static analysis (Semgrep, CodeQL) on all generated code before commit. Require secrets scanning, SQL-injection scanning, and dependency vetting. Prefer security-aware prompting (provide hardening rules in the prompt) but never substitute it for review. Pair with agent-generated-code-rce awareness.

What this pattern forbids. No useful constraint; the missing constraint is mandatory security review of coding-tool-scaffolded code.

And the patterns that stand alongside it, or against it —

complementsAgent-Generated Code RCE✕— Anti-pattern: let the agent author and execute code in its sandbox without distinguishing legitimate task code from injection-induced code.
complementsAgentic Supply Chain Compromise✕— Anti-pattern: compose agent capabilities at runtime from third-party tools, RAG sources, model providers, plugin marketplaces, and tool definitions, with no integrity check on what loaded.
complementsSecrets Handling★— Ensure the model never receives secrets in plaintext; tools resolve credentials from references at runtime.
complementsCode Execution★★— Let the model emit code, run it in a sandbox, and treat the run as the answer instead of trusting the model to compute in its head.
complementsShadow AI✕— Anti-pattern: leave the corporate the model offering so restrictive, slow, or narrow that employees bypass it with personal accounts and unapproved agent tools, creating data leakage and ungoverned tool calls that security cannot see.

Neighbourhood

Click any neighbour to follow the language. Scroll to zoom, drag to pan.

References

KI-Agenten scheitern nicht am Modell
blog

Provenance

Source: patterns/vibe-coding-without-security-review.md on GitHub · commit 0f962e5 · view history
Added to catalog: 2026-05-23
Last updated: 2026-05-23
Contribute: open an issue or PR at github.com/agentpatternscatalog/patterns.