Vibe Coding Is Shipping. AI Is Finding Zero-Days. Your App Is in the Middle.
Vibe Coding Is Shipping. AI Is Finding Zero-Days. Your App Is in the Middle.
Most developers think vibe coding is just a productivity hack.
It's not. It's a fundamental shift in who can ship production software — and it arrived at the exact moment AI became capable of systematically uncovering vulnerabilities across every major OS and browser, with minimal human guidance.
Those two things together are the problem.
The Gap Shifted Again
In March I wrote about AI's Cyberpunk moment — the point where model capability leapt past hardware, and the industry scrambled to close the gap with compression and efficiency research.
The gap has flipped again. Same pattern. Different layer.
This time it's not silicon vs. model weights. It's security knowledge vs. the speed at which people are now shipping software.
And unlike the hardware gap — which engineers could close with better algorithms — this one lives inside a person's head.
What Glasswing Actually Confirmed
On April 8, 2026, Anthropic published Project Glasswing — a cross-industry security initiative built around a new model called Claude Mythos Preview.
The findings are not abstract.
Mythos assisted in discovering a 27-year-old vulnerability in OpenBSD — one of the most security-hardened operating systems ever built. It surfaced a 16-year-old flaw in FFmpeg, in a single line of code that automated tools had passed over millions of times. It chained multiple Linux kernel vulnerabilities together to escalate from ordinary user access to full machine control.
Thousands of zero-days. Every major OS. Every major browser.
All responsibly disclosed. All now patched.
The uncomfortable read: Anthropic found them first.
The more uncomfortable read: the capability that found them is not exclusive to Anthropic. Similar model classes will proliferate. Attackers running the same capability won't file responsible disclosures.
The Root Cause: Two Curves, No Intersection
Two things have been accelerating in parallel since 2020.
Curve 1: Cost of finding and exploiting software vulnerabilities — falling fast.
Pre-2020, finding a zero-day in a hardened codebase required deep expertise, weeks of manual review, and expensive tooling. Today, a frontier model with scaffolding can systematically scan codebases and surface exploitable patterns at speed. The expertise floor dropped. The speed ceiling rose.
Curve 2: Number of people shipping production software — rising fast.
AI coding tools have removed the learning curve from building. Anyone can ship a working app. Database, auth, payments, API — the model handles all of it. The barrier to production is now almost zero.
These two curves haven't intersected. There is no third curve for "security knowledge in the people building."
What Vibe-Coded Apps Actually Look Like in Production
This is not hypothetical. Here is what gets shipped regularly:
User input → database query (unsanitized)
JWT tokens that never expire
.env files committed to public repos
AWS keys scoped to full admin access
No rate limiting on authentication endpoints
Third-party packages never auditedThe AI wrote it. It works. It passes the demo. It handles the happy path.
What it doesn't do — unless someone knew to ask — is defend against anything outside the happy path.
The model produces what it was asked to produce. Security is not a feature request. It doesn't appear in the output unless someone who understands the attack surface asks for it explicitly.
Most vibe coders don't know what they don't know. That's not a failure — it's the nature of a tool that removed the learning curve. You can't learn what auth edge cases look like if the AI handles auth and you never see a case where it's wrong.
But here's the part that gets missed: this isn't just a non-engineer problem.
Experienced engineers are doing it too. AI compresses feedback loops and hides complexity. When a senior developer uses Claude to scaffold an auth system and it works on the first test, the feedback signal says "done." There's no forcing function that says "you haven't thought about credential stuffing yet." Speed removes the friction where security knowledge used to get inserted.
Why India Is the Sharpest Version of This Problem
This problem exists globally. There's a harder version of it here.
Indian startup culture runs on speed. Ship fast. Validate faster. Raise if it works. Security is a Phase 2 problem. Compliance is what you deal with after you have users.
That worked when the cost of attacking a small startup was high. A skilled attacker had to manually audit your code, understand your architecture, craft an exploit by hand. Early-stage products weren't worth the investment.
That cost has dropped significantly.
A model with the right scaffolding can scan a production codebase, identify exploitable paths, and begin extraction before a human attacker would have finished reading the README. The ROI calculation for attackers has changed. Volume attacks against soft targets — small fintech, healthtech, edtech — are worth running now.
India is now among the most targeted countries for cyberattacks globally, and cyberattack volumes on both public and private sector infrastructure have grown sharply over the past five years, according to CERT-In annual reports. The private sector implications are significant, but the deeper structural problem sits one layer up.
The Government Portal Problem
Here is the part that doesn't get enough attention: the institution setting the standard for digital India is also the one most consistently failing at security.
In 2023, a large dataset containing Aadhaar numbers, passport details, and personal information on hundreds of millions of Indians was reported for sale on dark web forums, traced to the ICMR COVID-19 testing database. CERT-In had previously flagged thousands of attempted breaches on ICMR infrastructure and requested remedial action. The warnings weren't acted on.
That same year, data from the CoWIN vaccination portal — including Aadhaar numbers, PAN cards, and passport details — was reportedly accessible via a Telegram bot querying what appeared to be a leaked dataset. The government's initial public response was that the portal was secure.
Multiple state e-governance portals have been found running without basic HTTPS encryption — not a misconfiguration, a structural absence.
The pattern is not bad luck. It is structural.
India's government built Digital Public Infrastructure — UPI, Aadhaar, DigiLocker, CoWIN — at remarkable speed and scale. The infrastructure works. The security layer beneath it has been consistently treated as a secondary concern.
And here is the detail that matters most: the Digital Personal Data Protection Act of 2023, India's first comprehensive data protection law, explicitly exempts government agencies from its provisions in the interest of national security.
The government passed a data protection law and exempted itself from it.
This is not a startup skipping security to ship fast. This is the institution responsible for 1.4 billion people's digital identity treating security as optional at the policy level — and it has the breach record to show for it.
The private sector looks up at that and calibrates accordingly.
The User Side Is Just as Exposed
The attack surface is not just the software. It's the people using it.
A significant portion of Indian internet users reuse passwords across services. Two-factor authentication adoption remains low compared to digital usage rates. In 2024, AI-generated phishing campaigns targeted Indian banks and fintech platforms at scale — voice-cloned officials, deepfaked videos, hyper-personalized emails that bypassed standard spam filters.
New internet users — growing every year — are statistically the most vulnerable cohort. Most have no mental model of what a compromised account means in practice. They received an OTP once and considered that security.
A vibe-coded fintech app built by a developer who doesn't understand SSRF, used by people who reuse their banking password, sitting on infrastructure where the government itself treats breach reporting as a compliance checkbox — that is the actual threat model for a significant portion of India's digital economy right now.
The Trust Model Problem (Same Shape, Different Layer)
The Cisco post was about a failure of the trust model — the assumption that tools doing security work are themselves secure. Trivy was trusted. Trivy was the attack vector.
Vibe coding has the same structural failure in reverse.
The AI is trusted. The AI produces functional, readable, well-commented code. The code does what it says it does. And it silently skips everything it wasn't asked about.
Asked: "Build me a login system"
Delivered: Login system that works
Not delivered:
- Brute-force protection
- Account lockout after N attempts
- Secure session handling
- Token rotation
- Credential stuffing defense
- Suspicious login alerting
Nobody lied. Nobody made a mistake. The model did exactly what was asked.
The attack surface is everything the question didn't cover.
The Second-Order Effect Nobody Is Talking About
The focus so far has been on attackers getting more capable. That's true. But there's a second problem forming underneath it.
Defenders are becoming dependent on AI too.
When engineers stop reasoning about systems manually — because the AI does it faster — something quiet happens: the ability to reason about systems without AI starts to decay. Security reviews become "ask the model and check the output." Debugging becomes impossible without model assistance. Anomalies go unnoticed because nobody is reading the logs that used to get read manually.
This creates an AI-vs-AI security loop. Attackers use models to find vulnerabilities. Defenders use models to catch them. The humans in the middle lose the ability to understand what's actually happening.
When the model is wrong — and it will be wrong — there's nobody left who can tell.
This is the next failure mode. It's not here yet at scale, but the conditions for it are being built right now, every time an engineer stops reading the code the AI wrote and starts trusting the output instead.
What Glasswing Doesn't Solve
Project Glasswing is a meaningful effort. $100M in model credits for defenders. Linux Foundation involvement. Access for open-source maintainers who've historically been left to figure out security alone.
But the math is still uncomfortable.
Glasswing gives Mythos-class defensive capability to AWS, Microsoft, Google, Cisco, CrowdStrike. Companies with dedicated security teams. Companies that already knew what questions to ask.
It does not cover:
- The solo developer in Pune who shipped a SaaS last weekend
- The founding team in Bangalore running on a single EC2 instance with a hardcoded Razorpay key
- The healthtech startup storing patient data in an unencrypted RDS instance because the AI didn't mention encryption
Defenders got access first. That window will close.
The Minimum Bar Has Changed
Before 2020, shipping software required learning enough to understand what you were building. Security knowledge came embedded in that learning curve.
Vibe coding removed the learning curve. Security knowledge did not come with it.
The result is a generation of production applications built by people who have never thought about:
- What happens when an attacker controls the input
- How a JWT can be forged if the secret is weak or the algorithm is
none
- Why an S3 bucket set to public is a different problem than a public GitHub repo
- What rate limiting actually prevents
- What "assume breach" means as a design posture
| Was Required | Now Optional (by accident) |
|---|---|
| Understand the language | Still optional via AI |
| Understand the framework | Still optional via AI |
| Understand auth flows | No longer enforced |
| Understand input validation | No longer enforced |
| Understand secret management | No longer enforced |
| Understand rate limiting | No longer enforced |
| Understand blast radius | No longer enforced |
None of these require a security certification. OWASP Top 10 is ten categories. Least-privilege access is a concept, not a specialization. Secret rotation is a habit, not a skill.
The problem is not that vibe coders can't learn this. The problem is that nothing in the current workflow tells them they need to.
Key Takeaways
- AI can now systematically assist in finding zero-day vulnerabilities across every major OS and browser — with scaffolding and human framing, but at speeds and scales that weren't possible before
- Vibe coding has created a generation of production apps built without security knowledge — not because of negligence, but because the tool removed the forcing function
- This isn't just a non-engineer problem — experienced engineers using AI are also skipping security because compressed feedback loops hide the gaps
- The Indian market is the sharpest version: speed-first culture, enormous digital surface area, government infrastructure that exempts itself from its own data protection law
- The trust model failure is structural — the AI produces what it was asked; security requires asking the right questions
- The second-order effect is forming: as defenders become dependent on AI, humans are losing the ability to reason about systems manually — creating an AI-vs-AI loop with no fallback
- Glasswing helps large defenders; it does not help the solo developer shipping real user data this weekend
What to Actually Do
If you've shipped with AI assistance and haven't thought about security:
1. Threat model your system.
Before auditing code, map what you're protecting. What data do you hold? Who shouldn't have access? What's the blast radius if auth breaks? The AI will help you do this — but you have to ask.
2. Assume breach, design for containment.
Stop designing for the happy path and start designing for "what happens when this is compromised?" Separate concerns. Limit what each service can access. Log anomalous behavior.
3. Audit your inputs — all of them.
Every user-controlled value that touches a database, filesystem, or external API is a potential attack surface. Sanitize, validate, and parameterize.
4. Rotate and scope your secrets.
Treat every key and token currently in your codebase as potentially exposed. Generate new ones. Scope them to exactly what they need — nothing broader. AWS IAM, GitHub tokens, API keys should do exactly one thing.
5. Add observability for anomalous behavior.
Rate limiting is table stakes. Beyond that: alert on unusual login patterns, unexpected API call volumes, and data exports that don't match normal usage. You can't respond to what you can't see.
6. Automate security checks in your CI/CD pipeline.
Tools like Trivy, Semgrep, and Snyk can catch a significant portion of common vulnerabilities before code ships. This doesn't replace understanding — it catches the things you forgot to ask about.
7. Read OWASP Top 10.
Ten categories. One afternoon. Covers the majority of common attack surfaces. The AI that built your app will also help you audit it against this list — ask it to.
The gap is not permanent. It's just not closing on its own.
Glasswing & Mythos Preview: Glasswing | Mythos Preview
Previous: We're in AI's Cyberpunk Moment — and Memory is the Final Boss
Written by Vishwam Dhavale
Full stack developer building scalable web & mobile systems. Founding Engineer with a passion for clean architecture and great DX.
Related Articles
We're in AI's Cyberpunk Moment — and Memory is the Final Boss
AI models have outpaced the hardware beneath them. Google's TurboQuant shows where the real battle is being fought — not in raw compute, but in memory and context.
Cisco Got Breached. They Ran a Security Scanner.
Cisco didn't get phished. They didn't misconfigure a server. They ran Trivy — a vulnerability scanner — and that was enough. Here's the 12-day chain that nobody connected until it was too late.