--- title: "Vibe Coding Makes Fast APIs — Not Safe Ones" description: "Vibe coding tools make building APIs incredibly fast — but 0 of 15 apps in one study had CSRF protection, and only 1 attempted rate limiting. Here's what AI-generated APIs systematically skip, and how an API gateway fills every gap without killing the vibe." canonicalUrl: "https://zuplo.com/learning-center/vibe-coding-api-security" pageType: "learning-center" authors: "nate" tags: "API Security, AI" image: "https://zuplo.com/og?text=Vibe%20Coding%20Makes%20Fast%20APIs%20%E2%80%94%20Not%20Safe%20Ones" --- Andrej Karpathy coined "vibe coding" on February 2, 2025, in an X post that hit 4.5 million views: _"I 'Accept All' always, I don't read the diffs anymore… I just see stuff, say stuff, run stuff, and copy paste stuff, and it mostly works."_ The term became Collins Dictionary's Word of the Year 2025. Searches spiked 6,700% in spring 2025. The tools driving the trend — Cursor (which hit $1 billion ARR just 17 months post-launch), Claude Code, Replit Agent, Bolt, Lovable, v0 — make building functional APIs a matter of minutes. Y Combinator reported 25% of its Winter 2025 batch had codebases that were 95% AI-generated. By late 2025, 84% of developers were using or planning to use AI coding tools, with roughly 41% of all new code being AI-generated. Here's the problem: every one of those APIs is missing the things that make an API production-ready. ## The security data is damning The evidence base is now substantial and multi-sourced. **Veracode's 2025 GenAI Code Security Report** found that 45% of AI-generated code contains security flaws, with LLMs choosing insecure methods nearly half the time. A **Tenzai study** (December 2025) tested five major AI coding agents building identical applications — 15 apps in total. Here's what they found: - Zero of 15 apps implemented CSRF protection - Zero of 15 apps set security headers - Only 1 of 15 attempted rate limiting — and it was bypassable - 100% of agents introduced Server-Side Request Forgery vulnerabilities At scale, the picture gets worse. **Escape.tech** scanned 5,600 publicly deployed vibe-coded apps and found over 2,000 vulnerabilities and 400+ exposed secrets, including medical records and financial data. **Wiz Research** found security risks in 20% of vibe-coded apps they examined. A Columbia University researcher captured the root cause: _"Coding agents optimize for making code run, not making code safe."_ The most quotable framing comes from Lawfare's Greg Kedzierski: **"The S in 'vibe coding' stands for security."** ## Real incidents This isn't theoretical. Several high-profile incidents make it concrete: **Lovable** (the "fastest-growing company in Europe"): A Replit employee scanned 1,645 Lovable-created apps and found 170 apps leaking user PII, emails, financial data, and API keys to anyone. In February 2026, researcher Taimur Khan found 16 vulnerabilities (6 critical) in a single Lovable app that leaked 18,000+ people's data — including a logic inversion bug where the auth function _blocked_ authenticated users and _allowed_ unauthenticated ones. **Base44** (acquired by Wix): Wiz Research discovered exposed API endpoints that let anyone bypass all authentication including SSO on private apps — needing only a publicly visible `app_id` from the URL path. The flaw affected enterprise apps handling HR data and internal communications. **Moltbook** (AI agent social network): A misconfigured Supabase database exposed 1.5 million API keys and 35,000 user email addresses to the public internet. Root cause: vibe coding shortcuts. **The SaaStr founder's database**: Replit's AI agent deleted his entire production database despite explicit instructions not to touch it — given eleven times in ALL CAPS. His reflection: _"I am a little worried about safety now."_ **The API credit theft**: A developer named Paul had his vibe-coded site hacked; attackers found exposed API keys and burned through hundreds of dollars in API credits overnight — wide-open endpoints with no auth, no rate limits, no validation. ## The 90% done illusion There's a pattern here. As one developer observed: _"A founder tells me their app is 90% done… the 10% remaining is actually the hard part: authentication, payment processing, data validation, error handling, deployment. The visible UI was the easy 90%. The invisible infrastructure that makes it production-ready is the critical 90% that's missing."_ The vibe coding flow is real. A developer on DEV Community captured it: _"When you're vibe coding and in flow, you don't want to stop and ask 'now add rate limiting, now add CSRF tokens.' That kills the vibe."_ That tension is the whole problem. The speed of vibe coding is its core value proposition. Anything that slows you down defeats the purpose. ## What vibe-coded APIs systematically miss Research across Tenzai, Wiz, Escape.tech, Invicti, and Evil Martians reveals a consistent pattern of what AI-generated APIs leave out: **Authentication** — AI generates auth that "technically works" but misses edge cases. During iterative prompting, auth logic gets silently altered or removed (as with that Lovable inverted auth bug). The result is code that looks correct and fails in production. **Rate limiting** — 1 of 15 apps in the Tenzai study attempted it. That one was bypassable. Without rate limits, a single bad actor — or a misconfigured client — can exhaust your resources overnight. **Input validation** — AI fails to secure against XSS 86% of the time, and log injection 88% of the time. Requests go straight to backends with no sanitization. **Secrets management** — API keys end up hardcoded in frontend JavaScript. Supabase keys land in client bundles. Anyone who knows where to look can find them. **API documentation** — AI builds endpoints, not developer portals or OpenAPI specs. Without documentation, consumers make assumptions. Those assumptions become security vulnerabilities. **Monitoring** — Generic error handling ("something went wrong"), minimal logging. When something goes wrong in production, you won't know until a customer tells you. **CORS** — Often misconfigured or overly permissive. Attackers love permissive CORS. ## How an API gateway fills every gap — without killing the vibe Here's the thing: none of these gaps require you to slow down your development workflow. You don't have to stop mid-flow to add auth code, implement rate limiting logic, or wire up monitoring. You can handle all of it at the gateway layer, in minutes, without touching your application code. The frame is: **vibe code your logic, gateway your infrastructure**. | What vibe coding skips | What an API gateway adds | | ---------------------- | --------------------------------------------------------------------------------------- | | Authentication | API key auth, JWT validation, OAuth2, mTLS enforced before traffic reaches your backend | | Rate limiting | Per-key, per-IP, per-consumer rate limiting at the edge | | Input validation | Request validation policies enforced before backend processing | | Secrets management | Centralized credential management — keys never in application code | | API documentation | Auto-generated developer portals from OpenAPI specs | | Monitoring | Usage analytics, request/response logging, real-time observability | | CORS | CORS policies configured at the gateway level | Zuplo's positioning — _"API-key management, developer documentation, and rate-limiting, for any stack, in under 5 minutes"_ — is essentially a pitch written for vibe coders. The "under 5 minutes" matches the velocity mindset. You don't have to choose between moving fast and shipping safely. ## MCP servers make this worse The vibe coding problem extends to MCP (Model Context Protocol) servers, where the security picture is even bleaker. IT Pro reports that around half of the 15,000+ MCP servers in existence are dangerously misconfigured or carelessly built. Knostic researchers scanned the internet for exposed MCP servers, found nearly 2,000, and verified that every single one granted access without any authentication. Backslash Security found hundreds of MCP servers bound to `0.0.0.0` (all network interfaces), meaning anyone on the same WiFi network — at a coffee shop, at an airport — could take full control of the host machine. MCP servers are vibe-coded infrastructure at its most exposed. They're the new attack surface nobody's talking about. ## What's next Karpathy himself walked back the term in a February 2026 retrospective, now preferring "agentic engineering" for serious work: _"At the time, LLM capability was low enough that you'd mostly use vibe coding for fun throwaway projects, demos, and explorations."_ Andrew Ng was blunter: _"It's misleading a lot of people into thinking, just go with the vibes… it's a deeply intellectual exercise."_ But the tools aren't going away. Cursor isn't slowing down. Replit isn't shutting down. The speed gains are real and developers won't give them up. David Mytton (CEO of Arcjet): _"In 2026, I expect more and more vibe-coded applications hitting production in a big way… There's going to be some big explosions coming!"_ The answer isn't to stop vibe coding. It's to add the production layer that vibe coding tools don't build for you. That's what an API gateway does. In five minutes. --- _Ready to add production infrastructure to your vibe-coded API? Zuplo gives you API key auth, rate limiting, and auto-generated documentation in under 5 minutes — no application code changes required. [Get started for free](/pricing)._