Security
10 min read·Published

Vibe coding safely: shipping an AI-built app without leaking secrets or bugs

Vibe coding — describing what you want and letting an AI write most of the code — is a genuinely fast way to build. It is also a fast way to leak API keys, install a hallucinated package, and ship an app you do not understand well enough to secure. Here is a practical threat model and a safe workflow that keeps the speed without the accidents.

By offlineutils.com

Vibe coding — a term Andrej Karpathy popularized in early 2025 for describing what you want and letting the AI write the code — is the most fun software has been in a while. You can go from an idea to a running app in an afternoon. The catch is that the same speed that skips the boilerplate also skips the parts where security usually happens: reading the code, guarding the secrets, vetting the dependencies. This is a practical guide to keeping the speed without the accidents.

The short answer

Vibe code freely for prototypes and personal tools. The moment an app touches real users, real data, or the open internet, add four guardrails: protect your secrets, review what the AI writes, vet your dependencies, and keep a human gate before production. None of them slow you down much. All of them prevent the failures that actually happen.

A threat model for vibe coding

"Is it safe" is too vague to act on. Here are the five things that actually go wrong, in rough order of how often:

RiskWhat it looks likeThe guardrail
Secret leakagePasting a key or prod data into a consumer-tier chatSecrets manager; private tier; never paste live secrets
Insecure generated codeMissing authz, no input validation, SQL built by string concatRead it; lint; add validation and authorization on purpose
Dependency riskHallucinated or malicious packages the model confidently importsVerify each package exists and is reputable; pin versions
Prompt injectionHidden instructions in a README, issue, or dependencyLimit agent autonomy; review tool calls; trust boundaries
Understanding debtShipping code you cannot read, debug, or secureBuild in pieces you understand; ask the AI to explain

A word on dependency risk specifically, because it is the newest one: models sometimes invent package names that do not exist — and attackers have started registering those exact hallucinated names with malicious code inside, a trick nicknamed "slopsquatting." If your assistant tells you to npm install something, confirm the package is real and widely used before you run it.

What never to paste

Prompts are the leakiest surface in vibe coding, and on a consumer tier your input may be retained or used for training (see which AI coding tools train on your code for the tier-by-tier breakdown). Keep these out of any prompt on a non-private plan:

  • Live secrets — API keys, access tokens, passwords, private keys, connection strings.
  • Real production or customer data — use synthetic or obviously-fake sample data when you need the AI to see a shape.
  • Proprietary core IP — the algorithms that are the actual product, unless you are on a commercial tier or a local model.
  • Whole config files — a .envpasted "for context" is a credential dump.

A safe vibe-coding workflow

The whole discipline fits in a loop you can run on autopilot once it is a habit:

  1. Start on a private tier. Use a business/enterprise account or a local model for anything real, so your prompts are not training data.
  2. Keep secrets out of the code path. Environment variables or a secrets manager, referenced by name. Never let the model invent a secret — generate a real one with a cryptographic password generator.
  3. Generate, then read. Skim every file the AI writes before you run it. If you do not understand a block, ask for an explanation until you do.
  4. Vet dependencies. Confirm each imported package exists, is maintained, and is the one you meant. Pin versions.
  5. Scan before you commit. Run a linter and a secret scanner so a key never reaches your history.
  6. Add the security the model skipped. Input validation, authorization checks, rate limits, output encoding — models routinely omit these. Add them deliberately.
  7. Never auto-merge to production. A human approves the change. That gate is the difference between a prototype and a product.

The review gate an AI cannot pass for you

Generated code should clear the same bar as a pull request from a contributor you have never met. Before it ships, you can answer yes to each of these:

  • Can I explain what every file does and why it is safe?
  • Are there tests for the auth, validation, and error paths?
  • Are all inputs validated and all outputs encoded?
  • Is every dependency real, pinned, and reputable?
  • Are there zero secrets in the code or the git history?
  • Would I be comfortable if this were open to the public internet right now?

Local tools that keep the sensitive bits off the wire

A lot of the security-adjacent chores in an app do not need a model at all, and doing them locally keeps the sensitive values out of any prompt:

  • Password generator — real, cryptographically random secrets, instead of an AI-invented string.
  • Hash generator — check a checksum or hash a value with the Web Crypto API, offline.
  • JWT decoder— inspect a token's claims locally instead of pasting a live bearer token into a chat.
  • UUID generator — proper random identifiers for records and idempotency keys.
  • Regex tester — sanity-check the regex the model just wrote before it silently mis-matches in prod.

Vibe coding is not reckless by nature — it is only reckless without a review gate. Keep the human in the loop, keep the secrets off the wire, and it stays exactly as fast and a great deal safer. Next, lock down the tools themselves with the AI coding tool privacy guide, or see the broader case for computing locally in why offline-first developer tools matter.

Frequently asked questions

What is vibe coding?

Vibe coding is building software by describing what you want in natural language and letting an AI assistant generate most of the code, rather than writing it line by line. The term was popularized by Andrej Karpathy in early 2025. It is excellent for prototypes and small tools; shipping it to real users safely takes a few extra guardrails.

Is vibe coding safe?

It is safe for prototypes and throwaway tools. For anything that touches real users, real data, or the public internet, the risks are concrete: leaking secrets into prompts, shipping insecure generated code, installing hallucinated or malicious dependencies, and deploying logic you do not understand well enough to fix. Each risk has a straightforward guardrail, covered below.

What should I never paste into an AI coding tool?

Never paste live secrets (API keys, tokens, passwords, private keys), real production or customer data, or proprietary core IP into a consumer-tier assistant. Keep secrets in environment variables or a secrets manager and reference them by name. If you must use AI on sensitive code, use a commercial/enterprise tier with a no-training agreement, or a local model.

How do I stop AI-generated code from having security holes?

Treat generated code like a pull request from a stranger: read it before merging, run a linter and a secret scanner, add input validation and authorization deliberately (models often skip them), pin and verify dependencies, and write tests for the security-relevant paths. The AI writes the first draft; you own the review gate.

Can a beginner vibe-code a production app safely?

Yes, with discipline. The dangerous move is deploying code you cannot read. Build in small pieces you understand, ask the AI to explain each part, keep secrets out of prompts, and never auto-merge to production. If you cannot explain what a piece of code does and why it is safe, it is not ready to ship.

Does vibe coding leak my API keys?

It can, in two ways: by pasting a key directly into a prompt (which may then be retained or trained on), and by letting an agent read a file such as .env that contains one. Keep keys in a secrets manager, exclude secret files from the assistant, and rotate any key you suspect was exposed. Generate real secrets with a local generator, not by asking the model to make one up.

Tools mentioned in this post

Password Generator

Generate strong, cryptographically random passwords offline.

Hash Generator

Compute SHA-256, SHA-1, SHA-512 and MD5 hashes in the browser.

JWT Decoder

Decode and inspect JSON Web Token claims without sending them anywhere.

UUID Generator

Generate cryptographically random UUIDs (v4) in bulk.

Regex Tester

Test JavaScript regular expressions with live match highlighting.

Concepts in this post

Related posts