Most of the AI-security discourse (and most of my posts) right now is about prompt injection and agent hijacking. But there are still the move-fast-break-things issues that are exacerbated with agentic coding/vibe coding...

I reviewed a colleague's vibe-coded internal tool last week, found 28 security issues, and none of them were that kind of bug - they were the same classic stuff juniors have always shipped, just produced at much higher throughput.

Wrote it up because the "senior engineer review" step quietly disappeared from a lot of AI-assisted workflows, and the bugs that step used to catch are still there (We are still needed!).

[flagged]