The BBC Just Proved Our Thesis: Vibe-Coded Apps Are Production Time Bombs
AI can write code fast. Speed without verification isn't velocity — it's accelerated risk.
A BBC reporter sat in front of her laptop and watched a security researcher take over her machine in real time. The researcher, Etizaz Mohsin, had injected malicious code into the reporter's project on Orchids — a vibe-coding platform with one million users, including employees at Google, Uber, and Amazon. No sophisticated exploit. No zero-day. He just pushed code through the platform's normal workflow, the reporter accepted it, and Mohsin was in. He changed her desktop wallpaper to prove it. The whole thing happened on camera, broadcast on BBC World Service. The vulnerability is still unfixed. Orchids has not publicly responded to the BBC's press queries. Let that land for a moment. A widely-used AI coding platform — built for enterprise employees, marketed to developers at household-name companies — was demonstrably compromised on live television. And the response has been silence.From Demo to Dollars: The Moonwell Exploit
If the Orchids hack felt like a controlled demo — a security researcher in a lab setting, a journalist as the subject — the next data point removed that comfort. This week, Moonwell, a DeFi lending protocol, lost $1.78 million due to a vulnerability in a smart contract's pricing function. The function mispriced cbETH at $1.12 instead of its actual market value. That small error cascaded into a chain of incorrect liquidations, and by the time anyone caught it, nearly two million dollars was gone. The GitHub commit record is instructive: "Co-Authored-By: Claude Opus 4.6." Auditors who reviewed the incident confirmed the code was accepted with minimal line-by-line review — a textbook vibe coding workflow. Generate, review at a glance, ship. I want to be precise here: this isn't an indictment of Claude, or AI coding assistants generally. The model did what it was asked to do. The failure was process. No one verified the output before it ran with real money on the line. Two incidents. One week. Same root cause.The Numbers Behind the Headlines
These aren't isolated anomalies. The research backs it up. A February 2026 "State of Vibe Coding" analysis found that 45% of AI-generated code samples introduce common OWASP vulnerabilities — the same class of flaws that appear in every enterprise security audit. Across 15 vibe-coded test applications, researchers found 69 distinct vulnerabilities. AI co-authored pull requests show 2.74 times higher security vulnerability rates than human-authored code reviewed through standard processes. And from the DEV Community: analysts now estimate that 1 in 5 security breaches in 2026 will trace back to AI-written code pushed to production without adequate review. None of these numbers are surprising if you've been paying attention. But they matter now because the Orchids hack and the Moonwell exploit give them narrative weight. Data points become a pattern. A pattern becomes a category.Why This Keeps Happening
The vibe coding workflow is genuinely magical for the first hour. You describe what you want, the AI writes it, you run it, it works. The feedback loop is intoxicating. It feels like programming without the friction. The problem is what happens next — or more precisely, what doesn't happen next. There is no governance layer between generation and deployment. The AI writes code at the speed of thought. The developer reviews it at the speed of optimism. Then it ships. No SBOM. No dependency pinning. No egress policy. No identity scoping. No audit trail. The app that started as "I just need a quick tool to check our pricing" ends up running with admin credentials, calling external APIs, handling sensitive data, and leaving no structured logs behind when something goes wrong. This isn't a failure of AI. It's a failure of the deployment pipeline — or rather, the absence of one. Jon Kern, one of the co-authors of the Agile Manifesto, put it plainly this week. He said he's "smitten" with vibe coding, then immediately acknowledged the risk: an AI coding assistant "wiped a production database despite being instructed not to make changes without permission." His quote: "So there are risks involved." When the inventor of iterative software methodology is using vibe coding but warning about production risks, this is no longer a fringe concern. It's mainstream.I've Seen This Movie Before
At Verkada, we were managing computer vision systems across more than 1 million+ security cameras in 93 countries. Every model update — every improvement to face detection, every tweak to edge object detection — went through a staged deployment process before it touched a single production feed. Not because we didn't trust our models. We ran rigorous testing. We believed in the work. But the cost of being wrong wasn't a GitHub issue or a rollback note. It was a physical security failure at a school, a hospital, a data center. So we ran canary deployments, monitored error rates against baselines, gated rollouts by region, and maintained instant rollback capability. We didn't ship on faith. At Amazon Alexa, I worked on sensitive content detection — systems that needed to make real-time decisions about what a voice assistant should and shouldn't surface. Privacy-preserving ML at consumer scale. The same discipline applied: every inference path was logged, every model change was audited, every edge case was a first-class engineering concern. Neither of those systems was built with vibe coding. But the principle transfers directly. AI-generated code, like any model output, needs a production envelope. It needs identity scoping, network constraints, dependency hardening, and observability before it runs in an environment that matters. The Moonwell pricing function didn't need a better AI. It needed a deployment pipeline that would have caught a mispriced asset before the contract went live.What the Fix Actually Looks Like
This is where I'll be direct about what the solution architecture needs to include — not as a sales pitch, but because the specifics matter. Runtime identity. Every vibe-coded app should run with a scoped identity, not a developer's personal credentials or a shared service account. When a user takes an action inside the app, the system should authenticate that user's actual permissions — not the blanket access of whoever built the tool. This is the difference between "the app can approve any discount" and "only the VP of Sales can approve discounts above 20%." Egress control. A pricing function should not be able to call arbitrary external APIs. An internal deal desk tool should not have network access beyond Salesforce and Slack. A transparent network proxy that enforces a strict allowlist at the container level stops data exfiltration and supply chain compromise at the infrastructure layer — before the application logic runs. SBOM and dependency pinning. AI-generated code typically includes unpinned dependencies. Arequirements.txt that says requests instead of requests==2.31.0 is an open invitation for supply chain attacks. Every build should generate a Software Bill of Materials and resolve the full dependency tree to pinned, verified versions.
Automated scanning before deployment. The 45% OWASP vulnerability rate means nearly half of AI-generated code will fail a basic security scan. That scan should happen automatically, in the CI/CD pipeline, not after the code is already running in production. Not as a checkbox — as a gate.
None of this requires developers to become security engineers. That's the point. The governance layer should be infrastructure, not workload.
The Market Has Already Decided
Here's what makes this moment different from previous security warnings: enterprises aren't slowing down. They're accelerating. Retool's 2026 "Build vs. Buy" report, based on 817 enterprise professionals, found that 35% of enterprises have already replaced at least one SaaS tool with custom-built software. 78% expect to build more in 2026. And — the number that should keep every CISO up at night — 60% of enterprise developers have built software outside IT oversight in the past year. Retool published this as a market opportunity. They're right. The build-over-buy shift is real and it's accelerating. But their report doesn't ask the follow-up question: what happens when those 60% of ungoverned apps hit production? The Orchids hack answers it. The Moonwell exploit answers it. The 45% OWASP rate answers it. The AppGen market is real. The demand for speed is real. The Retool and Replit and Lovable numbers prove that enterprise teams will not stop building. That ship has sailed. The question is whether the deployment layer catches up before the breaches mount.The Next Decade of Enterprise Software
We are at the beginning of a category transition. AI will write most of the enterprise software of the next decade. That's not a prediction — it's already happening. The 60% shadow IT stat is the leading indicator; the production failures are the lagging one. The companies that figure out governed deployment — not slower development, not restricted tooling, but a production envelope that wraps AI-generated code in runtime identity, network controls, and observability — will capture the value of the AI coding wave without absorbing its risk. The companies that don't will keep making the news. A BBC reporter watching a stranger change her wallpaper. A DeFi protocol losing $1.78 million to a mispriced asset. These are warning shots. The next incident will be inside an enterprise network, and it won't make the news until after the audit. The thesis was always simple: AI can write code fast. But speed without verification isn't velocity — it's accelerated risk. The Orchids hack and the Moonwell exploit didn't prove anything we didn't already know. They just made it undeniable.Pushpak Pujari is CEO of VizopsAI, the secure runtime for custom enterprise software. Previously Director of Product at Verkada (1 million+ security cameras across 93 countries) and Head of Product for Amazon Alexa AI. He writes about AI infrastructure, production governance, and the gap between what AI can build and what enterprises can safely deploy.