Vibe-Coded Apps Exposed: Detecting and Remediating Insecure AI-Generated Code

The recent analysis of 2,000 exposed "vibe-coded" applications—software generated primarily by Large Language Models (LLMs) with minimal human oversight—serves as a stark wake-up call for the security industry. The term "vibe-coding," popularized in developer circles, describes the practice of writing code by iteratively prompting an AI until it "feels" right, often without the developer fully understanding the underlying logic or security implications.

According to the findings, these applications, often rushed into production, are leaking credentials and presenting attack surfaces at an alarming rate. Defenders must recognize that AI-generated code inherits the vulnerabilities of the training data and the specific "tutorial" patterns it mimics, leading to a resurgence of basic security flaws like hardcoded secrets and improper authentication.

Technical Analysis

The investigation into the 2,000 exposed applications revealed distinct patterns of negligence inherent in un-vetted AI-assisted development.

• Affected Platforms: The analysis focused heavily on rapid-deployment environments commonly used for "vibe-coding," including Replit, Vercel, and generic containerized web apps (Docker) running Python (Flask/FastAPI) and Node.js (Express).
• Key Vulnerabilities:
  • Hardcoded Credentials: The most prevalent issue was the inclusion of API keys (OpenAI, Anthropic, AWS) and database connection strings directly in source files.
  • Debug Modes in Production: AI models frequently suggest enabling debug mode (app.run(debug=True) in Flask) to facilitate error tracking during testing. Developers are deploying these configurations live, exposing stack traces and variable data to end-users.
  • CORS Misconfiguration: Permissive Cross-Origin Resource Sharing (CORS) policies (Access-Control-Allow-Origin: *) were standard in generated code to "fix" frontend errors, effectively bypassing Same-Origin Policy protections.
• Attack Vector: Attackers are actively scanning for default API endpoints and specific file paths (e.g., /env, /config) associated with common AI-generated scaffolding. Once credentials are harvested, they move laterally into cloud environments.
• Exploitation Status: Active scanning and credential harvesting have been confirmed. While there is no single CVE for "bad AI code," the specific instances of exposed secrets and debug interfaces are being exploited in the wild.

Detection & Response

The following detection logic focuses on identifying the behavioral patterns of insecure AI-generated code deployment: specifically, the execution of applications with hardcoded secrets in command arguments (a common pattern in AI-generated "one-off" scripts) and the presence of development debug modes in production web servers.

Sigma Rules

---
title: Potential Hardcoded Secrets in CLI Arguments
id: 8f4a2b10-1c9d-4b5f-9e0a-3d2c4b5a6e7f
status: experimental
description: Detects execution of Python or Node scripts where command-line arguments contain patterns resembling hardcoded API keys (e.g., OpenAI 'sk-', AWS 'AKIA'), a common error in AI-generated code.
references:
 - https://thehackernews.com/2026/05/what-2000-exposed-vibe-coded-apps.html
author: Security Arsenal
date: 2026/05/20
tags:
 - attack.credential_access
 - attack.t1552.001
logsource:
 category: process_creation
 product: windows
detection:
  selection:
    Image|endswith:
      - '\python.exe'
      - '\node.exe'
    CommandLine|contains:
      - 'sk-'
      - 'AKIA'
      - 'mongodb://'
      - 'postgres://'
  condition: selection
falsepositives:
 - Legitimate administrative scripts (rare)
level: high
---
title: Web Server Execution from Insecure User Directories
id: 9e5b3c21-2d0e-5c6g-0f1b-4e3d5c6f7a8b
status: experimental
description: Detects web servers (Flask, Django, Express) running directly from user Downloads or Desktop directories, indicative of unmanaged "vibe-coded" app testing.
references:
 - https://thehackernews.com/2026/05/what-2000-exposed-vibe-coded-apps.html
author: Security Arsenal
date: 2026/05/20
tags:
 - attack.initial_access
 - attack.t1190
logsource:
 category: process_creation
 product: windows
detection:
  selection_img:
    Image|endswith:
      - '\python.exe'
      - '\node.exe'
  selection_cli:
    CommandLine|contains:
      - 'app.run'
      - 'npm start'
      - 'node server.js'
  selection_path:
    CurrentDirectory|contains:
      - '\Downloads\'
      - '\Desktop\'
  condition: all of selection_*
falsepositives:
 - Developer local testing (verify user)
level: medium

KQL (Microsoft Sentinel)

This query hunts for web server processes (Python/Node) exhibiting behaviors consistent with AI-generated tutorials, such as binding to all interfaces (0.0.0.0) with debug flags enabled or running from non-standard directories.

DeviceProcessEvents
| where Timestamp > ago(7d)
| where ProcessVersionInfoOriginalFileName in ("python.exe", "node.exe") or FileName in ("python", "python3", "node")
| extend CliArgs = tolower(ProcessCommandLine)
| where CliArgs contains "run" or CliArgs contains "start" 
| where CliArgs contains "debug=true" or CliArgs contains "host=0.0.0.0"
| project Timestamp, DeviceName, AccountName, ProcessCommandLine, FolderPath
| order by Timestamp desc

Velociraptor VQL

This artifact hunts for source code files in common user project directories that contain hardcoded API key patterns often inserted by LLMs.

-- Hunt for potential hardcoded secrets in source code
SELECT FullPath, Size, Mtime
FROM glob(globs="/*")
WHERE FileName =~ '.(py|js|ts|env)$'
  AND (
    FullPath =~ 'Downloads' OR 
    FullPath =~ 'Projects' OR
    FullPath =~ 'Replit'
  )
-- Note: In a real environment, use regex() on content for 'sk-' or 'AKIA'

Remediation Script (Bash)

This script scans a specified directory (commonly used for development) for obvious hardcoded secrets often found in "vibe-coded" applications. It should be run in CI/CD pipelines or pre-commit hooks.

#!/bin/bash
# Scan for common hardcoded API keys in source files
TARGET_DIR=${1:-.}

echo "Scanning $TARGET_DIR for potential hardcoded secrets..."

# Define patterns (OpenAI, AWS, Google, generic keys)
PATTERNS=("sk-[a-zA-Z0-9]{32}" "AKIA[0-9A-Z]{16}" "AIza[0-9A-Z\-_]{35}" "password\s*=\s*['\"]")[^'"]+['\"]")

FOUND=0
for pattern in "${PATTERNS[@]}"; do
  if grep -r -i -E "$pattern" "$TARGET_DIR" --include="*.py" --include="*.js" --include="*.ts" --include=".env" 2>/dev/null; then
    echo "[!] MATCH FOUND for pattern: $pattern"
    FOUND=1
  fi
done

if [ $FOUND -eq 0 ]; then
  echo "No obvious hardcoded secrets detected."
else
  echo "[WARNING] Potential secrets found. Please review code before deploying."
  exit 1
fi

Remediation

1. Implement Pre-Commit Hooks: Mandate the use of tools like truffleHog or gitleaks in the development workflow. These tools automatically scan code for secrets before it is committed to the repository, catching the "vibe-coding" mistakes before they hit the codebase.
2. Secrets Management: Enforce the use of environment variables or secret managers (e.g., HashiCorp Vault, AWS Secrets Manager). AI-generated code must be refactored to read credentials from os.environ rather than hardcoded strings.
3. SAST Integration: Integrate Static Application Security Testing (SAST) tools (e.g., Bandit for Python, ESLint with security plugins for JS) into the pull-request process to automatically flag debug modes and insecure configurations.
4. Code Review Policies: Treat AI-generated code as untrusted third-party code. Every function generated by an LLM requires a manual security review, specifically focusing on input validation and authentication logic.
5. Vendor Advisory: Review the OWASP Top 10 for LLM Applications to understand the specific risks associated with integrating AI into the development lifecycle.

Related Resources

Security Arsenal Red Team Services AlertMonitor Platform Book a SOC Assessment pen-testing Intel Hub