There is a new way to build software in 2026, and it has a name: vibe coding. You describe what you want in plain English, an AI coding assistant writes it, and — increasingly — you just let it run. No squinting at the code. No second-guessing. You trust the vibe.
It is fast. It is genuinely impressive. And for a lot of businesses, it is quietly becoming a serious risk.
This isn't a "robots are scary" article. AI-assisted development is one of the most useful shifts in a generation, and the productivity gains are real. But there's a gap between "it works" and "it's safe to put in front of customers" — and that gap is where the trouble lives. The single biggest danger hiding in it has a name — a supply chain attack — and AI is quietly making it far easier to fall victim to. Here's what's actually happening, why it matters even if you've never written a line of code, and what we recommend you do about it.
01 — The core riskThe biggest exposure: a poisoned supply chain
Modern software is rarely built from scratch. It's assembled — like a meal made from ready-made ingredients pulled off a shelf. Those "ingredients" are small packages of code written by other people and downloaded automatically from public libraries. A typical app uses hundreds of them, and each one is simply trusted to do what it claims.
That trust is exactly what attackers now target. It's called a supply chain attack: rather than breaking into your business directly, criminals tamper with one of the trusted ingredients before it ever reaches you. When your software is assembled, the poison comes along for the ride — arriving through the same official, reputable channels you'd never think to distrust.
A supply chain attack doesn't pick the lock on your front door. It hides inside a delivery you invited in — and signed for yourself.
This is now the busiest battleground in software security, and the scale is staggering. Throughout 2025, security firm Sonatype identified more than 454,600 new malicious code packages, part of a known total now exceeding 1.2 million.7 Worse, attackers have graduated from crude fakes to hijacking trusted, legitimate ingredients: the hugely popular "Axios" library was compromised on 31 March 2026, quietly deploying malware to everyone who installed the update during that window — straight through the official source, with nothing visibly out of place.1
Here is where vibe coding pours fuel on the fire. For years there was a human in the loop. A developer would type the name of an ingredient, glance at it, and have at least a rough sense of what they were adding. That small moment of attention was a real — if imperfect — safety check. An AI agent removes it completely: it can decide it needs an ingredient, find one, and add it to your project without anyone looking. As one industry analysis put it plainly, the checkpoint simply disappears.1
A cautious human might hesitate before installing something unfamiliar. An AI agent working at speed almost never will — and it will do it hundreds of times an hour, across every project it touches. That is precisely the behaviour a supply chain attacker is counting on.
02 — The other halfIt's not just the ingredients — it's the cooking, too
Even when the ingredients are clean, the AI doesn't always assemble them safely.
Independent testing by Veracode across more than 100 AI models found that 45% of AI-generated code introduced a known category of security flaw — and that figure has not improved across repeated testing through early 2026, despite vendor promises.2 A separate review of over 200 vibe-coded applications found 91.5% contained at least one vulnerability, and more than 60% had leaked passwords or access keys into places anyone could find them.3
There's even a brand-new attack invented specifically to exploit AI's habits — a supply chain attack purpose-built for the AI era. Roughly one in five AI code suggestions references a package that doesn't actually exist — the AI simply made up a plausible name. Attackers now watch for these invented names, register them as real (malicious) packages, and wait for the next AI to confidently install them. It's been nicknamed "slopsquatting."2
03 — In the wildWhat this looks like when it goes wrong
In January 2026, an AI social platform called Moltbook launched to huge fanfare. Its founder proudly said he "didn't write a single line of code." Within three days, security researchers found it had exposed its entire customer database — including roughly 1.5 million access tokens and 35,000 email addresses. The cause was a single safety setting the AI never switched on.4
This is not a freak event. Georgia Tech's monitoring project tracked 35 separate security vulnerabilities in a single month (March 2026) traced directly to AI coding tools — up from six in January, and researchers believe the true number is far higher.2 One security expert has gone as far as comparing the trajectory to the Challenger disaster: a known, ignored risk waiting for the wrong moment.5
04 — The quiet oneThe deeper risk: losing the skill to notice
Here's the part that rarely makes the headlines. When you stop reading the code, you slowly stop being able to read the code.
We call this the GPS problem. Most of us can follow satnav perfectly — right up until it sends us into a field, and we realise we've lost the instinct to spot that something's wrong. The same thing happens in teams that lean entirely on AI: they ship fast, but when something breaks, no one can diagnose it. The cost doesn't show up in productivity dashboards. It shows up later, in how long it takes to recover from an incident.6
This is the line between two kinds of organisation:
- AI-first organisations use AI to move faster while staying in control. A human still owns the outcome.
- AI-dependent organisations have handed over control and can no longer function — or recover — without the machine.
The first is a competitive advantage. The second is a business continuity risk dressed up as innovation.