CISO Tradecraft® #261 - Vibe Coding Security (with Neatsun Ziv)
21 snips
Dec 1, 2025 Neatsun Ziv, founder of Ox Security and former executive at Check Point, shares his expertise on vibe coding and security. He highlights the balance between productivity and quality, discussing the risks of AI-generated code. Neatsun introduces VibeSec, a new approach to embedding security into development workflows, arguing that traditional methods are falling short. The conversation covers training data pitfalls, mitigating risks in AI models, and how modern tools must evolve to stay secure. Tune in for insights on protecting code and adapting to an AI-driven future!
AI Snips
Chapters
Transcript
Episode notes
Vibe Coding Is Intent-Driven Development
- Vibe coding shifts from autocomplete to intent-driven code generation inside IDEs, creating a new developer interface.
- The model's output quality depends heavily on the context placed into the token window.
Context Window Determines Accuracy
- AI will hallucinate without sufficient, accurate context in the prompt window.
- Better results come from providing precise context and constraints up front.
AI Acts Like An Eager Junior Dev
- Vibe coding acts like an eager junior developer that generates large volumes of code with high volatility.
- That agent may skip non-explicit tasks like authentication or input sanitization unless told otherwise.