2025-08-05 –, Florentine E
Generative AI has been transforming and expediting enterprise workflows. However, with the introduction of “vibe coding”, the practice of generating software utilizing AI instead of traditional software engineering practices, this introduces new vectors for cyber threats including data leakage, model manipulation, and social engineering attacks. This session will provide a pragmatic overview for industry professionals on how to securely adopt GenAI tools while minimizing exposure to risks. Our live demo will showcase how the seemingly functional code produced through simple prompts generation repeatedly fails basic security scrutiny when examined by professionals. Beyond the technical vulnerabilities, we will address organizational risks: hiring pipelines flooded with candidates lacking fundamental security understanding, and executives with unrealistic expectations about AI capabilities. As we abstract further from underlying technology, we risk creating a generation of developers disconnected from bare-metal computing principles which could potentially weaken the collective security posture. While advocating for AI as a powerful augmentation tool, we provide a crucial reality check on responsible AI implementation that will maintain security integrity in an increasingly automated development landscape.
This presentation talk came from months of Megan and I sharing concerns between the two of us on what we've been hearing colleagues say, examples of vibe coding failures on x/reddit, and our overall concerns for the future of the industry. What will cybersecurity look like if all the professionals are inhibited by a lack of understanding of foundational technical and security topics while having executives who think that AI is the answer for everything. We'll have two live demos plus room for discussions because we have lots of thoughts about the current state of vibe coding and what a more secure vibe coding future could look like that doesn't detract from foundation understanding of the underlying technology of everything.
Also, the demos will be live, but we’ll pre-record them before coming in in case anything goes wrong.
Chloe Potsklan is a senior cyber security researcher working on the Threat Research team at Reach Security. Previously she had worked on the endpoint security platforms team and security architecture team mainly focusing on securing cloud environments at NBCUniversal. She started her career at Deloitte as a senior cyber risk consultant working in DevSecOps, application security, penetration testing, and vulnerability management. On the side, Chloe teaches intro to cyber security bootcamps through Savvy Coders and spends her free time playing water polo.