Why vibe-coded apps fail basic security checks

AI code generation tools like Cursor, Windsurf, and Claude write working code at remarkable speed. But "working" and "secure" are not the same thing — and the gaps show up in predictable patterns.

The three most common failures

In ShipRight's audit data, three categories account for over 70% of critical findings in vibe-coded apps: missing auth middleware, unverified webhooks, and hardcoded secrets.

Full post coming soon.