The security gap AI coding created
Production-grade apps are being shipped at prototype speed. VibSec is the seatbelt that keeps you safe without slowing you down.
The problem
AI coding agents are a superpower. Claude Code, Cursor, Copilot, Aider — they let you ship production-grade apps and agents at prototype speed. But speed creates a new security gap.
AI agents optimise for "working code," not "safe code." They hardcode API keys. They install typosquatted packages. They bind databases to 0.0.0.0. They use eval() on user input. They grant broad permissions to tools and skip auth. Every time, you catch it manually — or worse, you don't catch it at all.
The faster you ship, the wider the gap gets.
The opportunity
Every developer using AI agents faces the same blind spots: leaked secrets, injection vulnerabilities, risky dependencies, unsafe agent configurations, exposed services. These aren't edge cases — they're the default output when you prioritise velocity.
VibSec exists because the real goal isn't to slow down. It's velocity without catastrophic downside. A preflight scanner that runs on every commit and deploy to catch common failures — plus runtime guardrails that enforce least-privilege tool execution and block high-risk actions triggered via prompt injection.
Think of it as a seatbelt for AI-assisted development: prevention, detection, and an audit trail — so you can move fast and know exactly what happened.
What VibSec does
🔍 Preflight scanning
50+ OWASP checks for hardcoded secrets, unsafe patterns, supply chain risks, injection vectors, and exposed services. One command: vibsec scan.
🤖 AI-powered remediation
Run vibsec scan --fix to generate a prompt your AI agent can use to fix every finding automatically.
🌐 Port & service monitoring
Catches databases and services exposed to the internet. Your Redis on 0.0.0.0 gets flagged instantly.
🖥️ Menu bar app
macOS native app — scan projects, monitor ports, and browse your audit log without opening a terminal.
🔒 100% local
No cloud, no telemetry, no API calls. Your code never leaves your machine.
🌍 Online scanners
Free repo scanner and domain scanner — check any public GitHub repo or website instantly.
Who builds VibSec
VibSec is built by CraftyPixels, a software studio specialising in AI agents, MarTech integrations, and full-stack development. With 10+ years shipping production ML pipelines and AI workflows, we use AI-assisted development daily — VibSec started as our internal safety net and is now free for the community.