#061 - Cyber AI Chronicle - Security for Vibe Coding

Author

Simon Ganiere
March 23, 2025 • Estimated Reading Time: 11 minutes

PRESENTED BY

Cyber AI Chronicle

By Simon Ganiere · 23th March 2025

Welcome back!

Project Overwatch is a cutting-edge newsletter at the intersection of cybersecurity, AI, technology, and resilience, designed to navigate the complexities of our rapidly evolving digital landscape. It delivers insightful analysis and actionable intelligence, empowering you to stay ahead in a world where staying informed is not just an option, but a necessity.

Table of Contents

What I learned this week

TL;DR

  • AI-powered “vibe coding” is changing how developers write software—fast, instinctive, and dangerously insecure. Under pressure to ship, many skip security entirely, trusting AI-generated code to "just work." But new evidence shows these tools leak secrets, hallucinate logic, and generate malware with ease. The pace of development has outstripped the pace of security. And unless that changes, we’re not coding—we’re packaging future incidents. As Anthropic CEO Dario Amodei warns, AI will write 90% of the code for software engineers within the next three to six months and every line of code within the next year. That means the time to get secure-by-default is now—not after the breach. » READ MORE

  • Linked to the main topic of this week edition - and to prove that AI cannot solve it all - we have a supply chain compromise against GitHub Actions such as tj-actions/changed-files and reviewdog/action-setup. You can read more about it from the initial report from StepSecurity and from Wiz here and here. Surprise (or not) one of the identified targets was Coinbase…looks like the Crypto world can’t get a break from the bad guys.

  • Speaking of Wiz, impossible not to mention the huge acquisition by Google…$32 billion!! A previous deal, in 2024, for $20 billion was supposedly rejected by the Wiz founders. This is a huge milestone for the startup community and cyber security. Don’t get me wrong not every startup can pull something like this but Wiz ability to deliver a great product and (probably more importantly) their strong marketing approach. I remember meeting those guys back in 2022 at RSA and was impressed from the start.

  • Anthropic is finally adding web search to Claude. This is currently available only in the US and for paid Claude users. Looks like they are using Brave Search to enable this feature. Open updated its audio models to power voice agent, this is also all available via the API…I guess at some point I need to try to see and launch a Podcast version of this newsletter 😁 

Subscribe to keep reading

This content is free, but you must be subscribed to Project Overwatch to continue reading.

Already a subscriber?Sign In.Not now

Reply

or to participate.