The UK Government Just Warned About Vibe Coding Security at RSA. Two Days Later, a Supply Chain Attack Proved Why.

Two things happened this week that every vibe coder needs to know about. On March 24, the head of the UK's National Cyber Security Centre stood on stage at RSA Conference and told the global security community that vibe coding is creating "intolerable risks." The same day, attackers backdoored LiteLLM, a Python package with 95 million monthly PyPI downloads, through a poisoned security scanner in its CI/CD pipeline. One is a warning. The other is proof. What the NCSC Actually Said Richard Horne, CEO of the NCSC (the UK's equivalent of CISA), didn't mince words. "The attractions of vibe coding are clear. Disrupting the status quo of manually produced software that is consistently vulnerable is a huge opportunity, but not without risk of its own." He went further: "The AI tools we use to develop code must be designed and trained from the outset so that they do not introduce or propagate unintended vulnerabilities." The NCSC also published a blog post the same day calling AI-generated cod