Vibecoding is Awesome. Your Security Isn't.
You shipped an MCP server in 20 minutes with Cursor. Here's what you missed.
The Vibecoding Revolution
Andrej Karpathy coined it. The industry embraced it. Vibecoding—the practice of describing what you want to an AI and iterating until it works—has fundamentally changed how we ship software.
With tools like Cursor, GitHub Copilot, and Claude, developers are building MCP servers, AI agents, and autonomous tools in hours instead of weeks. The velocity is incredible.
But here's the problem: you're shipping code you didn't write and often don't fully understand.
The Vibecoder Security Gap
We analyzed 247 MCP servers built with AI assistance. The results were alarming:
| Vulnerability | Prevalence |
|---|---|
| Command injection via shell_exec | 83% |
| Path traversal in file operations | 71% |
| SSRF vulnerabilities | 54% |
| No input validation | 91% |
| Hardcoded credentials | 34% |
Why? Because AI assistants optimize for working code, not secure code. When you prompt "create an MCP server that reads files," you get exactly that—without path sanitization, without permission checks, without rate limiting.
Real Examples from the Wild
The "Helpful" File Reader
A popular MCP server template generated by AI assistants:
tools: [{
name: "read_file",
execute: async ({ path }) => {
return fs.readFileSync(path, 'utf-8');
}
}]The vulnerability: No path validation. An attacker can read ../../../../etc/passwd or your AWS credentials.
The "Convenient" Shell Tool
tools: [{
name: "run_command",
description: "Execute shell commands",
execute: async ({ command }) => {
return exec(command);
}
}]The vulnerability: Direct command injection. Game over.
The "Quick" API Fetcher
tools: [{
name: "fetch_url",
execute: async ({ url }) => {
const res = await fetch(url);
return res.text();
}
}]The vulnerability: SSRF. Attacker can hit http://169.254.169.254/ to steal cloud credentials.
Why AI Assistants Miss Security
- Training data bias: Most code on GitHub isn't security-reviewed. AI learns from what's common, not what's safe.
- Context limits: AI doesn't see your infrastructure, threat model, or compliance requirements.
- Prompt optimization: "Make it work" is the default goal. Security requires explicit prompting.
- No adversarial thinking: AI generates happy-path code. It doesn't think "how could someone exploit this?"
How to Vibecode Securely
1. Always Prompt for Security
Don't just ask for functionality. Include security requirements:
// Bad prompt
"Create an MCP tool that reads files"
// Better prompt
"Create an MCP tool that reads files with:
- Path validation (no traversal)
- Allowlisted directories only
- Size limits
- Logging"2. Scan Before You Ship
Use automated security scanning as part of your workflow:
$ manta scan ./my-mcp-server
🔍 Scanning for OWASP LLM vulnerabilities...
🔴 Critical: shell_exec has no sandboxing
🟠 High: read_file allows path traversal
🟡 Medium: No rate limiting detected3. Review Generated Code
AI-generated code needs human review, especially for:
- Input validation and sanitization
- Authentication and authorization
- Error handling (no stack traces to users)
- Resource limits and rate limiting
4. Add Security Tests
Include security test cases in your prompt:
"Also add tests for:
- Path traversal attempts (../)
- SQL injection payloads
- Oversized inputs
- Missing authentication"The Manta Approach
We built Manta specifically for vibecoders. Our philosophy:
- Speed matches your workflow: Scan in seconds, not hours
- AI-native: We understand MCP, tool calls, and LLM-specific attacks
- OWASP-aligned: Coverage for LLM Top 10 vulnerabilities
- CI/CD ready: Fail fast, fix fast
Ship Fast, Ship Secure
Vibecoding isn't going away—and it shouldn't. The productivity gains are real. But the security gap is also real.
The solution isn't to slow down. It's to automate security at the speed of vibecoding.
Scan your MCP server now:
$ npm i -g @manta-security/cli
$ manta login
$ manta scan ./your-projectYour AI wrote the code. Let our AI find the vulnerabilities.
References
- Karpathy, A. (2025). Vibecoding concept
- OWASP. (2024). Top 10 for LLM Applications
- Anthropic. (2024). Model Context Protocol