The first time I have heard about the vibecoding I could not believe that peeps without the technical background dare to release web apps and other type of software within the week of using such stuff like cursor, claude code and later lovable, bolt.new and etc. I saw some of the projects like that and despite them being somewhat functional - I could feel that security was not the strongest side of these pieces of software. As it turned out I was not hallucinating about the existance of the said security problem - lots of papers were published in this regard. For example, just last quarter 2 prominent papers outlining the problem with stastical approach highlight the severity of security problem within vibecoded apps:
1) https://arxiv.org/abs/2512.03262v1
2) https://arxiv.org/abs/2510.26103
The new itteration of the approach of software development marked a signficant moment of singularity - instead of developers having a deterministic intent mediation process, the developers/vibecoders deploy probabalistic intent mediation when developing applications as outlined in the yet another paper (https://arxiv.org/abs/2507.21928). Probability that the users prompt would correctly enforce the security rules without explicitly knowing security practices is very low and even essentially non existant.
So I have built a tool called Vibeshield that works in following way:
1) developer/vibecoder installs mcp server:
{
"mcpServers": {
"vibeshield": {
"command": "npx",
"args": [
"-y",
"vibeshield-mcp@canary"
],
"env": {
"VIBESHIELD_TOKEN": "vs_live_981bba726786602d91e75be8e9f9a7b7_kSZs-6DPQVtRlSU9qhemEM6HKplvKY59BtUcv0fRbNU"
}
}
}
}
2) developer/vibecoder prompts his ai coding agent to create something with the help of vibeshield. For example, he writes: "use vibeshield mcp server. Create/Improve authentification system"
3) user's agent notices that it needs to use analyze_prompt tool which outputs additional security requirements according to the users intent and stack and tells llm how to utilize these requirements.
4) Security requirements are enforced due to the attention that rewritten by mcp server tool prompt is attracting from the perspective llm.
5) As implementation completed - developer/vibecoder would have not only code artifacts but vibeshield docs generated.
So if you guys want you can use my token on Ultra plan (see mcp config above) of vibeshield and tell me how it works for you. Note that there are not that many intents - I need to implement more of them with relevant security packs. If you guys are interested in it - you can add me on discord. my username is chockslam. Or you can email me at hello@vibeshield.tech
