Exactly. I was nodding my head all the time while reading this.
Security & privacy have long been an afterthought during the development process. And now with AI, completely non-technical folks overlook the most common pitfalls that have been happening for years even in production-level projects.
I think we need less "vibe-coding" and more "vibe-security".
Fantastic as always! I love reading your articles, and this one is so spot on. "security is not something you sprinkle on later like parsley. If you don’t respect boundaries from the start, the system will eventually teach you why they mattered, usually at the worst possible moment."
AI helps you build so fast that you skip learning why things like environment variables or a separate backend exist in the first place. You only find out when a key gets leaked or a secret ends up in a frontend bundle.
Exactly. I was nodding my head all the time while reading this.
Security & privacy have long been an afterthought during the development process. And now with AI, completely non-technical folks overlook the most common pitfalls that have been happening for years even in production-level projects.
I think we need less "vibe-coding" and more "vibe-security".
Fantastic as always! I love reading your articles, and this one is so spot on. "security is not something you sprinkle on later like parsley. If you don’t respect boundaries from the start, the system will eventually teach you why they mattered, usually at the worst possible moment."
AI helps you build so fast that you skip learning why things like environment variables or a separate backend exist in the first place. You only find out when a key gets leaked or a secret ends up in a frontend bundle.
"plug in the API key" 🙈
What used to be “teachable moments” — the bugs, bottlenecks, and architectural faceplants — are now being skipped entirely.
Friction used to force understanding. Now it’s optional.
The scary bit? You don’t realise what you’ve missed until you’re already too far downstream and by then, the security assumptions have calcified.
Makes you wonder:
Are we building faster… or just deferring the cost?
In many cases just deferring the cost!
Really appreciate how clearly you draw the line between shipping fast and understanding what you shipped, Julia.
Thanks, John!