AI/ML, Application security

AI coding tools must not propagate vulnerabilities, says NCSC head

Innovative ai showcase global tech summit 2025 digital innovations futuristic environment interactive viewpoint advancements in ai technology

UK National Cyber Security Centre CEO Richard Horne has called on security professionals at RSA Conference 2026 to harness the explosive growth of AI-assisted software development, known as vibe coding, as a chance to make software more secure, provided safeguards are built in from the start, reports Infosecurity Magazine.

Horne acknowledged that AI-generated code could propagate vulnerabilities if left unchecked, but argued that well-trained tooling writing secure-by-design software could transform cybersecurity outcomes.

"Disrupting the status quo of manually produced software that is consistently vulnerable is a huge opportunity, but not without risk of its own," he said.

In a parallel blog post, NCSC CTO David C laid out a series of "commandments" for securing vibe coding, including integrating secure-by-default practices into AI models, adopting a trust-but-verify approach with provable model provenance, using AI to audit all code, and enforcing deterministic guardrails on what code can do.

He argued that AI could help pay down technical debt by hardening legacy applications and that the new paradigm might even offer a path forward for organizations still wary of cloud migration.

An In-Depth Guide to AI

Get essential knowledge and practical strategies to use AI to better your security program.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds