The first time I have heard about the vibecoding I could not believe that peeps without the technical background dare to release web apps and other type of software within the week of using such stuff like cursor, claude code and later lovable, bolt.new and etc. I saw some of the projects like that and despite them being somewhat functional - I could feel that security was not the strongest side of these pieces of software. As it turned out I was not hallucinating about the existance of the said security problem - lots of papers were published in this regard. For example, just last quarter 2 prominent papers outlining the problem with stastical approach highlight the severity of security problem within vibecoded apps:

1) https://arxiv.org/abs/2512.03262v1 2) https://arxiv.org/abs/2510.26103

The new itteration of the approach of software development marked a signficant moment of singularity - instead of developers having a deterministic intent mediation process, the developers/vibecoders deploy probabalistic intent mediation when developing applications as outlined in the yet another paper (https://arxiv.org/abs/2507.21928). Probability that the users prompt would correctly enforce the security rules without explicitly knowing security practices is very low and even essentially non existant.

So I have built a tool called Vibeshield that works in following way:

1) developer/vibecoder installs mcp server:

{ "mcpServers": { "vibeshield": { "command": "npx", "args": [ "-y", "vibeshield-mcp@canary" ], "env": { "VIBESHIELD_TOKEN": "vs_live_981bba726786602d91e75be8e9f9a7b7_kSZs-6DPQVtRlSU9qhemEM6HKplvKY59BtUcv0fRbNU" } } } }

2) developer/vibecoder prompts his ai coding agent to create something with the help of vibeshield. For example, he writes: "use vibeshield mcp server. Create/Improve authentification system"

3) user's agent notices that it needs to use analyze_prompt tool which outputs additional security requirements according to the users intent and stack and tells llm how to utilize these requirements.

4) Security requirements are enforced due to the attention that rewritten by mcp server tool prompt is attracting from the perspective llm.

5) As implementation completed - developer/vibecoder would have not only code artifacts but vibeshield docs generated.

So if you guys want you can use my token on Ultra plan (see mcp config above) of vibeshield and tell me how it works for you. Note that there are not that many intents - I need to implement more of them with relevant security packs. If you guys are interested in it - you can add me on discord. my username is chockslam. Or you can email me at hello@vibeshield.tech

I'm planning to build a directory site – should I go with Next.js or Astro?

Dialhome-study/browser-network-insights: Browser networking analysis framework

Nvidia, Microsoft, Amazon in talks to invest up to $60B in OpenAI

OpenClaw: The AI that actually does things (clawd/molt)

Way AI assistance impacts the formation of coding skills

A Project

'Empire of Madness' calls for 'the end of psychiatry'

Typechecking is undecidable when 'type' is a type (1989) [pdf]

Signify: Securing OpenBSD from Us to You (2015)

Go is faster than Swift

Microsoft is working to rebuild trust in Windows

Top engineers at Anthropic, OpenAI say AI now writes 100% of their code

Hedge funds' correlation with stocks sparks fears over lack of crash protection

Week 3: EE 292P Transistor Physics with Mark Lundstrom (Purdue)

Nerd Fonts

Agent-Session-Commit

Spotify's Crackdown on Anna's Archive Domains Hits a Jurisdiction Snag

Template Parameter Deduction: Eliminating Hidden Copies in Generic Code

OpenClaw – Moltbot Renamed Again

Show HN: A small reference demo for separating UI stalls from network delays

Show HN: JSON dataset of 1,100 trending AI image prompts from X

Fact-checking: Tasks that are hard for humans are easy for AI and vice versa?

Show HN: Apple Activity Rings, but for Anything

When deep reinforcement learning meet trading

Show HN: redb-turbo: redb with page-level compression and encryption

Show HN: ÆTHRA – Writing Music as Code

Show HN: I made a dev tool that helps vibecoders to AVOID security issues

Can AI companies become profitable?

Do markets make us moral?

Heritability of intrinsic human life span is about 50% when confounding factors

Ask HN: Are you running production workloads in Pytorch eager mode?