VIBE CODING SECURITY WEEKLY — APR 24-28, 2026

Five stories shaped vibe-coding security between April 24 and April 28, 2026: Wiz’s Red Agent + AI-BOM launch at Google Cloud Next, the SecureVibeBench paper that pegs AI secure-coding success at 23.8%, Red Gate’s catalog of 5 failure patterns when AI generates database code, The New Stack’s profile of CEOs who now build their own internal tools by vibe coding, and Forrester’s analyst note tying the Vercel/Context.ai breach into a broader SaaS trust collapse. Here is the week, with sources.

TL;DR — The week in one paragraph

• Wiz, Apr 22-24: At Google Cloud Next, Wiz launched Red Agent (offensive AI security testing), shipped AI-BOM that auto-inventories LangChain, Gemini Code Assist, Copilot, and Cursor across an org, and announced inline scanning of Lovable AI-generated code (May). Pre-built remediation Skills now run natively inside Claude Code and Cursor. Wiz Research data point: 20% of real-world apps built with AI coding tools contain significant security issues.
• SecureVibeBench, Apr 27: A new academic benchmark of 105 C/C++ tasks pulled from 41 OSS-Fuzz projects measures whether AI agents can write code that is both correct and secure. Best performer (across OpenHands, Claude Sonnet 4.5, and three others) hit 23.8%. Open-source.
• Red Gate, Apr 27: Chisom Kanu published a long-form analysis of 5 critical failure patterns in AI-generated database code, citing the Replit production-DB deletion, WSJ’s reporting on enterprise vibe-coding adoption, and Lovable’s own self-reported 10% security-issue rate.
• The New Stack, Apr 27: Codenotary CEO Moshe Bar’s vibe-coded BBS at moshix.tech:3270 has 500 users, runs in 23MB of memory, and has had no security incidents in over a year. He’s mandated LLM-only development at his company. OutSystems CEO Woodson Martin built the same app twice in parallel — once with their own Mentor, once with Claude — to A/B his own platform.
• Forrester, Apr 27: Analyst note “Game Over For Trust” frames the Vercel/Context.ai breach as the predictable end of SaaS perimeter thinking and explicitly calls out vibe-coding deployment platforms for breaking the shared-responsibility model — citing Vercel’s design choice to make “sensitive” env-var marking the customer’s job.

What did Wiz launch at Google Cloud Next?

On April 22, 2026, Wiz announced a stack of AI-defense features at Google Cloud Next, with the news coverage following on April 24 in Cyber Technology Insights.

The release ships in three parts:

• Red Agent — offensive AI security testing, completing the color trio alongside Blue Agent (GA) and Green Agent (public preview). Red Agent is positioned as the autonomous attacker side of the AI-defense stack.
• AI-BOM — a dynamic AI Bill of Materials that auto-inventories AI frameworks (LangChain), models, and IDE extensions including Gemini Code Assist, GitHub Copilot, and Cursor. Aimed at “shadow AI” visibility.
• Inline AI-code scanning — Wiz will scan AI-generated code in Lovable (available May 2026) before commit, with security guardrails that can block pushes that violate organizational policy. Pre-built remediation Skills now run natively inside Claude Code and Cursor, fed by the Wiz Security Graph.

The number Wiz Research is building this around: 20% of real-world applications built with AI coding tools contain significant security issues, including broken access controls and exposed data endpoints.

This is the defender-side counter to the Lovable security incidents we’ve been tracking — Wiz is betting that the policy-and-scan layer can be inserted directly into the AI-IDE workflow, before code reaches a repo at all. Whether that holds when the developer is a non-engineering CEO (see The New Stack story below) is the open question.

What is SecureVibeBench, and what did it find?

SecureVibeBench, covered on April 27, 2026 by RichlyAI, is a new benchmark for evaluating whether AI agents can produce code that is both functional and secure. The construction:

• 105 C/C++ coding tasks drawn from 41 projects in the OSS-Fuzz ecosystem
• Each task reconstructs a vulnerability-introducing scenario — the agent has to solve the task without re-introducing the historical CVE pattern
• Evaluation combines functionality testing with security checking using both static and dynamic oracles (i.e., it’s not just unit tests; the harness fuzzes the output)

Initial results across five popular code agents — including OpenHands and Claude Sonnet 4.5 — show the best performer producing 23.8% correct-and-secure solutions. The other 76.2% either fail functionality, reintroduce a vulnerability, or both.

The benchmark is open source. The most useful framing is that “vibe coding works” headlines have largely been measured on functionality alone — SecureVibeBench is the first widely-cited number that splits the joint metric. If your trust model assumes the AI gets it functionally right and secure, you are betting on a 1-in-4 outcome with the strongest publicly available agents.

Read alongside Your CLAUDE.md Is Attack Surface — Snyk’s parallel finding was that 13.4% of 3,984 agent skills had critical issues. Different layer, same shape: the AI is shipping vulnerable artifacts at scale, and humans are still the only audit.

Why does Red Gate think vibe coding fails at the database layer?

On April 27, 2026, Chisom Kanu published Vibe coding and databases: the hidden risks of AI-generated database code on Red Gate’s Simple Talk. The thesis: vibe-coded frontends and APIs degrade gracefully; vibe-coded databases corrupt the asset that everything else depends on.

Five failure patterns Kanu documents:

• Broken query logic that passes tests because the test data didn’t include the cases the query mishandles
• Missing or incorrect transaction boundaries — partial writes that look successful at the API layer
• Implicit assumptions about indexing, locking, and isolation levels that the LLM never surfaces
• Schema drift between dev/prod when the AI iterates against a different copy than the production DDL
• No rollback strategy — AI agents that “fix” forward, deepening the original error

Cited incidents include the Replit production database deletion that hit SaaStr’s Jason Lemkin (the most widely reported 2025 case), the Wall Street Journal’s reporting on enterprise vibe-coding adoption, and Lovable’s own self-reported ~10% of apps with security issues exposing personal data.

The piece’s most useful contribution is naming what’s different about the database layer: state. The frontend can be regenerated. A botched migration cannot.

Who is vibe-coding their own software at the C-suite level?

The New Stack published an extended profile on April 27, 2026 of executives who have started shipping their own software with AI tools. The throughline: people who used to file tickets are now building.

The lead example is Moshe Bar, CEO of Codenotary:

• Vibe-coded a BBS that lives at moshix.tech:3270, with 500 users, thousands of active discussions, and no downtime in over a year
• Runs in 23 MB of memory
• Open-sourced it; others have stood up their own instances
• Bar runs security audits through Claude every eight weeks
• He estimates the conventional build cost would have been 3-4 senior developers at $400k–$500k each
• Three to four months ago, Bar declared all development at Codenotary would be LLM-only going forward; his framing: “cloud computing compressed time-to-market from three years to one; LLMs compressed it again to three months”
• His own self-assessment: “No, I don’t [feel like a programmer], because when I look at the code, some of the things it does, I have no idea, no idea.”

Other examples in the piece:

• Woodson Martin, CEO of OutSystems: built a personal mobile app wrapper on top of his team’s MCP services twice in parallel — once with OutSystems’ Mentor, once with Claude — connecting to the same backend, to A/B his own product
• Wade Foster, CEO of Zapier: also building agents at executive level

The throughline for our beat: the population of people deploying vibe-coded apps now includes people who cannot read the resulting code. SecureVibeBench’s 23.8% number lands on this exact population.

What’s Forrester’s take on the SaaS-trust crisis?

On April 27, 2026, Forrester analysts published Game Over For Trust: A Roblox Cheat Gives Attackers The Advantage, framing the Vercel / Context.ai compromise as a structural failure of perimeter thinking.

Five recommendations from the note, with our shorthand:

1. SaaS proliferation = over-extended trust. “Organizations no longer operate a bounded infrastructure, they operate an ecosystem of delegated trust.” Every SaaS connection is a supply-chain risk.
2. Shadow IT meets Shadow AI. Employees clicking “allow all access” on AI tools is now a security decision being made by people who don’t think they’re making one.
3. Vibe coding and deployment platforms break the shared-responsibility model. Forrester explicitly names Vercel’s design — making customers manually mark env vars as “sensitive” — as the failure mode that put API keys and DB credentials in reach during the Context.ai breach.
4. Deny-by-default endpoints. EDR/XDR can stop a wide range of threats, but those systems don’t have to get involved if the user can’t run downloaded files in the first place.
5. Full software inventory + SBOM. Open source, third-party tools, deployment tools — all of it.

The piece is the analyst-side read of what we covered in Vercel Breach via Context.ai and connects directly to last week’s Aikido Endpoint launch — same trust collapse, opposite ends of the response.

Bottom line

Five stories, one shape: this was the week the measurement and policy layer caught up to the deployment layer.

• Wiz shipped the inline-IDE policy hooks that the post-Lovable, post-Vercel world needs.
• SecureVibeBench published the number — 23.8% — that was previously hand-waved.
• Red Gate documented why the database is where state goes to die when an AI is the only one in the loop.
• The New Stack profiled the people now shipping software despite admitting they cannot read it.
• Forrester wrote the analyst note that names the structural failure: shared-responsibility models built for human-only workflows do not survive AI-OAuth-app supply chains.

The thing none of these stories touch: the deployed app your AI shipped last Friday. SecureVibeBench measures the agent. Wiz scans the IDE. Red Gate audits the schema. Forrester models the SaaS graph. The runtime is still where users actually get hurt.

Related reading

• Vibe Coding Security Weekly — Apr 23, 2026 — last week’s digest (Lovable 48-day leak, MCP RCE, Gitar, Aikido Endpoint, Vercel)
• Vercel Breach via Context.ai — the breach Forrester is responding to
• Lovable Security Report Feb 2026 — context for the 10% issue rate Red Gate cites
• Your CLAUDE.md Is Attack Surface — Snyk’s 13.4% number, parallel framing to SecureVibeBench’s 23.8%
• DeepKeep Launches Vibe AI Red Teaming — defender-side launch in the same category as Wiz Red Agent

Sources

• Wiz — Wiz at Google Cloud Next: Machine-Speed AI Defense — Apr 22, 2026
• Cyber Technology Insights — Wiz introduces Red Agent to boost AI security — Apr 24, 2026
• Red Gate Simple Talk — Vibe coding and databases: the hidden risks of AI-generated database code — Apr 27, 2026
• The New Stack — “I was tired of explaining it to somebody who was supposed to build it for me”: Meet the executives who vibe code — Apr 27, 2026
• RichlyAI — SecureVibeBench: Benchmarking AI Secure Coding in C/C++ — Apr 27, 2026
• Forrester — Game Over For Trust: A Roblox Cheat Gives Attackers The Advantage — Apr 27, 2026

This digest is compiled from public reporting. VibeEval is not affiliated with Wiz, Red Gate, OutSystems, Codenotary, Forrester, or the SecureVibeBench authors. Questions? Contact our team.