Although still in the nascent stages, vibe hacking could become a serious concern going forward. Mint explains what makes vibe hacking so dangerous and difficult to detect.
What is vibe hacking?
Vibe hacking is the malicious twin of vibe coding, where hackers use AI to generate malicious code at scale. In vibe coding, users, with the help of simple language, can get an artificial intelligence coding agent to write lines of code from natural language prompts.
There are two kinds of vibe hacking. In the first, hackers use an existing vibe coding platform to write malicious code to attack existing code bases. Vibe coding platforms, unless given access, aren’t privy to the companies’ code base. When given, however, developers can use a vibe coding platform to recommend code for products they’d like to build.
“Instead of building, if someone gets access to your codebase, it can actually tell the platform exactly what to do to extract data or do something malicious, that is very risky,” said Saket Modi, co-founder and chief executive of Safe Security, a cyber risk management company.
The other kind is where a hacker doesn’t need to be an expert in breaching systems; instead, they use natural language to get a vibe of a coding platform to write malicious code.
It’s what happened in the case of a cybercriminal using Anthropic’s Claude Code agent. In August, the US-based AI startup flagged that a hacker had used Claude Code to automate reconnaissance, harvest user credentials, and penetrate networks. Before Anthropic detected the misuse of its coding agent, the hacker had targeted 17 different organisations across healthcare, the emergency services, and government and religious institutions.
Claude Code was used not only to target these companies but also to make strategic decisions on what data to harvest as well as how to craft psychologically targeted extortion demands, according to Anthropic’s Threat Intelligence report.
What makes vibe hacking dangerous?
“Because generative AI lowers the barrier to writing and refining code, criminals with little technical skill can orchestrate sophisticated attacks,” according to Aaron Rose, office of the chief technology officer at Check Point Software. That also means the frequency of cyberattacks increases due to the low barrier to entry in creating them.
What’s more, vibe hacking attacks are capable of circumventing traditional cyber defence systems. They don’t necessarily need to break into networks or exploit software vulnerabilities either.
“Attackers can manipulate the ‘intent’ layer of AI systems, tricking models into exfiltrating sensitive data or performing harmful actions through carefully crafted language alone,” said Operant AI co-founder and CEO Vrajesh Bhavsar. Operant AI is a cybersecurity company focused on securing AI systems.
What makes it particularly difficult to detect vibe hacking?
Vibe hacking can often be mistaken for conventional breaches. Vibe hacked attack payloads use programming languages like PowerShell and Python and are able to avoid traps left by a company’s cyber security team. Additionally, because of the changing code, there are no static malware samples for experts to analyse and work against either.
Vibe hacks can look like innocuous files or content, which contain hidden prompts to attack a system. This can range from context poisoning, where shared memory between AI agents is contaminated to slipping in malicious logic into open-source code.
“Another common pattern is privilege escalation, where an over-permissioned agent ends up misusing credentials,” said Bhavsar. “Zero-click attacks are particularly concerning because they don’t require any human action, just opening a file or connecting to a poisoned tool is enough.”
Which industries are likely to be affected by vibe hacks?
Hackers tend to target organisations that possess a significant amount of sensitive information or are considered critical infrastructure. Therefore, industries such as banking, financial services and insurance (BFSI), healthcare, government, and even media are targets for vibe hackers.
“Healthcare institutions hold vast amounts of sensitive patient data, credentials, and billing information, making them key targets for hackers who can monetize this critical data on the dark web,” said Ajay Biyani, vice president of APJ, India, Middle East & Africa at US-based cybersecurity company Securonix. “The manufacturing sector, which is transforming with Industry 4.0, comes with rising cyber risks due to loT device integration and growing automation, exposing manufacturers to vibe hacking.”
Hackers also target critical infrastructure, such as energy and utilities, which can have significant national security implications. Even retail and e-commerce aren’t safe on account of companies in the sector handling large volumes of customer data and online transactions.
Sosafe, a cybersecurity awareness training and human risk management provider, released a report earlier this year that showed 87% of security professionals at companies encountered an AI-driven cyberattack in the last year. The survey covered 500 global security professionals as well as 100 SoSafe customers across 10 countries.
How should companies combat vibe hacking?
With AI attacks becoming more sophisticated and enterprises adopting AI into their ecosystems, cybersecurity experts suggest limiting AI tool privileges and access to data.
As AI threats grow, cybersecurity experts recommend restricting AI tool privileges and data access.
“Because each Al-generated script is unique, defenders must look for unusual patterns such as unexpected outbound connections to Al providers, scripts invoked by unusual processes, or data exfiltration disguised as routine traffic,” said Rose.
The other way to fight vibe hacking attempts is by taking on a multi-layered approach, which includes AI-powered security tools as well as training employees to recognise AI-generated threats. “For platforms, especially those running SPAs, regular code reviews and automated vulnerability scanning are critical,” said Apeksha Kaushik, principal analyst at Gartner, a research and advisory firm.
Cybersecurity company, Darktrace, backed by global investment firm KKR found that 78% of companies’ chief information security officer believe AI is having an impact on cyber threats. Additionally, nine in ten survey participants agree that AI-powered threats will continue to have a significant impact on their organization for the next one to two years.
What are the security tools to fight this menace?
When dealing with third-party vendors, asking about their AI use and software bill of materials can also be valuable. Operant AI, for instance, maps every agent identity, tool, access flow, and data touchpoint within a company’s environment.
“We monitor agents continuously, not just for network activity but for semantic and behavioural anomalies,” said Bhavsar. As attack sophistication and frequency increase, cybersecurity experts argue that the only way forward is to develop and maintain AI-enabled solutions. “You fight fire with fire. On the defence side, everything has to be AI-enabled,” said Safe Security’s Modi.
