use case

The state of vibe-coded security: we scanned 99 self-described AI-built repos

the short answer

We ran the securevibes heuristic rules engine (no AI pass) over 99 public GitHub repos that describe themselves as AI- or vibe-coded, collected june 10, 2026: 21.2% had at least one exposed-secret finding, 27.3% had at least one critical or high finding, 12.1% had at least one critical — and while the median repo scored 97 (an A), that median is inflated by tiny demo repos; the mean of 91.2 and a tail of 26 repos at B, C, or D tell the truer story.

Everyone has an opinion about whether vibe-coded apps are secure. We wanted a number instead, so on june 10, 2026 we collected 99 public GitHub repos that describe themselves as AI- or vibe-coded and ran every one through the securevibes rules engine — the same deterministic checks every scan starts with, with the Claude review switched off so the results are pure, repeatable pattern detection.

This page is the report: how often secrets actually ship, how the grades distribute, and which categories get hit. It also explains where the dataset flatters itself — a chunk of the corpus is tiny demo repos that trivially score well — and why the means, the grade spread, and the per-category hit rates are the honest way to read it.

21.2%of 99 vibe-coded repos had at least one exposed-secret finding — roughly 1 in 5 shipped a credentialSource: securevibes rules-engine study, 99 public self-described AI/vibe-coded GitHub repos, collected june 10, 2026
scan your repoabout securevibes

The headline numbers

21 of the 99 repos — 21.2% — had at least one secrets finding: a hardcoded credential, key, or password committed into public code. That's the most consequential number in the study, because a committed secret in a public repo isn't a code-smell, it's an open door. 27.3% of repos had at least one critical or high finding of any kind, and 12.1% had at least one critical.

The most common individual findings were dangerouslySetInnerHTML usage (33.3% of repos), a .gitignore that doesn't cover .env files (26.3%), no .gitignore at all (23.2%), curl-piped-to-shell installs (12.1%), hardcoded passwords (12.1%), and wildcard CORS (10.1%). None of these are exotic — they're exactly the mistakes the most direct working version of the code makes, which is what AI tools generate by default.

Why the median A is misleading — read the mean and the tail

The median repo scored 97, an A, and if we wanted a flattering headline we'd stop there. We don't, because the median is inflated: 22 of the 99 repos have 15 or fewer scannable files — workshop demos, single-page toys, docs-heavy "how to vibecode" repos — and a tiny repo trivially scores an A because there's almost nothing to flag. They genuinely are self-described vibe-coded output, so they were counted, but they drag the median up.

The honest read is the mean and the grade distribution: mean score 91.2, with 73 repos at A, 9 at B, 11 at C, and 6 at D. That's 26 repos — about one in four — with real findings, and the lowest score in the corpus was 52. For repos with substance, the picture is the per-category hit rates below, not the median.

Where the findings concentrate, and what we didn't measure

By category, 52.5% of repos had at least one data-exposure finding, 40.4% injection, 26.3% dependencies and supply chain, 21.2% secrets, 16.2% auth, and 7.1% transport. Findings per repo averaged 4.1 (median 2) — and because the engine caps reporting at 10 findings per rule and 300 per repo, the counts for the messiest repos are floors, not totals.

Two limits worth stating plainly. The study ran the heuristic rules engine only — the Claude review that's part of every real securevibes scan was off — so anything that needs code-reading judgment went uncounted, and scores would likely shift down with it on. And "vibe-coded" means self-described: we took repos at their word, not verified provenance. About this study: 99 public GitHub repos self-described as AI- or vibe-coded, data collected june 10, 2026, scanned by the securevibes rules engine — methodology in full on the how-we-benchmarked page.

Share of the 99 repos with at least one finding, by securevibes category (rules engine only, june 2026)

CategoryRepos with ≥1 findingMost common finding inside it
Data exposure52.5%.gitignore missing .env coverage (26.3% of repos)
Injection & unsafe code40.4%dangerouslySetInnerHTML (33.3% of repos)
Dependencies & supply chain26.3%curl | sh installs (12.1% of repos)
Secrets & credentials21.2%hardcoded passwords (12.1% of repos)
Auth & access control16.2%wildcard CORS (10.1% of repos)
Transport & TLS7.1%disabled verification / plain-http calls

frequently asked

Does this prove vibe-coded apps are insecure?
It proves something narrower and more useful: about one in five self-described vibe-coded repos ships a secrets finding, and about one in four has a critical or high finding — measured by deterministic rules, not opinion. Most repos scored well; the tail is real and predictable.
Why lead with 21.2% when the median grade is an A?
Because the median is inflated by tiny demo repos — 22 of the 99 have 15 or fewer files and trivially score A. A committed secret is binary and damaging regardless of repo size, so the hit rate is the honest headline. We show the full grade distribution either way.
Was AI used in the scoring?
No. The study ran the securevibes rules engine only — the Claude review in normal scans was deliberately off, so every number here is reproducible pattern detection. Real scans add an AI pass on top, which typically finds more, not less.
Can I see how my repo compares?
Yes — paste your public GitHub repo link into securevibes and you get the same six-category scan, scored 0–100 with a letter grade, in under a minute. The free tier covers about 5 scans a month.

Last updated June 11, 2026

more on securevibes

securevibessecurity scores for vibe-coded apps

ready to try securevibes?

scan your repo