Do you Trust your AI Agent?

Do you Trust your AI Agent?

Security used to be important back in the days. Remember before AI, around the time when dinosaurs roamed the earth? Back then security mattered. With citizen vibe coding full stack apps, and CEOs screaming for more and more AI agents, this simple fact seems to have been forgotten by most. Grandma is now happily sharing her password with ChatGPT, and her medical history with Claude - WITHOUT thinking about the consequence - While most dev heads add "security as an afterthought" when building AI agents.

SecITHub wrote an article about how analysts measure autonomy and trust in the cuber security landscape a couple of weeks ago, and there's a lot of important points to be taken from it. The point is to create concensus around a simple "metric", or process, that allows us to measure the "quality" of your AI agent, where trust and security are integral parts of the metrics used to create a final score. However, read the whole article if interested in the subject please.

The point is that the world at large is trying to create neutral metrics for measuring security, and if your "vibe coded app" scores 0 on such tests, I suspect your app might even be illegal to use in the future, unless you take security serious today.

I discovered SecITHub today through their how FinSecOps helps CISOs spend smarter article, which helps you calculate "the cost" of your security measures. However, as a software developer, I'd argue no cost is too large for security. At the end of the day, it's a question if you want to sleep at night or not! I've worked myself in companies having been exposed to malicious actors, and I can guarantee you that if you get some malicious hacker stuck in your DMZ then; "Kansas is going bye, bye!"

The Basics

Security is all about the basics.

  1. Did you hash your users passwords?
  2. Did you securely create your auth secret, without using predictable CSRNG generator seeds?
  3. Do you abort execution of control flow before any business logic execution takes place?
  4. Are you using encrypted communication channels and protocols such as TLS and PGP?
  5. Do you secure your endpoints requiring some sort of token to execute logic?

There's literally a million items on that checklist, and failing with securing your vibe app, allows the whole world to see your "dirty laundry". Most vibe coders don't even understand what I'm talking about here unfortunately.

There's a ton of information related to cyber security in the public domain. SecITHub has 1,000+ articles about cyber security and cyber attacks if you want to dive deep, and is a well known authority on the subject. If you're in the AI agent space, I suggest you spend a couple of days reading on their website before you start actually building AI agents. This is especially true if you're a noob vibe coder.

Vibe Coding Problems

Vibe coding is a fantastic thing. We've gone all in on vibe coding lately, and our users are happily generating landing pages, AI chatbots, agents, and complete full stack apps. However, these apps are very often created by people with zero knowledge about security, and no interest in learning.

If you're an aspiring vibe coder today, I would want to beg of you to please have somebody else look at your security before you launch. My children are on the internet, and might end up using your service. I so badly do not want my children to be harmed because of using your "Pony and Pink Barbie app that allows them to become famous in LaLa Land".

Don't understand the problem? Realise that 90% of users will reuse passwords. Implying if your "Barbie app passwords" are stored in clear text, hackers also have the password to my daughter's bank account! In case you missed the point, let me emphasise the conclusion for you ...

Hackers accessing my daughter's bank account, because of your "Pony and Barbie app", is NOT OK!

Wrapping up

Security is still important. Yes, I realise your "grandma can code", but can she do security. If you're just starting out with vibe coding, please for the love of God spend some time on reading about security concepts. The AI will gladly create security holes the size of Niagara for you unless you know how to guide it, and make it fix its problems.

I realise it's not as "fun" to read about security as it is to prompting your AI to generate full stack apps for you, but really, you do not have an app before you've taken security seriously. If you're interested in reading more about security, I suggest you spend some time over at SecITHub during the process. You might be surprised over how many holes you've actually got in your own codebase if you did.

Thomas Hansen

Thomas Hansen

I am the CEO and Founder of AINIRO.IO, Ltd. I am a software developer with more than 25 years of experience. I write about Machine Learning, AI, and how to help organizations adopt said technologies. You can follow me on LinkedIn if you want to read more of what I write.

This article was published 29. Oct 2025
Start an AI Agency Selling AI Chatbots

Start an AI Agency Selling AI Chatbots

It has never been easier to start an AI Agency. All required tools can either be bought inexpensive, or literally created using AI.

E-Commerce AI Chatbot with Images

E-Commerce AI Chatbot with Images

Surprisingly few AI chatbots can display images. In this article I will walk you through some of the science related to why this is important.

AI Agent Builder

AI Agent Builder

For a couple of weeks now we've been talking about our AI agent builder. Today we will update all our clients' cloudlets.

AINIRO.IO's Logo

AINIRO.IO Ltd is an independently owned company in Cyprus, 100% owned and operated by Thomas Hansen, and that's how it stays!

Verticals

Misc

Solutions

Case Studies

Legal

Contact Us

Copyright © 2023 - 2025 AINIRO.IO Ltd