The UK’s chief cyber expert has called on the international security community to grasp the opportunity to reduce our collective vulnerability to cyber attacks by developing safeguards around vibe coding – the use of artificial intelligence to generate software.
At a major cyber summit in the USA, Dr Richard Horne, the Chief Executive of the UK’s National Cyber Security Centre, highlighted how digital societies face a “fundamental issue with the quality of technology we use” due to exploitable vulnerabilities.
The NCSC CEO spoke of both the opportunity and challenges with AI-generated code.
Whilst insecure software produced without human review could potentially propagate vulnerabilities, he observed that well-trained AI tooling writing software which is more secure by design and throughout its lifecycle could transform cyber security outcomes for the better.
In a keynote address at the RSAC Conference in San Francisco, Richard Horne said:
The attractions of vibe coding are clear, and disrupting the status quo of manually produced software that is consistently vulnerable is a huge opportunity, but not without risk of its own.
“The AI tools we use to develop code must be designed and trained from the outset so that they do not introduce or propagate unintended vulnerabilities.
He said security professionals had “both the opportunity and responsibility” to ensure that a future where vibe coding and other AI code-generation tools are more widely adopted is “a net positive for security”.
Today (24/03), the NCSC – which is a part of the UK signals intelligence agency GCHQ – has published a new blog post arguing that code produced by AI currently poses intolerable risks for many organisations but that vibe coding shows “glimpses of a new paradigm”.
It predicts the business benefits of using AI to write code will drive up adoption, and so it is vital that security professionals start engaging with the risks now to embed core security principles that will make software less vulnerable to attack.
In his speech at RSAC, Dr Horne also spoke of how cyber risk is now of “greater consequence than ever before”, as we face more exposure, inherent vulnerability and threat activity carried out by “a web of actors who blur the categories, increasingly linking to and enabling each other”.
To combat this “multi-dimensional” threat, he said our collective approach to defending our societies must match that, likening cyber defence to a full court press in basketball, where “collective pressure from all actions together” can have greatest impact.
