Britain's cyber agency warns AI-written code could create security disasters if left unchecked

Published: 22 June 2026
Last updated: 1 hour ago
uk shield ai
Shield with UK flag getting hit with AI bullet. Image by Cybernews.

Britain’s National Cyber Security Centre (NCSC) warns the shift from manual coding to AI-generated software could bring serious hidden risks if teams trust AI output without proper scrutiny. The agency says AI-generated code can introduce security flaws and create messy, hard-to-audit systems unless developers stay firmly in control.

Key takeaways:
  • The UK's National Cyber Security Centre says developers should not blindly trust code generated by AI tools.
  • AI-generated code can contain vulnerabilities and create software that is difficult to understand or maintain.
  • The agency says vibe coding is acceptable for low-risk projects, but critical systems require thorough review.
  • Developers should test, audit and understand AI-generated code before using it in production environments.

According to the National Cyber Security Centre (NCSC), vibecoding could have disastrous effects on cybersecurity.

ADVERTISEMENT

Having an AI agent write the code of a software application with minimal oversight could introduce real-world risks, especially when there’s a security gap in AI-generated code.

Another issue is that the code base of an application could become complicated and confusing to understand, leading to further security issues down the road.

Does this mean we should avoid vibecoding when creating software? Absolutely not: vibecoding isn’t always bad, the British cybersecurity agency emphasizes. It all depends on what a developer is trying to create.

jurgita justinasv Izabelė Pukėnaitė vilius Ernestas Naprys Gintaras Radauskas
Don't miss our latest stories on Google News. Add us as your Preferred Source on Google
Follow us

When developing a proof-of-concept application to demonstrate to stakeholders, the risk profile is low. When building authentication software that handles credentials or secret tokens, or developing an application that processes sensitive data, the stakes are much higher.

The risk isn’t in using AI. The risk is failing to apply the right safeguards when the stakes are high. It’s about recognizing that different code deserves different levels of care and oversight,” the NCSC explains.

Using AI to build software applications is fine, even when you’re designing a cybersecurity system or application that processes the personal information of clients. However, developers should always review the code the AI agent produces, understand it, manually check it for vulnerabilities, and verify anything they don’t understand or expect.

AI models are evolving and improving at a fast pace, and we all should be aware of their potential, the NCSC says.

ADVERTISEMENT

“It's possible that we’ll trust vibe coding more over time as models become more reliable and their outputs become more trustworthy. But we’re not there yet. Calibrate your approach based on today’s reality, not tomorrow’s potential,” the agency concludes.

Unlock more exclusive Cybernews content on YouTube.

Share
Post
Share
Share
Share
More from Cybernews
Cruel cyber training in Canada: testing if exhausted employees would fall for a 'day off' scam
Nadella scoffs at AI giants as Microsoft may host China’s DeepSeek
Cloudflare gives AI agents temporary accounts to deploy websites without human logins
Developers giving attackers a free ride after hundreds of iPhone AI apps found exposing credentials
This tiny European country is pioneering digital ID for AI agents
Canadian lender TD tells some employees it will use software to monitor their work
ADVERTISEMENT