45%
of AI-generated code contains at least one security flaw.
Veracode, analysis of 4M+ scans across 100+ LLMs (2025).
Security for code your AI wrote.
Cursor, Claude Code, Copilot and autonomous agents are writing 46% of new code. And 45% of it ships with vulnerabilities. Plexicus Vibe Coding Security catches them in the IDE — before they become CVEs.
Free for up to 3 developers. No credit card. Works in Cursor, Claude Code, VS Code, Windsurf.
Pioneering teams are already inside
Why now
The threat you don't have a tool for — yet.
Every number on this page is cited. We're in a new category, so the math matters.
~20%
of AI-suggested imports reference packages that don't exist. Attackers are already registering them.
Slopsquatting research, 2025–2026.
46%
of new code shipped in Copilot-enabled repos is AI-authored.
GitHub Copilot usage telemetry, 2025.
35
AI-attributable CVEs disclosed in a single month — up from 6 two months earlier.
Georgia Tech Vibe Security Radar, March 2026.
Capabilities
Five capabilities. One install.
Real screenshots, real state labels. No capability claims more than it ships today.
Stop vulnerabilities at the moment of generation.
Your SAST runs on commit. Your SCA runs on PR. By then the insecure code is already written, reviewed by a tired human, and merged. Vibe coding moves faster than either.
-
Installs as an extension in Cursor, Claude Code, VS Code, Windsurf, and Zed. -
Intercepts suggestions in real time — blocks hardcoded secrets, RLS-off patterns, CORS wildcards, the top 15 CWEs. -
Rewrites the suggestion or the prompt. Runs on-device, so your code never leaves the laptop.
A commit that would have shipped a Stripe key now ships a reference to the secret manager — no developer action required.
The only layer that treats MCP servers as supply chain.
Every IDE you use now connects to MCP servers with near-root access to your repos, tickets, and chat. MCP marketplaces have already been poisoned. Most teams cannot list the MCPs their developers have installed.
-
Continuous inventory of every MCP server per developer, per repo, per org. -
Scans tool descriptions for injection and 'rug pull' patterns. Flags MCPs that change behaviour after approval. -
Sandboxes MCP execution, rate-limits calls, and patches automatically when CVEs like 2026-30615 land.
In a week-long audit, teams typically discover 3–5× more MCPs installed than their security org knew existed.
Catch packages that don't exist — before attackers register them.
Models confidently import packages that have never been published. Attackers monitor the trend and register those names within hours. The next time your assistant suggests one, it's malicious.
-
Validates every npm, PyPI, Cargo, and Go import against the real registry in real time. -
Flags packages published in the last 30 days whose names resemble popular libraries (typosquatting + slopsquatting). -
Detects when an imported function doesn't match the real library's API — a signature of hallucinated code.
Plexicus maintains a proprietary database of the package names models most frequently hallucinate. It gets smarter every week.
The flaws SAST can't see — the ones that actually leak data.
The biggest vibe-coding incidents of the last 12 months weren't SQL injection. They were authorization: Row-Level Security disabled, BOLA (Broken Object Level Authorization), endpoints that forget to check the current user. SAST misses all of it.
-
Reachability analysis against Supabase, Postgres RLS, and Firebase rules — maps which policies are actually enforced. -
Directed fuzzing for BOLA / IDOR via the Plexicus pentest agent (Strix). -
Flow simulation: can user A reach user B's data? If yes, you get a PoC, not just an alert.
On a typical Supabase-backed AI-generated app, Plexicus surfaces authz flaws on day one that SAST tools never flag.
Sign every line of code with its origin.
The EU AI Act, the Cyber Resilience Act, DORA, NIS2 — all converging on the same question: which line of your shipped code was written by which model, with which prompt, on which date? Nobody can answer this today.
-
Every code block is tagged at generation time: human vs AI, model name, prompt hash, timestamp. -
Exports an AIBOM in SPDX / CycloneDX extended format — audit-ready. -
CISO dashboard: what % of production code is AI-generated, by which models, with which risk profile per model.
Export a single PDF for your next DORA, NIS2, or AI Act audit. The auditor stops asking questions.
Platform
It's not just a Cursor plugin. It's an AppSec platform.
Vibe Coding Security runs on top of the full Plexicus ASPM platform. One contract covers code, dependencies, secrets, infrastructure, APIs, and agent-driven pentest — the last unified by our Codex Remedium remediation agent that opens the PR for you.
SAST SCA Secrets IaC DAST Strix pentest agent
ASPM
Application Security Posture Management across all your code.
Learn moreCSPM
Cloud Security Posture Management for every runtime.
Learn moreContainer Security
Image, registry, and runtime security for the container stack.
Learn moreAlready a Plexicus customer? Vibe Coding Security is available as a module — no re-onboarding, no second dashboard.
Integrations
Works where your developers already work.
One install, every IDE and repo your team already uses. No migration required.
IDEs & Coding Assistants
Cursor 
Claude Code 
Copilot 
Codex 
Kiro 
Lovable 
v0 
Antigravity Repos & CI
Proof
The research, the tracker, the team.
Research report
State of Vibe Coding Security — 2026
We analysed thousands of AI-generated commits across open-source projects. 45% ship with at least one flaw. Here's the full breakdown — by model, by language, by CWE.
Download the reportLive tracker
MCP threats caught this month
Live counter, updated weekly: new MCP CVEs disclosed, marketplaces where we detected poisoning, rug-pull incidents Plexicus customers avoided.
See the trackerCustomer quote
The AI agent's ability to automatically generate fixes for vulnerabilities has transformed our workflow.
David Wilson
Head of Security, HuMaIND
FAQ
Frequently Asked Questions
What is Vibe Coding Security?
Vibe Coding Security is an AppSec category built for code generated by AI coding tools like Cursor, Claude Code, Copilot, and autonomous agents. It combines IDE guardrails, MCP security scanning, hallucinated-package detection, authz analysis, and AI code provenance (AIBOM).
How does it differ from traditional SAST?
Traditional SAST runs on commit or PR — after insecure code has already been written and reviewed. Plexicus intercepts at the IDE, in the prompt/suggestion loop, so bad patterns never land in the repo.
Which IDEs and coding assistants are supported?
Cursor, Claude Code, VS Code, Windsurf, and Zed are supported today. JetBrains is coming. All run with the Plexicus extension and work offline — your code never leaves the laptop.
What is an AIBOM?
An AI Bill of Materials: a signed manifest of which lines of code were written by which model, with which prompt, at which time. It answers the compliance question DORA, NIS2, and the EU AI Act keep asking.
Do I have to replace my existing AppSec tools?
No. Vibe Coding Security is a module on top of the full Plexicus ASPM platform. Use it alongside your existing SAST/SCA, or replace them with Plexicus engines — your call.
Is it free to start?
Yes. Free for up to 3 developers, no credit card required. Upgrade to Team when you need the full five capabilities.
How does slopsquatting detection work?
Every import your AI assistant suggests is checked against the real package registry in real time. If the package doesn't exist, was published in the last 30 days with a suspicious name, or its API doesn't match the imported function, Plexicus blocks it and offers a fix.
VIBE CODING SECURITY
Don't ship the vulnerabilities your AI wrote.
Plexicus catches them in the IDE, in the PR, and in production. Your developers won't slow down. Your CISO will sleep again.
Free for up to 3 developers. SOC 2 Type II. Backed by Google for Startups.