#275 - How to Secure Vibe Code (with Shahar Man)

#275 - How to Secure Vibe Code (with Shahar Man)

From CISO Tradecraft® by G Mark Hardy & Ross Young

March 16, 2026 · 46 min · Episode 275

About this episode

The episode discusses the security implications of AI-driven vibe coding tools with expert Shahar Man.

In this CISO Tradecraft episode, host G Mark Hardy interviews Shahar Man of Backslash Security about the rapidly expanding attack surface created by AI-driven “vibe coding” tools like Claude Code, Cursor, and Copilot. Shahar explains how prompting is shifting software creation, affecting education and hiring, and pushing security “further left” to the prompt, agent, MCP, skills, and rules level. He discuss risks such as loss of source integrity, excessive permissions, prompt injection, data leaks, use of unauthorized tools or accounts, and the spread of coding beyond engineering to teams like marketing and finance. Shahar argues AppSec work will transform toward securing the “sausage factory” and describes Backslash’s approach: enterprise-wide visibility, component vetting, endpoint monitoring via a local proxy, guardrails and blocking, and forwarding alerts to SOC/SIEM, with deployments scaling to thousands of workstations. Looking to get more secure on Vibe Coding? Check out the Ultimate 2026 Vibe Coding Security Buyer's Guide…

People in this episode

Host: G Mark Hardy

Guest: Shahar Man

Topics covered

  • AI-driven coding tools
  • software security
  • prompt engineering
  • AppSec transformation
  • enterprise security
  • vibe coding

Keywords

  • vibe coding
  • AI security
  • software development
  • prompt injection
  • data leaks
  • enterprise visibility
  • AppSec

Mentioned in this episode

Organizations: Backslash Security, SOC/SIEM

Products: Claude Code, Cursor, Copilot

More episodes of CISO Tradecraft®

Explore listener stats, chart rankings, contacts and more on the CISO Tradecraft® podcast page.