ForbesGoogle Confirms New Hacker Protection For 3 Billion Android UsersBy Davey WinderFrom Vibe Coding To Vibe Hacking — The Reality Of AI In Cyberattacks

Vibe coding isn't exactly what many people believe it to be. I've come across several individuals, some of whom should know better, describing it as a way for AI to create code from scratch and build an entire application without any input from the person managing the process. Obviously, this is a distorted idea mixed with some truth. Vibe coding simplifies the work of developers by assigning parts of the programming to AI based on desired results, but it doesn’t eliminate the need for guidance or expertise. Still, LLMs and vibe coding are advancing rapidly and producing surprisingly effective code. But what if hackers started using similar methods—vibe hacking, so to speak—to carry out cyberattacks? Could they use LLMs to identify and exploit weaknesses effectively and maliciously?

Michele Campobasso, a senior security researcher at Forescout, says there's “no concrete evidence of real threat actors” doing this yet. He explains that most reports associate LLM usage with language-focused tasks like phishing, influence campaigns, explaining vulnerabilities, or creating standard malware components. Based on Campobasso’s recent analysis, vibe hacking still has a long way to go before catching up to vibe coding.

ForbesNew Bluetooth Headphones Spy Hack Warning — Are Yours On The List?By Davey Winder"During February through April 2025," Campobasso stated, "we evaluated more than 50 AI models across four test scenarios derived from industry-standard datasets and cybersecurity exercises." The findings were quite revealing:

• Open-source LLMs struggled across all tasks, proving “unsuitable even for basic vulnerability research.”
• Underground, criminal LLMs did slightly better but faced “usability problems such as limited access, unstable performance, poor formatting, and short context limits.”
• Commercial models naturally performed the best, though only three out of 18 managed to develop a working exploit for the hardest test case.
• Overall, LLMs found exploit creation far more difficult than identifying vulnerabilities, with none completing all assigned tasks.

Campobasso noted, “Attackers can't depend on one tool to handle the entire exploitation process.” Results were inconsistent and failure rates high. “Even when models succeeded in developing exploits,” he added, “they required significant user assistance.”

In summary, Campobasso emphasized that we're “still far from having LLMs capable of independently generating fully functional exploits.” Additionally, the misleading confidence expressed by these models when wrong could easily mislead novice attackers who rely heavily on them.

The era of vibe hacking is on the horizon, though not progressing as quickly as vibe coding might suggest, and defenders should begin preparing now. Fortunately, this doesn’t have to be complicated, according to Campobasso. “Cybersecurity fundamentals remain the same: An AI-generated exploit is still an exploit, which means it can be detected, blocked, or neutralized through patching.”

ForbesUse These Secret Gmail Addresses To Prevent Hack Attacks — Here’s HowBy Davey Winder

The above is the detailed content of From Vibe Coding To Vibe Hacking — AI In A Hoodie. For more information, please follow other related articles on the PHP Chinese website!