Dev.to VibeCoding
ยท
Mar 25, 2026 11:24 PM
The UK Government Just Warned About Vibe Coding Security at RSA. Two Days Later, a Supply Chain Attack Proved Why.
Two things happened this week that every vibe coder needs to know about.
On March 24, the head of the UK's National Cyber Security Centre stood on stage at RSA Conference and told the global security community that vibe coding is creating "intolerable risks." The same day, attackers backdoored LiteLLM, a Python package with 95 million monthly PyPI downloads, through a poisoned security scanner in its CI/CD pipeline.
One is a warning. The other is proof.
What the NCSC Actually Said
Read at Dev.to VibeCoding
On March 24, the head of the UK's National Cyber Security Centre stood on stage at RSA Conference and told the global security community that vibe coding is creating "intolerable risks." The same day, attackers backdoored LiteLLM, a Python package with 95 million monthly PyPI downloads, through a poisoned security scanner in its CI/CD pipeline.
One is a warning. The other is proof.
What the NCSC Actually Said