[nachocoll]

The security angle is one of the most underappreciated risks in vibe coding. When developers don't understand the code that gets generated, they can't assess whether it's introducing vulnerabilities — hallucinated packages, insecure patterns, broken auth — and your finding that a "crazy amount" of AI-generated repos have severe structural flaws matches what a lot of teams are discovering in production.

This connects directly to a core principle from the Agile Vibe Coding Manifesto (https://agilevibecoding.org): "Automation must remain verifiable — their outputs remain understandable, reviewable, and verifiable by humans." The problem with pure vibe coding isn't just that AI makes mistakes; it's that the workflow removes the verification step entirely.

An automated security reviewer is a great practical response to this. Happy to test it on a project if you're still looking for early feedback.