Security Flaws, Phishing Attacks & Code Quality: Vibe Coding’s Dark Side: The Disclosure Episode 3

In this episode of Disclosure, Mackenzie Jackson takes listeners deep into the fast-evolving—and increasingly risky—world of AI-assisted coding. First, security researcher Wout Debaenst exposes a massive vulnerability in Base44’s AI coding platform that made private applications accessible to anyone with minimal effort, highlighting how “vibe coding” can create the next wave of supply chain attacks.Next, malware researcher Charlie Ericson returns to reveal a fresh PyPI phishing campaign eerily similar to last week’s npm compromise, underscoring the fragility of our open-source ecosystems.Finally, Mackenzie heads to the Cyber Sake Bar for a candid conversation with Khachatur Virabyan, co-founder of Trag, exploring how AI can change code quality. Along the way, they sip sake, swap war stories, and debate the future of software development in the age of AI.00:00 - Introduction1:19 - Base44 Breach & The Risks of AI Coding Platforms 09:24 - PyPI Phishing Campaign and Open Source Security Gaps 17:08 - AI-Assisted Code Quality with Trag 34:02 - Cybersecurity “Would You Rather” and Closing