The BBC recently looked into a popular vibe coding site ‘Orchids’, a platform for inexperienced programmers to produce lines of code that they are able to sell as proficient and experienced software development experience. While some users aim to sell their work, there are also site visitors who seek help building apps and games by typing in a text prompt to a chatbot.
Orchids and other such platforms have surged in popularity over the last few months, seen as a quick, cheap and easy way to develop applications. However, experts warn that these sites are easily hackable, with the BBC setting up an experiment to demonstrate this.
Cyber-security researcher Etizaz Mohsin was able to exploit a cyber-security weakness in the platform and gain access to code written by the AI assistant for a BBC journalist, adding a small line that allowed him to gain access to the laptop used for the experiment.
The laptop wallpaper was changed and a notepad file titled “Joe is hacked” appeared on the desktop, carried out without any involvement from the victim.
This weakness has huge implications for the safety and security of both personal and company information on devices using these platforms. A virus could easily be installed, data stolen or a victim to hacking could be spied on through their camera, microphone or internet usage.
These sites use AI assistants that are known as Agents and have been in the news a lot over the past few months due to new breakthroughs, advice using them and the security implications that come with downloading free software.
AI Agents, while helpful and increasing in popularity, carry risks. Many people download and use bots that run tasks on their devices with little human input and have access to everything on there.
Experts warn that users should be careful and mindful of the software they are downloading onto their devices, suggesting that these tools run on separate, dedicated machines with disposable accounts. While the use of these AI assistants and vibe-coding platforms seem to carry many benefits, users should always be wary of the risks.
Vibe coders are something we looked at recently on our blog. Find out more about the hidden dangers and why you should never jeopardise the security and reputability of your business by hiring them.
