Security For AI: A Guide To Managing The Risks Of Vibe Coding And AI In Software Development
Tenable, March 25,2026
Get a template for an AI coding acceptable use policy with security controls and a list of 25 security questions to ask software developers and 'citizen developers' about their AI use. Mitigate the security risks of vibe coding and using AI in software development with Tenable One.
Key takeaways:
The vast majority of your developers are embracing agentic AI, machine learning, and large-language models (LLMs) for code completion and generation, automated testing, code reviews and analysis, and automated documentation, among other use cases.
'Citizen developers' - business users with little to no coding experience and even less security experience - are also using agents, LLMs, and low-code/no-code (LCNC) platforms to build and deploy software without any security checks.
While AI coding can be a gateway to innovation and efficiency, it also introduces significant cybersecurity risks. Know the right questions to ask your developers to understand the full scope of AI usage and how it's reshaping the attack surface.
Create an AI acceptable use policy (AI AUP) for business users, developers, and DevOps teams; implement training on cybersecurity best practices; and deploy an exposure management platform like Tenable One to reduce the risks of vibe coding, citizen developers, and using AI as part of the SDLC.