March 29, 2026
Shipped by vibes, sunk by bugs
The "Vibe Coding" Wall of Shame
Blame the bots or the bosses? Commenters feud over ‘vibe coding’ fails
TLDR: A new “Wall of Shame” compiles real failures tied to AI-written, barely reviewed code, claiming more bugs, more security holes, and slower apps. Commenters are split between “stop shipping code you don’t understand” and “humans break things too—don’t blame the tool,” with dark-mode jokes stealing the thread.
The “Vibe Coding” Wall of Shame just dropped, and the comments are on fire. The post claims real-world meltdowns—from exposed databases to lost orders—came from shipping AI-written code that “looked right” but wasn’t understood. It cites a surge in CVEs (publicly listed security flaws) jumping from 6 in January to 35+ in March, and says AI-built apps racked up 1.7x more bugs, 2.74x more vulnerabilities, and even ran 19% slower. It’s a vibe… and not the good kind.
One camp is yelling “receipts!” with users gawking that it’s already a huge list, while skeptics clap back. doug_durham calls the label “vibe coded” a stretch, arguing this might just be a list of outages in a world where AI tools are everywhere. monksy throws a haymaker: humans have always shipped bugs, and companies got comfy saying “we’re garbage” long before the bots showed up. Meanwhile, cratermoon sparks the meme thread of the day: dark-mode fails—“I cannot read dark grey on black”—became its own bug report.
The mood? Split between “learn your code basics or don’t ship” and “stop scapegoating the tool”. Acronym soup like CSRF (sneaky click attacks) and SSRF (websites poking their own insides) is explained away, but the core message is simple: understand what you ship. Bonus snark: “DevOps by horoscope” is trending. For context on CVEs, see cve.mitre.org.
Key Points
- •The directory catalogs production failures tied to AI-generated and “vibe-coded” software, each with an authoritative source.
- •CVE entries attributed to AI-generated code rose from 6 (Jan 2026) to 35+ (Mar 2026).
- •A Tenzai study found 69 vulnerabilities in 15 AI-assisted apps; all lacked CSRF and had SSRF issues.
- •Additional research: IDEsaster reported 30+ flaws across AI IDEs (24 CVEs); Escape.tech found 2,000+ vulns in 5,600 apps; Veracode says 45% of AI code has a flaw.
- •The article urges developers to deeply understand and review code; AI is a tool that becomes a liability without proper comprehension.