AI Agents and Vibe Coding Changed the Speed of Building. Now Security Has to Catch Up.
AI coding agents, vibe-coded apps, and MCP servers are changing how we build. Learn why runtime protection and AI agent discovery are critical for safe AI adoption.
This week, PocketOS, a SaaS tool for car rental businesses, lost its entire production database and backups in 9 seconds. A Claude-powered agent in Cursor misread an API token, issued a curl command, and erased everything via Railway's GraphQL API. Thirty hours of manual recovery followed.
I've seen this movie before, and I know how it ends when the industry figures it out.
We've Been Here Before
About a decade ago, Ankur and I were both at RedLock, one of the early cloud security companies that was later acquired by Palo Alto Networks. Cloud was doing to infrastructure what AI agents are doing to software development right now: collapsing the time between idea and production, putting capability in the hands of people who didn't grow up with it, and creating an attack surface faster than anyone could map it.
Before cloud, building a feature took months. Physical infrastructure had real lead times. You had to provision hardware, order rack space, wait on the data center to confirm capacity before a single line of code could touch production. The friction was accidental security. Nobody called it that at the time, but those constraints created natural checkpoints that slowed down mistakes as much as they slowed down shipping.
Then cloud removed that friction. And for a while, the industry responded by pointing at breach statistics and telling people to slow down. That didn't work. What worked was a framework: the shared responsibility model. Cloud providers secure the infrastructure. You secure what you build on top of it, creating clear lines and shared ownership. The conversation shifted from "is cloud safe?" to "here's who is responsible for what."
We're at exactly that moment again.
The Scale of What's Happening
AI companies are now reaching $30 million in annualized revenue in a median of just 20 months, compared to 60-plus months for the prior SaaS generation. In Y Combinator's Winter 2025 batch, 25% of startups had codebases that were 95% or more AI-generated. Today, 46% of all new code being committed to GitHub is AI-generated.
This is a structural shift in how software gets built. The democratization of building software is real. The economics of experimentation have changed permanently. Startups that used to need 18 months and a Series A to get to a working product are shipping in weeks.
At Straiker, we’re building this way too. We prototype fast, we iterate faster (don’t get me started on where I am on the tokens leader board). We are not standing outside the vibe coding era throwing stones at it. We are inside it, building with the same tools, moving at the same pace.
The question is never whether to move fast. The question is what infrastructure you need around you when you do.
What the Model Can't Catch
Here's the problem nobody talks about clearly enough.
The guardrails built into AI coding tools are part of the model. They're optimized to make code run, not to make code safe. And they have no visibility into what happens when your agent connects to an MCP server that was forked by someone you've never heard of, or when a malicious instruction is buried in a README that the agent reads and executes without questioning.
A recent Carnegie Mellon University benchmark found that 61% of code generated by an AI agent passed functional tests. Only 10.5% of that same code passed security tests. The code works but may not be safe.
The MCP problem is subtler than most people realize. Developers are connecting agents to external tools and data sources faster than anyone can vet them (a forked server here, a broad OAuth scope there, a dependency the agent installs because the package name sounded plausible). Each connection feels like a reasonable decision in the moment. Collectively, they expand your attack surface in ways that are hard to see until something goes wrong. High-risk MCP servers are formally catalogued in the OWASP Top 10 for Agentic AI Applications precisely because this is how Claude Code gets configured in real enterprise environments, not as an exception, but as standard practice.
The PocketOS incident wasn't a sophisticated attack, and it can happen to any company. It was an agent with too much access, no runtime check on what it was about to do, and no layer between "agent decision" and "irreversible action." Nine seconds is all the agent needed for destructive actions.
The Shared Responsibility Model for Agentic AI
Here's where the cloud parallel lands.
The answer in the cloud era wasn't to stop using cloud. It was to define who owns what, build the right controls at the right layer, and give security teams the visibility to do their jobs. The answer now isn't to stop using AI agents. It's the same thing now:
- define ownership
- build controls at the right layer
- give security teams visibility
That starts with knowing what's running. Straiker Discover AI maps your full agent footprint: which agents are deployed, which MCP servers they're connected to, what permissions they actually have. Most organizations can't answer those questions today. You can't enforce a shared responsibility model for something you can't see.
Then it requires runtime enforcement that operates independently of the model. Straiker Defend AI monitors every agent action in real time such as file reads, command execution, API calls, MCP server interactions, and blocks threats before they execute. Trained on millions of real-world agent traces, Defend AI delivers 98.1% detection accuracy at under 300ms latency, with 6-21x lower false positive rates than frontier model judges.
To put that in context: If nine seconds is all it takes, then you need runtime protection that can perform at sub-300ms.
This Is the Infrastructure That Makes Speed Sustainable
As someone who has watched a market figure out its security model before, and who thinks we're closer to that moment than most people realize, it’s clear to me that the startup renaissance is real. For example, 64% of U.S. venture capital dollars in H1 2025 went into AI startups. The tools to build are better than they've ever been. The pace is only going to increase.
To be clear, vibe coded applications aren’t dangerous, we’re still figuring out the right security approach as the ship is being built. The shared responsibility model for agentic AI is coming. The companies that help define it, and build the controls that make it real, are the ones that will matter in this market.
This week, PocketOS, a SaaS tool for car rental businesses, lost its entire production database and backups in 9 seconds. A Claude-powered agent in Cursor misread an API token, issued a curl command, and erased everything via Railway's GraphQL API. Thirty hours of manual recovery followed.
I've seen this movie before, and I know how it ends when the industry figures it out.
We've Been Here Before
About a decade ago, Ankur and I were both at RedLock, one of the early cloud security companies that was later acquired by Palo Alto Networks. Cloud was doing to infrastructure what AI agents are doing to software development right now: collapsing the time between idea and production, putting capability in the hands of people who didn't grow up with it, and creating an attack surface faster than anyone could map it.
Before cloud, building a feature took months. Physical infrastructure had real lead times. You had to provision hardware, order rack space, wait on the data center to confirm capacity before a single line of code could touch production. The friction was accidental security. Nobody called it that at the time, but those constraints created natural checkpoints that slowed down mistakes as much as they slowed down shipping.
Then cloud removed that friction. And for a while, the industry responded by pointing at breach statistics and telling people to slow down. That didn't work. What worked was a framework: the shared responsibility model. Cloud providers secure the infrastructure. You secure what you build on top of it, creating clear lines and shared ownership. The conversation shifted from "is cloud safe?" to "here's who is responsible for what."
We're at exactly that moment again.
The Scale of What's Happening
AI companies are now reaching $30 million in annualized revenue in a median of just 20 months, compared to 60-plus months for the prior SaaS generation. In Y Combinator's Winter 2025 batch, 25% of startups had codebases that were 95% or more AI-generated. Today, 46% of all new code being committed to GitHub is AI-generated.
This is a structural shift in how software gets built. The democratization of building software is real. The economics of experimentation have changed permanently. Startups that used to need 18 months and a Series A to get to a working product are shipping in weeks.
At Straiker, we’re building this way too. We prototype fast, we iterate faster (don’t get me started on where I am on the tokens leader board). We are not standing outside the vibe coding era throwing stones at it. We are inside it, building with the same tools, moving at the same pace.
The question is never whether to move fast. The question is what infrastructure you need around you when you do.
What the Model Can't Catch
Here's the problem nobody talks about clearly enough.
The guardrails built into AI coding tools are part of the model. They're optimized to make code run, not to make code safe. And they have no visibility into what happens when your agent connects to an MCP server that was forked by someone you've never heard of, or when a malicious instruction is buried in a README that the agent reads and executes without questioning.
A recent Carnegie Mellon University benchmark found that 61% of code generated by an AI agent passed functional tests. Only 10.5% of that same code passed security tests. The code works but may not be safe.
The MCP problem is subtler than most people realize. Developers are connecting agents to external tools and data sources faster than anyone can vet them (a forked server here, a broad OAuth scope there, a dependency the agent installs because the package name sounded plausible). Each connection feels like a reasonable decision in the moment. Collectively, they expand your attack surface in ways that are hard to see until something goes wrong. High-risk MCP servers are formally catalogued in the OWASP Top 10 for Agentic AI Applications precisely because this is how Claude Code gets configured in real enterprise environments, not as an exception, but as standard practice.
The PocketOS incident wasn't a sophisticated attack, and it can happen to any company. It was an agent with too much access, no runtime check on what it was about to do, and no layer between "agent decision" and "irreversible action." Nine seconds is all the agent needed for destructive actions.
The Shared Responsibility Model for Agentic AI
Here's where the cloud parallel lands.
The answer in the cloud era wasn't to stop using cloud. It was to define who owns what, build the right controls at the right layer, and give security teams the visibility to do their jobs. The answer now isn't to stop using AI agents. It's the same thing now:
- define ownership
- build controls at the right layer
- give security teams visibility
That starts with knowing what's running. Straiker Discover AI maps your full agent footprint: which agents are deployed, which MCP servers they're connected to, what permissions they actually have. Most organizations can't answer those questions today. You can't enforce a shared responsibility model for something you can't see.
Then it requires runtime enforcement that operates independently of the model. Straiker Defend AI monitors every agent action in real time such as file reads, command execution, API calls, MCP server interactions, and blocks threats before they execute. Trained on millions of real-world agent traces, Defend AI delivers 98.1% detection accuracy at under 300ms latency, with 6-21x lower false positive rates than frontier model judges.
To put that in context: If nine seconds is all it takes, then you need runtime protection that can perform at sub-300ms.
This Is the Infrastructure That Makes Speed Sustainable
As someone who has watched a market figure out its security model before, and who thinks we're closer to that moment than most people realize, it’s clear to me that the startup renaissance is real. For example, 64% of U.S. venture capital dollars in H1 2025 went into AI startups. The tools to build are better than they've ever been. The pace is only going to increase.
To be clear, vibe coded applications aren’t dangerous, we’re still figuring out the right security approach as the ship is being built. The shared responsibility model for agentic AI is coming. The companies that help define it, and build the controls that make it real, are the ones that will matter in this market.
