Injecting Security Context During Vibe Coding

Name: Injecting Security Context During Vibe Coding
Duration: 20 min
Description: Vibe coding fails not because the AI is bad at writing code, but because it's writing code without security context. Srajan Gupta built an MCP-based tool that injects security requirements before code generation, verifies the output immediately after, and patches inline — keeping security inside the developer's workflow rather than catching problems after the fact in CI. ---

Srajan Gupta

[un]prompted 2026 — AI Security Practitioner Conference · Day 2 · 2

Vibe coding fails not because the AI is bad at writing code, but because it's writing code without security context. Srajan Gupta built an MCP-based tool that injects security requirements before code generation, verifies the output immediately after, and patches inline — keeping security inside the developer's workflow rather than catching problems after the fact in CI. ---

AI review

The problem diagnosis is correct — security context is absent at generation time, not ignored — and the MCP-based injection approach is the right architectural answer. But this is a tool demo from a senior AppSec engineer at a fintech, not original research, and the demo itself was relatively thin. Solid practitioner talk, won't be memorable.

Watch on YouTube