🤖 AI-Enabled Software Breach Concerns
🛑 Problem
AI products from companies like OpenAI, Cursor, Claude, Google, Microsoft, and Meta are rapidly transforming how developers — both new and experienced — write software.
However, many of these AI-generated code snippets contain serious security vulnerabilities. The convenience and speed these tools provide often come at the expense of proper security practices, leading to a new wave of insecure applications being developed and deployed at scale.
🧠 Plan
Since 2019, we have been experimenting with ML and AI models. During that time, we've seen:
- Countless open-source projects,
- Blog posts on platforms like Medium,
- Influencers promoting AI-generated code,
- And public demonstrations that, unknowingly, spread vulnerable proofs of concept.
The resurgence of weak security controls in AI-created software has introduced vulnerabilities that we believe the community needs to be aware of and better prepared to address.
⚠️ Worst Case Scenario
Remember when students were taught insecure C code examples and reproduced them in real-world projects?
Now imagine that every bad coding practice publicly shared over the last 30 years was fed into a machine trained to prioritize speed over security. That machine now writes your infrastructure code, APIs, or authentication logic — and it's happening today.
This is not science fiction. It’s reality.
🎯 Our Goal
We aim to educate and raise awareness around AI-generated software that lacks secure design principles. This includes:
- Identifying insecure AI-generated patterns,
- Evaluating the risks of using AI in sensitive environments,
- And equipping developers with the tools to build secure by design systems — even with AI in the loop.
Let’s stop the next wave of breaches before they begin.
![]() |
Scenario:The "Chief Product Officer" created a solid backend codebase to secure a fly-away kit from tampering. "We developed an inexpensive way to ensure our kits are not tampered with, but then the CTO wanted a front-end. They gave it to a new development team that vibe codes without understanding what the code does." Note: When assessing software code, experience and familiarity significantly reduce the risk of overlooking simple vulnerabilities. During this CTF, the case is monitored in real-time. The flag is given to the individual who physically breaches the case. Participants can also request harder lock configurations to boost their final score. |