Скачать или смотреть 🔐 Vibe Coding Security 101: Preventing Exploitation

Join us for a fun and practical session where you'll learn how AI tools can sometimes create security problems. If you’re using tools like v0.dev or Lovable to build websites or apps, this session is perfect for you. We’ll walk through real examples to show how small prompt mistakes can lead to big risks, and how to be aware of that to protect your app. No coding experience needed, just curiosity and a builder’s mindset!

📌 Stay Connected
Join the community, get support, and explore more tools:
https://stay.coti.io

📺 COTI Foundation YouTube Channel
Watch more tutorials, updates, and livestreams from the COTI team:
‪@COTIGroup‬

🚀 Intro & Session Goals
00:00 – Welcome and introduction from Davi
00:48 – Overview of the livestream's goal: explore prompt-based security risks
01:29 – Meet the guests and their backgrounds in AI and cybersecurity

🔍 Prompt Security Basics
04:14 – Just because it came from AI doesn’t mean it’s safe
04:50 – 3 types of prompt security risks explained

🧪 Prompt Injection Examples (Live Demo)
08:58 – Ignoring instructions and revealing admin panel
13:34 – Redirects using query parameters without validation
17:29 – Hidden submit button logging to external servers
21:21 – Hidden fields collecting IP and fingerprint
24:10 – Untrusted image source
28:20 – Logging cookies via script
33:16 – API key in frontend code
39:44 – Prompt to leak environment variables

⚠️ Prompt Misuse Scenarios
42:37 – Creating a vague login prompt
48:34 – Making password field plain text
51:44 – Prefilling admin credentials by default
54:37 – Skipping form validation
58:48 – Removing login retry limits
01:02:54 – Auto-submitting incomplete forms

🎭 Prompt Abuse Scenarios
01:08:30 – Fake loading spinners
01:09:41 – Green checkmarks without real validation
01:14:08 – Mimicking system messages
01:17:21 – Silently collecting usage data
01:18:59 – Labeling forms “secure” without HTTPS
01:22:49 – Fake account verification message
01:24:19 – Adding fake CAPTCHA
01:29:15 – Lock icon to simulate security without backend protection

📚 Key Takeaways
01:33:38 – Summary of risks and differences between tools
01:34:30 – Why v0.dev offers better security context and explanations
01:35:09 – Lovable strength in UI but lack of context filtering

💬 Final Reflections from Guests
01:37:07 – Guest panel shares thoughts on AI tool behaviors
01:38:03 – Differences between v0.dev and Lovable.dev in real projects
01:40:16 – Encouragement for beginners: security awareness matters

❓Live Q&A
01:42:16 – Can prompt injection be completely prevented?
01:43:00 – Red flags to watch in AI-generated code
01:43:42 – Built-in protection from tools like V0.dev
01:44:21 – Is AI-generated code safe for security apps?
01:45:04 – Misuse vs abuse in prompt security
01:45:45 – Is it safe to copy-paste AI-generated code?
01:46:24 – Can prompt injection come from user input?
01:47:09 – Why do AIs hallucinate or add things not requested?