Vibe Coding Explained for UK Business Owners: Why the NCSC Is Warning You and How to Use It Safely

45% — Veracode October 2025: AI-generated code samples containing an OWASP Top-10 flaw across 100+ LLMs  ·  1.5M — Authentication tokens leaked by vibe-coded app Moltbook in February 2026 (Wiz Research disclosure)  ·  6 → 35 — Vibe-coded CVEs logged by Georgia Tech's Vibe Security Radar, January to March 2026  ·  31% — UK businesses using AI per Experian's May 2026 study — of which only 24% have cyber-risk processes

On Tuesday 19 May 2026, Andrej Karpathy posted a short note on X confirming he had joined Anthropic, the San Francisco lab behind Claude. The reaction in Silicon Valley was immediate — Karpathy was a founding member of OpenAI, ran Tesla's Autopilot AI team, and is one of the most influential ML educators alive. But the reaction in UK newsrooms was about something else entirely. In February 2025, Karpathy had casually tweeted about a new way of building software where you 'fully give in to the vibes, embrace exponentials, and forget that the code even exists'. He called it 'vibe coding'. On 6 November 2025, Collins Dictionary managing director Alex Beecroft announced that the same two words had been chosen as Collins Word of the Year 2025. Karpathy joining the firm whose chatbot most people use to do vibe coding put the phrase back on the front page of the BBC, The Times, the Guardian and IT Pro within hours.

All of which would be a fun bit of tech trivia, except for what happened five weeks earlier and 5,000 miles away. On Tuesday 24 March 2026, Richard Horne — chief executive of the National Cyber Security Centre, GCHQ's cyber arm — walked onto the keynote stage at the RSA Conference in San Francisco and warned a global audience of a coming 'SaaSpocalypse'. Horne described a wave of breaches building behind British SMBs in particular, caused by a generation of non-developers shipping production apps written entirely by AI chatbots. The NCSC followed up days later with a blog post bluntly titled 'Vibe check' on ncsc.gov.uk. The agency is not anti-AI — it is anti-leaking-1.5-million-customer-tokens-because-Lovable-helpfully-hardcoded-them-in-the-browser. That, broadly, is the difference this article is about.

We will, with our standard editorial cough, declare an interest. BraivIQ is an AI Agency UK and AI Agency London that gets paid to do AI development and AI Automation responsibly — and increasingly to audit vibe-coded apps that small businesses have already shipped. So we are not neutral. But every statistic in this piece comes from a named public source you can verify yourself, and our six-step safety checklist is designed to be useful whether you pay us, pay someone else, or pay nobody at all. If you are a Manchester salon owner, a Birmingham accountant, a Sheffield Shopify operator, or anyone running a business in the UK who has ever opened Cursor or Claude and wondered 'is this safe?', this is for you.

Why Vibe Coding Suddenly Matters to Non-Developers

Until about 18 months ago, building software meant either learning to code or hiring someone who could. Vibe coding has, for the first time, broken that. A salon owner in Manchester who has never written a line of JavaScript can sit down on Sunday morning with Lovable or v0, type 'I want a booking page where my customers pick a stylist, a time and pay a £10 deposit', and by Sunday night have something live on the internet. The chatbot writes the HTML, the backend, the database schema, the Stripe integration. It deploys to a Vercel or Netlify URL. It even writes the confirmation email. The salon owner has, in effect, become a software company over a long weekend.

This is a genuinely good thing. It is the same kind of unlock that desktop publishing was in the 1980s or Squarespace in the 2010s. Every UK micro-business now has a route to custom software that does not require a £40,000 development budget or a six-month timeline. We are seeing Shopify operators in Sheffield build bespoke loyalty schemes in a fortnight. We are seeing Birmingham accountants prototype tax calculators that they can later commission properly. We are seeing Bristol charities ship volunteer-matching apps that would have been unthinkable in 2023.

The Sussex SME study published by JetSpace in April 2026 found 54 per cent of small businesses in their sample were already using AI in some part of operations. Experian's UK-wide May 2026 numbers put the headline rate at 31 per cent. Whichever you trust, the direction of travel is identical. And the same study found 42 per cent of UK AI projects launched in 2025 were quietly scrapped — usually because the people commissioning them did not realise what they had built until it broke. Vibe coding accelerates everything, including the breakage.

Why the NCSC is Worried — And You Should Be Too

The SaaSpocalypse Warning

When Richard Horne used the word 'SaaSpocalypse' at RSAC on 24 March 2026, he was being deliberately tabloid-friendly. SaaS means Software-as-a-Service — the cloud apps every business uses. His point was that the next wave of breaches will not be Russian state actors hitting nuclear infrastructure; it will be ordinary British businesses leaking customer data because the AI that wrote their app put the database password in the browser. The NCSC's follow-up 'Vibe check' blog post on ncsc.gov.uk made the practical version of the argument: the model produces code that works, looks plausible, and is dangerously insecure in ways that only a trained reviewer would spot.

The Cold Numbers

Veracode's October 2025 study tested more than 100 large language models on a controlled set of coding tasks. Forty-five per cent of the resulting code contained an OWASP Top-10 vulnerability — OWASP being the industry's standard list of the ten most dangerous classes of web flaw, things like SQL injection and broken authentication. Java code failed 72 per cent of the time. Cross-site scripting (XSS) defences — the protections that stop a malicious comment on your site from stealing other users' login cookies — failed in 86 per cent of samples. Georgia Tech's Vibe Security Radar then started counting Common Vulnerabilities and Exposures (CVEs — the public database of catalogued security holes) traced to vibe-coded software: 6 in January 2026, 15 in February, 35 in March. The line goes up and to the right.

The Viral Disasters

Theory is one thing; the rolling list of 2026 incidents is another. In February, Wiz Research disclosed that vibe-coded app Moltbook had leaked 1.5 million authentication tokens because the AI had hard-coded them in client-side JavaScript. In March, a UK security researcher found a zero-click remote code execution (RCE — an attacker running arbitrary code on the server without the user doing anything) in the Orchids platform. EchoLeak, tracked as CVE-2025-32711, scored 9.3 on the CVSS severity scale — a prompt-injection flaw (where an attacker hides instructions inside content the AI reads and the AI obeys them) in a Microsoft Copilot integration. CurXecute, CVE-2025-54135, scored 9.8. Add in the historical favourites — the 2023 Chevrolet of Watsonville chatbot that a customer talked into selling a Tahoe for one dollar, the 2024 Air Canada tribunal ruling that the airline was legally bound by its chatbot's invented refund policy — and the pattern is clear. AI ships fast. AI also lies fast.

The UK SMB Reality Check

Two data points define the British position. Experian UK's May 2026 study found 31 per cent of UK businesses now use AI in some form, but of those, only 24 per cent reported any documented cyber-risk process governing that use. That means roughly three-quarters of UK AI adopters are flying blind on security. JetSpace's Sussex SME study from April 2026, focused on smaller firms, found 54 per cent adoption but 42 per cent of 2025 AI projects scrapped — usually after a senior person realised the thing was either broken, embarrassing or quietly leaking data.

Combine that with the Information Commissioner's Office position — the ICO confirmed in its January 2026 guidance that 'we used an AI' is not a defence against a GDPR breach — and the picture for a Manchester salon, a Birmingham accountancy or a Sheffield Shopify shop is uncomfortable. The upside of vibe coding is real. The downside is regulatory. The middle path, where most sensible UK businesses will end up, involves a six-step safety routine and the occasional sanity check from an AI Agency London or an AI Agency UK that has already seen the failure modes.

The 90-Day UK Business Owner Vibe-Coding Playbook

1. Days 1-15: Pick a sandbox, not production. Vibe-code your idea in a separate Vercel, Netlify or Replit project that has no connection to your real customer database, your real Stripe account, or your real domain. Use fake data with names like Test Customer and email addresses like test@example.com. If it breaks, nobody notices.
2. Days 16-30: Never paste real customer data into the chat. The single most common UK breach pattern in early 2026 is a business owner pasting a real spreadsheet of clients into Claude or Cursor to 'help with the schema'. That data is now on Anthropic, OpenAI or Microsoft's servers and you may have just triggered a personal-data notification under UK GDPR. Use synthetic data. Always.
3. Days 31-45: Run a code-review pass. Once the prototype works, ask the same AI — or, better, a different model — to review its own code for OWASP Top-10 issues and prompt-injection risk. The phrase 'review this code as a senior security engineer reporting to the NCSC' produces remarkably useful results. Then run free open-source scanners: Snyk Open Source, Semgrep, npm audit. Most catastrophic flaws fall out at this stage.
4. Days 46-60: Never deploy database credentials in the browser. This is the Moltbook lesson. If the AI puts your Supabase service key, your Stripe secret key, your SendGrid API key or any other secret into client-side code, you are about to be on a Wiz disclosure page. Every secret belongs in an environment variable on the server, gated by row-level security. Ask the AI explicitly: 'are any secrets exposed to the browser?' — and verify by viewing source.
5. Days 61-75: Get a human review before going live. Either an internal developer, a freelance UK contractor, or an AI Agency UK that can sign off on the code, the data flows, the cookie policy and the ICO obligations. Budget half a day. It is the cheapest insurance policy you will ever buy.
6. Days 76-90: Document, monitor and put a human in the loop. Write down what the app does, what data it touches, who can change it. Turn on basic logging (Sentry, Logtail). Set a 30-day reminder to re-audit because the AI will have shipped new dependencies. Treat AI Automation as something you supervise, not something you forget.

Where an AI Agency Fits — And Where It Honestly Does Not

Not every vibe-coded app needs an agency. A staff rota tool that lives behind your office firewall and stores no personal data is fine. An internal calculator that helps you price quotes is fine. The line is roughly where customer data, payments, or anything the ICO would describe as 'personal data' enters the picture. At that point, the cost of getting it wrong — UK GDPR fines up to £17.5 million or 4 per cent of global turnover, plus the reputational damage of a breach notification — dwarfs the cost of a proper review.

What a responsible AI Agency UK actually does for vibe-coded apps in 2026 is fairly mundane and largely defensive. We review the architecture. We move secrets out of the browser. We add authentication that does not fall over to a credential-stuffing script. We run Snyk and Semgrep and a manual prompt-injection test. We write down the data flows so the ICO question 'what personal data does this process' has an answer. We add monitoring. We do this in days, not months, and we tell you honestly when a vibe-coded MVP is good enough to keep versus when it should be quietly rebuilt by a Workflow Automation Agency that knows what it is doing. That last call — keep it, fix it, replace it — is the one most non-technical founders cannot make alone.

Sources

1. Anthropic press release and Andrej Karpathy personal post on X confirming move to Anthropic, 19 May 2026
2. Collins Dictionary 2025 Word of the Year announcement by Alex Beecroft, 6 November 2025 (BBC News and Guardian coverage)
3. Richard Horne, NCSC CEO, RSA Conference 2026 keynote, San Francisco, 24 March 2026 (transcript via Computer Weekly and IT Pro)
4. National Cyber Security Centre, 'Vibe check' blog post, ncsc.gov.uk, March 2026
5. Veracode, 'State of AI-Generated Code Security 2025' study, October 2025 (covered by Reuters and The Register)
6. Georgia Tech School of Cybersecurity, Vibe Security Radar dataset, January-March 2026
7. Wiz Research disclosure of Moltbook authentication token leak, February 2026
8. EchoLeak CVE-2025-32711 advisory (CVSS 9.3), MITRE and Microsoft Security Response Center
9. CurXecute CVE-2025-54135 advisory (CVSS 9.8), MITRE
10. Civil Resolution Tribunal of British Columbia, Moffatt v Air Canada ruling, February 2024
11. Chevrolet of Watsonville chatbot incident coverage, Business Insider, December 2023
12. Experian UK SMB AI Adoption Study, May 2026
13. JetSpace Sussex SME AI Study, April 2026 (cited in The Times and FT)
14. Information Commissioner's Office, Generative AI Guidance for UK Businesses, January 2026