How do you make sure your products are secure after vibecoding it entirely or partially?

After using a lot of AI-generated code lately, I've found myself spending a lot of hours on checking and repairing a lot of easy-to-spot security flaws. That being said, AI generally sucks at actually implementing secure code (or architectures), as well as recommending what to do to make your app more secure (sometimes even decently secure).

Have you had this problem as well? If yes, how do you tackle it?

P.S. As a fun fact, I remember an year ago implementing an Elastic database that I secured with a pretty weak password. It wasn't a production one, but it was available to the internet without any kind of VPN/secure connection. It got hacked in less than a week, from random bots on internet. Good thing it only had mock data.

AI didn't even tell me I had to put a password over it as it had a random ip and port, let alone take any other measures. Of course, until I purposefully asked about it.