What inspired you to build Vibe Review? I watched my engineers ship AI-generated code — fast, confident, and completely unreviewed for security. That's what "vibe coding" is, right? You describe what you want, the AI writes it, it looks clean, it runs. And then someone deploys it to production without a single person asking "wait, what is this code actually doing?" I've run over 700 threat models. I've seen what happens when developers skip the security thinking step. Vibe coding didn't eliminate that step — it just made it invisible. That bothered me enough to build something. What problem were you trying to solve? AI code assistants are incredible at generating plausible-looking code. They're also remarkably good at generating plausible-looking vulnerabilities. The problem isn't that developers are careless. The problem is that the review process hasn't kept up. You can't apply 2015-era code review habits to a world where a developer ships 10x more code with AI assistance. The surface area explodes. The cognitive load doesn't scale. So security falls through the cracks — not because anyone intended it to. Vibe Review is about closing that gap. Automated, opinionated, security-first review that actually keeps pace with how teams are building now. Not a linter. Not a SAST tool bolted on at the end. A reviewer that shows up when the code is being written. How did your approach evolve during this launch? Honestly? We started with too much faith in automation and not enough respect for context. The first version flagged everything. Volume without signal. Developers tuned it out fast — which is the worst outcome, because now you've trained your team to ignore security warnings. That was the forcing function. We had to get opinionated. Not "here are 47 issues" — but "here are the three things in this PR that will actually get you breached." We also underestimated how much the review experience mattered. AppSec tooling has a long history of being technically correct and completely unusable. We didn't want to build another tool that lived in a dashboard no one opened. So we rebuilt the output layer. The findings got sharper. The language got more direct. The fix guidance got concrete instead of vague. Ship fast, watch what gets ignored, make it impossible to ignore. That loop is what got us to launch.

VibeReview

Security for vibe-coders

Security for vibe-coders