Major 'vibe-coding' platform Orchids is easily hacked, researcher finds (www.bbc.com)

A recent investigation by a BBC reporter has revealed significant cybersecurity vulnerabilities in Orchids, a popular "vibe-coding" platform that enables users without coding expertise to create applications and games by simply entering text prompts. Cybersecurity researcher Etizaz Mohsin demonstrated how he could exploit these flaws to gain unauthorized access to a project, leading to a zero-click attack where he manipulated the system without any interaction from the user. This resulted in a notepad file appearing that indicated the hacking, highlighting how easily malicious software could be introduced through such vulnerabilities. The significance of this discovery for the AI/ML community lies in the urgent need for improved security protocols as the trend of using AI to handle complex tasks escalates. Orchids boasts a user base of one million and counts major companies like Google and Uber among its clients, making the implications of these vulnerabilities particularly concerning. Experts warn that as vibe-coding tools become more entrenched, the potential for security breaches increases, stressing that developers must enforce discipline and rigorous code review to mitigate these risks. The incident serves as a cautionary tale for other AI platforms with similar capabilities, emphasizing the importance of safeguarding user data and maintaining robust cybersecurity measures.