"Vibe Coding" Risk Assessment
What This Requires
Conduct risk assessment for rapid prototyping workflows where engineers accept AI suggestions without deep understanding ("vibe coding"). Define guardrails: test coverage minimums, peer review requirements, and prohibited use cases.
Why It Matters
Vibe coding accelerates development but creates hidden technical debt and security gaps. Engineers may not understand the code they ship, making debugging and incident response difficult.
How To Implement
Identify High-Risk Scenarios
Prohibit vibe coding for: authentication/authorization logic, cryptographic functions, payment processing, regulated data handling. Require traditional development (design doc, peer review, security review).
Enforce Test Coverage
Mandate minimum test coverage (80% for critical paths) for AI-generated code. Block merge if coverage drops below threshold.
Peer Review Requirement
Require two human reviewers (not just one) for AI-heavy PRs. At least one reviewer must deeply understand the domain.
Incident Post-Mortem Analysis
During post-incident reviews, flag if AI-generated code contributed to the issue. Track trends to identify problematic patterns.
Evidence & Audit
- Risk assessment document identifying prohibited vibe coding scenarios
- Code review policy requiring enhanced review for AI-generated code
- Test coverage reports showing compliance with minimums
- Post-incident review records analyzing AI code contributions
- Training materials on vibe coding risks