Embracing the AI Revolution in InfoSec: A Journey into "Vibe Coding"

Earlier this year, I embarked on a compelling challenge: to gain knowledge about the dynamic shifts within AI and understand its potential within the Information Security domain. This exploration sparked ideas for practical applications, leading to the development of four internal prototypes designed to enhance efficiency and deepen our understanding of AI's capabilities. It was during this process that I discovered a new approach—one that truly resonated, leading to a "good vibe."

At Imagine X, we pride ourselves on a team of exceptional Software Engineers who leverage AI to drive efficiency and accelerate solution development. That said, I work in our Cybersecurity practice, but I was still interested in learning more about the topic. One of the IX prototypes solves the problem of getting contextual risk information into the hands of the resource or person who needs the information. I set out with the objective to test the waters, using AI to code a small prototype capable of ingesting data from five distinct threat intelligence feeds and subsequently generating a "Top 5 Risk" report. Ultimately, AI will be helpful to summarize very large amounts of information and help apply what can often be complex routing rules to make sure the right person has the most important risk information that is contextually appropriate. The prototype was the first step in assessing the feasibility of using AI to code a similar solution

I quickly dove in and learned this hands-on experience is aptly termed "Vibe Coding", a recently coined term popularized by AI researcher Andrej Karpathy in early 2025, that describes an approach to software development heavily reliant on artificial intelligence, particularly large language models (LLMs).

The Genesis of the Project

The journey itself was quite engaging. While my early career involved scripting to automate repetitive support tasks, it had been years since I actively engaged in coding. Despite prior attempts to learn Python, competing priorities always curtailed my progress. 

My initial step was to pose a question to Gemini, envisioning AI's potential to generate code for me:

"As a security analyst with a foundational understanding but limited recent coding experience, I aim to develop an agent that consolidates and summarizes data from these five threat intelligence feeds:

• AlienVault OTX (Open Threat Exchange) https://otx.alienvault.com/

• AbuseIPDB https://www.abuseipdb.com/

• VirusTotal (Community) https://www.virustotal.com/

• Cisco Talos Intelligence https://talosintelligence.com/

• ThreatFox by https://threatfox.abuse.ch/"

And so, my "vibing" commenced, albeit with a rather rudimentary prompt. It required a series of iterative prompts in Gemini to achieve a functional output. The process, while not trivial, was enriched by the inherent satisfaction of troubleshooting--something that I also did a lot early in my career. After a few dedicated hours, a comprehensive report emerged.

From Concept to Completion

I progressed the prototype to a robust state. The script could be executed manually, yielding a "Top 5 Risks" output, detailing sources of risk identification and outlining potential impacts. The process was a bit cumbersome and at times inefficient. There was a decent amount of back and forth with a terminal and Gemini. I felt there had to be a better way to “vibe”, so I decided to reach out to my software engineering peers to see if they had any recommendations.

They provided me access to Cursor and its subsequent integration to the prototype transformed the development experience, akin to upgrading from a Toyota Prius to a Ferrari. This is a tool that makes our top software engineers more efficient with coding, and they recommended that I use it to help evolve my development. With Cursor, I was able to format the output into an HTML page, solicit AI for mitigation strategies, and incorporate a section elucidating the risk prioritization methodology. With a solid output, I needed to disseminate the information in a way that could be easily consumed. AI via Cursor facilitated the creation of a Slackbot to post the generated report to a designated channel and establish a daily 9 AM scheduled job for automated execution. This functional prototype was deemed by leadership a good time to pause to allow others to contribute. If I had attempted to build this without AI, it would have taken weeks with a lot of favors called in to the IX software team. This took dedicated hours, a remarkably shorter amount of time.

Key Insights Gained

This proved to be an enriching experience. Throughout the process, I got better at building prompts, and I learned when I had to be a little smarter than the AI model to get it to do the things I needed. I discovered how AI, with proper context, can help me overcome significant challenges and hurdle what might have previously seemed unsurpassable. There were a few specific takeaways and things I learned about that I wanted to share:

1. API Integration and Slackbot Development: I gained practical experience in acquiring and utilizing API keys for data retrieval, and successfully developed a Slackbot—areas previously unexplored despite extensive work with API data outputs and Slackbot usage.

2. Security in AI-Generated Code: A critical realization was that AI-generated code, while functional, does not inherently guarantee security. My initial prototype, for instance, exposed API keys without obfuscation.

3. AI as a Powerful Assistant, Not a Panacea: AI is undeniably impressive, but it's not a magical solution. Nearly every code output necessitated troubleshooting. While AI often assisted in resolving issues, and Cursor streamlined much of the debugging, human intervention remained essential.

4. The Value of Effective Prompt Engineering: My initial prompt was suboptimal. Learning to craft highly detailed and effective prompts proved invaluable. Ultimately, AI helped refine the prompt to achieve the desired results, which has helped me think about how I can improve my prompts in the future.

   

5. AI Augments, Not Replaces: While AI undeniably expedites many tasks, it is not poised to entirely replace human roles. For knowledge workers, embracing and understanding AI is paramount. These tools, when wielded effectively with well-crafted prompts, are incredibly powerful--yet human oversight and ingenuity remain crucial for their optimal deployment. If unchecked, even when vibe coding, hallucinations can happen, and results will be different from expected.

   Conclusion

   
   

   When ImagineX’s Cybersecurity practice came up with 4 prototypes we could build, I didn’t know what was possible. After building this solution, I was able to work with several members of the team to help them gain from my experiences, thus building a more informed and powerful organization. Weeks later, we had 4 very functional prototypes that would have previously taken months to build. This led me to getting a good vibe… quite literally.

   
   

   Ultimately, by helping people do things that would take them months to years to learn, AI serves to augment human ingenuity, rather than supplant it. By mastering AI through adept prompting and continuous learning, knowledge workers can unlock unparalleled levels of productivity and foster innovation within security operations. This exploration merely scratches the surface of AI's thrilling potential within the realm of cybersecurity, with an understanding of its power in the Information Security domain.