Vibe Coding Vulnerabilities: Certora Argues Human Oversight is Essential for DeFi Audits

Nvidia CEO Jensen Huang argues that “the miracle of artificial intelligence” is that “nobody has to program”. Courtesy of AI’s prolific growth and the rise of Vibe Coding, the technology is hurtling us closer to Huang’s vision: a future in which “everybody in the world is a programmer.”

The notion that everyone can theoretically become a cracked DeFi founder with zero experience or programming knowledge is obviously appealing to budding entrepreneurs. However, that doesn't necessarily bode well for the security of thousands of users across the onchain economy.

What kind of threat does Vibe Coding pose to Solana DeFi, and how do reputable auditors like Certora approach AI development and auditing?

More Developers Are Turning to AI

AI is all around us, and it becomes more deeply intertwined in our lives with each passing day. According to Stack Overflow’s 2025 Developer Survey, more than 50% of professional developers use AI tools every day, with 84% of all respondents incorporating AI into their development process.

Beyond illustrating how popular AI-based coding has become, Stack Overflow’s survey highlighted some illuminating disparities. While 84% of respondents use AI tools in their development process, only 3.1% showed “high trust” in their accuracy. It’s fair to conclude that AI tools, while practical and efficient, are far from watertight.

AI code creation is more common than ever, yet a staggeringly small number of developers have confidence in the code being written. This is reinforced by a recent MIT Sloan review, which stipulated that while AI makes developers more productive, it also accelerates error propagation.

As REKT so elegantly summarizes, “These tools promised to democratize coding, to make everyone a developer. What they actually did was make it possible to ship complex systems without understanding them.”

While we can naturally assume that most humans still oversee ongoing production and will fix any errors, there will inevitably be some cases where time-pressed developers may be less discerning. 

In a worst-case scenario, the onchain economy becomes a mass of vibe-coded apps audited by AI tools, with little to no human oversight to catch obscure, evasive errors. Instead of the original promise of decentralized finance, crypto inevitably turns into a murky playground designed by Claude, for Claude.

Fortunately, this doomer prognosis is unlikely. Engineers are certainly using AI to become more efficient, but to say that they’re completely outsourcing the entire development process to AI is, at least for now, inaccurate. Serious teams are taking a hybrid approach to development, with AI being used in tandem with human oversight, experience, and creativity to get the best of both worlds.

Are AI Audits Safe?

The same is true among auditors. Just as engineers gravitate towards AI tools for their efficiency, auditors are also reaping the benefits of a powerful set of extra eyes. Cybersecurity auditors, both inside and outside crypto, are incorporating AI into their processes, allowing themselves to analyse and test a far wider surface area than what a human can achieve.

However, despite the growing popularity of AI auditing tools, humans are still needed to prevent tricky hacks. Certora’s Chief Scientist Mooly Sagiv asserts that existing AI audits are unable to replicate more interesting hacks, such as Euler V1 and Cork. Even for simple exploits, it is still unclear whether AI-audits are more useful than static analysis tools. 

For all its genius, AI is still, at least to my admittedly limited understanding, incapable of original thought. Even the very best AI tools cannot generate code or logic that humans haven’t already implemented somewhere, which means that they’ll always be playing catch-up. Factoring in how rapidly cybercriminals design and execute new attack vectors, developers and auditors need to be proactive, rather than reactive, to potential threats.

Trusted and reputable security firms like Certora see AI as a tool to be leveraged in the auditing process, not something that completely replaces the responsibilities of human auditors.

AI can help to identify vulnerabilities and suggest alternatives, but auditors still need to go through codebases with a fine-tooth comb to determine the accuracy of an AI tool’s findings. AI cannot replicate the critical, outside-the-box thinking that is required from auditors. Complex programmes inevitably offer a wide surface area for potential attacks and exploitable edge cases, so human oversight is still essential for secure, proactive auditing.

Responsible for securing over $10B of Solana’s onchain TVL (and $100B in the wider DeFi space), Certora suggests that a discerning, hybrid approach to security audits consistently yields the best results, bringing both applications and users unparalleled peace of mind when navigating the onchain economy. 

Read More on SolanaFloor

Prospective ETF issuers sidelined by BSOL listing

Fidelity Amends S-1 $SOL ETF Filing - Listing in 20 Days?

What are the Biggest Issues Facing Solana Right Now?