An AI Vibe Coding Horror Story
9 hours ago
- #Data Privacy
- #Medical Software
- #AI Coding Horror
- An individual created a custom patient management system using an AI coding agent, importing patient data and deploying it online.
- The application was highly insecure, with unencrypted patient data stored on a US server, accessible without proper authentication, violating data protection laws.
- Voice recordings from appointments were sent to external AI services for transcription without patient consent, raising serious privacy and legal concerns.
- All access control was implemented client-side in JavaScript, making the data easily accessible via simple commands like curl.
- The creator lacked understanding of the system's risks and responded with an AI-generated message after a security breach was reported.