Close

New Research from CDW on Workplace Friction

Learn how IT leaders are working to build a frictionless enterprise.

Jul 09 2026
Security

5 Questions About Vibe Coding Security Risks for Healthcare

“Vibe coding” with tools powered by artificial intelligence is happening across industries. Here are some security concerns for healthcare IT to consider.

Whether executive leaders are aware or not, IT teams across industries are experimenting with “vibe coding,” or coding assisted by artificial intelligence.

Here are five considerations for health IT managers as their teams begin to incorporate AI tools into their programming workflows.

READ MORE: Code is no longer the bottleneck. What does agentic AI mean for software?

1. What’s the Margin of Error For Coding With AI?

AI tools can generate apps based on the direction of the user, and the process is intensive and requires knowledge of organizational network security and data privacy standards, compliance requirements, preferred platforms, tools, databases and programming languages, testing strategies, documentation guidelines, and more. All of that must be fed into the AI solution before it starts on a problem. AI coding tools may appear to read minds and move quickly. But if users don’t set the stage for success, they risk creating something with inconsistent behavior, which may then impact data security regulatory compliance.

2. How Much Training Have Nontechnical Users Received?   

Programming is still a technical skill. Just because nontechnical users can generate applications using AI tools doesn’t mean that these apps are ready for wider use. If a nurse or administrator builds a discrete app with AI tools to help a clinic, that’s great — but that’s not something that can be shared and rolled out without a technical programmer taking a look first. This concern is not that different from the security and resource issues that shadow IT has created in the past.

Click the banner below to power employee productivity with AI.

 

3. How Does AI Affect Your Organization’s Attack Surface?

Increasing the attack surface is inevitable with AI. Such coding solutions build their code on pre-existing open-source libraries and tools. Your software bill of materials will lengthen considerably, creating technical debt and dependencies on new-to-you packages. This is almost unavoidable and is a factor that must be documented for compliance and risk management purposes as AI-written software is moved into production.

4. How Ready Is Your Overall Environment For AI?

AI assumes a modern development environment. The coding tools are built on large language models that are trained on modern code and existing standards, which can create friction when interacting with legacy systems such as old HL7 electronic health record systems or databases. To make the best use of AI tools, organizations must adopt modern DevSecOps practices. Going full continuous integration/continuous deployment is not necessary, but you do want to make it easy to rapidly deploy fixes for both functional and security flaws you find downstream.

UP NEXT: How do managed cloud and AI services turn complexity into business advantage?

5. How Can AI Support Security Improvements?

AI doesn’t solve security problems, but it does make it easier to write secure systems. These coding tools are aware of security best practices, such as keeping credentials out of configuration and using encryption for network traffic, and they’ll encourage users to go down these paths. But they won’t enforce good practices or know about healthcare-specific issues. That requires a security-aware developer to tell the AI tools things such as, “Use the HL7 FHIR guidelines in all of the code you write,” or “integrate with our existing single sign-on system for authentication.” Writing, and then applying, a consistent set of security instructions for every vibe coding session is a necessary risk-reduction measure.

pixdeluxe/Getty Images