Back to Feed

Backslash Security to Unveil Comprehensive Vibe Coding Security Platform at Black Hat USA 2025

Visibility, governance, and preemptive code security controls enable innovative organizations to accelerate application development while boosting security 

Las Vegas, NV, July 31, 2025 - Backslash Security, the vibe coding security company, today announced that its platform for securing AI coding infrastructure and code will be shown at the AI Pavilion (booth #4312) at Black Hat USA in Las Vegas, August 6-7.

Since the beginning of this year, vibe coding has been growing in parallel with the unprecedented adoption of AI-powered Integrated Development Environments (IDEs) and AI coding agents. Third-party components like MCP (Model Context Protocol) servers have likewise gained momentum in the software development market in a short time.

However, over the past several months, Backslash researchers have uncovered multiple security gaps and weaknesses in common vibe coding stacks and the code they create. When left unchecked, this presents a significant risk to the enterprises that develop these applications, as well as their users:

  • Security teams are wholly blind to the AI agents, LLMs, and other components, such as MCP servers, that are employed by their software development teams.
  • Unvetted, “naive” prompting of LLMs creates code that is vulnerable to even the most basic, common CWEs such as XSS, path traversal, SSRF, and code injection. However, developers cannot be expected to become secure prompting experts, leaving such code in its vulnerable state..
  • The use of third-party components such as MCP servers adds additional risk, potentially enabling attack vectors such as remote code execution.
  • The IDEs and AI coding agents themselves can be poorly configured in a way that exposes developers’ machines to attack. Some built-in security features of the vibe coding platforms themselves have proven to be woefully inadequate, lulling users into a false sense of security.

The Backslash Vibe Coding Security Platform enables security teams to quickly understand and mitigate these potential threats, allowing developers to focus on innovation and time to market, with security risks being transparently monitored and controlled without slowing them down. It includes:

  • A unified AI Coding Dashboard, presenting a full inventory and security posture assessment of the AI coding agents and IDEs, MCP servers, LLMs, and AI prompt rules being used across the organization’s development stack.
  • MCP and AI Rules Risk Assessment that analyzes MCP servers and existing rules for exposure to threat vectors, including tool poisoning, rug pull attacks, data exfiltration, malicious backdoors, and obfuscation techniques.
  • AI Hardening Policies for coding agents and IDEs, allowing security teams to enforce secure configuration of developer tools, limiting permissions, and access to files.
  • Secured AI Prompt Rules that are granular and dynamically updated, providing a centralized policy-driven way to ensure that developer prompts are enhanced to make LLMs produce code that is free from vulnerabilities and weaknesses.
  • The Backslash MCP Server AI Assistant extends LLMs by providing real-time OSS vulnerability insights during code generation and interactively guides developers on remediation steps, package upgrades, and other security concerns in their code.

"AI coding is now a reality with many organizations adopting tools such as Cursor, Windsurf, and GitHub CoPilot, among others, but the rapid introduction and adoption of these tools are creating new security blindspots," said Fernando Montenegro, Vice President & Practice Lead, Cybersecurity & Resilience at The Futurum Group. "Getting ahead of this trend and adapting to the ultra-rapid way of developing software should become a priority for security teams, so they can enable innovation within their organizations while adequately managing risk."

Backslash Security will be at the AI Pavilion booth #4312 at Black Hat USA, August 6-7

To request a demo of the Backslash Platform, go to https://backslash.security/demo.

About Backslash Security

Backslash is the vibe coding security company. We secure the new AI-driven era of software and application development, addressing the challenges created by AI coding tools and practices, and seizing the opportunity to make software secure by design, preemptively preventing vulnerabilities and exposures in code. Forward-looking organizations use Backslash to modernize their application security for the AI era, shorten remediation time, and accelerate time-to-market of their applications. For more information, visit https://backslash.security