NCSC CEO Urges AI Coding Safeguards for Secure Software

NCSC UK News

Published March 24th, 2026

Detected March 25th, 2026

Summary

The UK's National Cyber Security Centre (NCSC) CEO, Dr. Richard Horne, is urging the international security community to develop safeguards for AI-generated code ('vibe coding'). While acknowledging the risks of propagating vulnerabilities, the NCSC highlights the opportunity to improve software security by design through well-trained AI tools.

View original document View source feed page

What changed

The NCSC, through its CEO Dr. Richard Horne, has issued a call to action regarding the security implications of AI-generated code, often referred to as 'vibe coding'. The agency acknowledges that while AI tools for software development present significant risks of introducing or propagating vulnerabilities, they also offer a substantial opportunity to enhance software security by design. The NCSC emphasizes the need for AI tools to be developed and trained with security as a core principle from the outset to ensure that their widespread adoption leads to a net positive for overall cybersecurity.

This guidance is particularly relevant for technology companies and software developers. The NCSC suggests that while AI-generated code currently poses "intolerable risks" for many organizations, the business benefits will drive adoption. Therefore, security professionals are urged to proactively engage with these risks now, embedding core security principles into AI development processes to mitigate vulnerabilities and make software inherently more secure against attacks. This proactive approach is framed as a collective responsibility to ensure the future of AI in software development enhances, rather than compromises, global cyber resilience.

What to do next

Ensure AI code generation tools are designed and trained to avoid introducing or propagating vulnerabilities.
Embed core security principles into AI development processes for software.
Engage with the risks of AI-generated code proactively to ensure secure adoption.

Source document (simplified)

News Download & print article PDF

NCSC CEO: Seize 'disruptive' vibe coding opportunity to make software more secure

Dr Richard Horne delivered a keynote about cyber risks and opportunities at the RSAC Conference in San Francisco

Luis Henrique Boucault via Getty Images

The UK’s chief cyber expert has called on the international security community to grasp the opportunity to reduce our collective vulnerability to cyber attacks by developing safeguards around vibe coding – the use of artificial intelligence to generate software.

At a major cyber summit in the USA, Dr Richard Horne, the Chief Executive of the UK’s National Cyber Security Centre, highlighted how digital societies face a “fundamental issue with the quality of technology we use” due to exploitable vulnerabilities.

The NCSC CEO spoke of both the opportunity and challenges with AI-generated code.

Whilst insecure software produced without human review could potentially propagate vulnerabilities, he observed that well-trained AI tooling writing software which is more secure by design and throughout its lifecycle could transform cyber security outcomes for the better.

In a keynote address at the RSAC Conference in San Francisco, Richard Horne said:

The attractions of vibe coding are clear, and disrupting the status quo of manually produced software that is consistently vulnerable is a huge opportunity, but not without risk of its own.

“The AI tools we use to develop code must be designed and trained from the outset so that they do not introduce or propagate unintended vulnerabilities.
He said security professionals had “both the opportunity and responsibility” to ensure that a future where vibe coding and other AI code-generation tools are more widely adopted is “a net positive for security”.

Today (24/03), the NCSC – which is a part of the UK signals intelligence agency GCHQ – has published a new blog post arguing that code produced by AI currently poses intolerable risks for many organisations but that vibe coding shows “glimpses of a new paradigm”.

It predicts the business benefits of using AI to write code will drive up adoption, and so it is vital that security professionals start engaging with the risks now to embed core security principles that will make software less vulnerable to attack.

In his speech at RSAC, Dr Horne also spoke of how cyber risk is now of “greater consequence than ever before”, as we face more exposure, inherent vulnerability and threat activity carried out by “a web of actors who blur the categories, increasingly linking to and enabling each other”.

To combat this “multi-dimensional” threat, he said our collective approach to defending our societies must match that, likening cyber defence to a full court press in basketball, where “collective pressure from all actions together” can have greatest impact.

Download & print article PDF Share Share Facebook LinkedIn X Copy Link