Rise of AI ‘vibe coding’ raises cyber risk for Pakistan’s freelance, IT sector

The growing use of artificial intelligence-driven “vibe coding” tools is introducing new cybersecurity risks for Pakistan’s freelance and IT export sector, as developers increasingly rely on automated systems to build and execute code.

According to experts, the approach allows users to create applications by describing tasks in natural language, with AI tools generating and running code. While this has improved productivity and reduced development time, experts warn it also lowers barriers for cyberattacks and expands potential vulnerabilities.

Pakistan, one of the largest freelance markets globally, has seen rapid adoption of such tools among developers working on international platforms. Freelancers generated over $500 million in foreign exchange during the first half of FY2025-26.

Cybersecurity researchers say newer “agentic” AI systems, which can autonomously write and execute code, are changing the threat landscape. These systems often operate with broad access to files and execution environments, increasing the risk of exploitation if underlying platforms contain vulnerabilities.

Experts highlight risks such as prompt injection and malicious code execution. In some cases, AI systems may inadvertently run harmful commands sourced from external data, allowing unauthorised access to developer systems and sensitive information.

The risks extend beyond individual users to the wider IT export ecosystem. A compromised development environment could expose proprietary code, application interfaces and financial data of multiple international clients.

Researchers have also identified the potential for “zero-click” attacks, where systems can be compromised without user interaction. Such exploits allow attackers to insert malicious code into projects and gain control over systems.

Adoption of AI coding tools is increasing among startups and developers in major cities, enabling faster product development. However, experts say security practices have not kept pace with the speed of deployment.

Institutional preparedness remains limited, with many organisations focused on conventional threats such as phishing and ransomware. AI-driven risks require different monitoring systems and governance frameworks.

Regulatory oversight for AI-based development environments is also evolving. While existing frameworks address broader cybercrime issues, specific guidelines for AI-assisted coding tools remain limited.