I Watched AI Agents Try to Hack My Vibe-Coded Website

A few weeks ago, I watched a small team of artificial intelligence agents spend roughly 10 minutes trying to hack into my brand new vibe-coded website.

The website targeted by Sybil was one I created recently using Claude Code to help me sort through new AI research papers. The site, which I call Arxiv Slurper consists of a backend server that accesses the Arxiv—where most AI research is posted—along with a few other resources, combing through paper abstracts for words like “novel”, “first”, “surprising” as well as some technical terms I’m interested in. It’s a work in progress, but I was impressed with how easy it was to cobble together something potentially useful, even if I had to fix a few bugs and configuration issues by hand.

This would be interesting for both good and bad actors. A tool like this would look at things other than benchmarks and figure out vulnerabilities.

In time more websites would be vibe-coded, so having tools like this to pen-test could be valuable.