Insecure AI-Generated Software Means ‘Massive Opportunity’ For Security: Sophos Exec

MSPs can play a key role in helping to prevent some of the major cyber risks from AI ‘vibe coding’ tools that many customers are now utilizing, Sophos executive Scott Barlow said Tuesday.

MSPs can play a key role in helping to prevent some of the major cyber risks from AI “vibe coding” tools that many customers are now utilizing, Sophos executive Scott Barlow said Tuesday.

Speaking to an audience of MSP executives, Barlow, chief evangelist and global head of community at cybersecurity giant Sophos, said there’s no question that the surging adoption of AI tools for development of new applications is creating a massive source of new security risk.

[Related: MSPs See Massive AI Opportunities In 2026, Pricing Remains ‘Trial And Error’: Panel]

“What this means is that your customers are out there building their own applications [with AI],” Barlow said during a session at XChange March 2026, hosted by CRN parent The Channel Company this week in Orlando, Fla. “How are you going to secure that?”

Looking ahead, “that, I think, is going to be the biggest risk moving forward over the next year or so,” he said.

Barlow pointed to a recently disclosed incident where a security researcher reported hacking an AI-developed edtech application that had been showcased on vibe coding platform Lovable. The researcher reported finding 16 vulnerabilities—six of which were deemed critical-severity issues—during just a few hours of research.

One of the most troubling flaws was that the AI-generated app was unintentionally only set to allow unauthenticated access to its back-end database, exposing personally identifiable information as well as thousands of student accounts, the researcher reported.

Building AI-generated apps that can lead to these types of issues is “what your customers are doing” right now, Sophos’ Barlow said.

The bottom line is that “this is a massive opportunity for you to secure your end customers more effectively,” he told MSP executives during the session Tuesday.

There is unquestionably a major opportunity for MSPs to assist customers around properly securing the AI-generated apps that will be increasingly created, according to Tommy Vaughan, president of Lynchburg, Va.-based Central Technology Solutions.

Without a doubt, “that is a direction that customers are going,” Vaughan said.

As a result of the new “wild west” of AI that the industry is experiencing right now, MSPs are being called upon to work alongside their customers on vibe-coded apps to “understand the risk and put the governance around it,” he said.

“It’s a differentiator for us, as MSPs, to be able to come along with them and say, ‘Hey, you’re doing something great, but it’s insecure—and there’s a lot of risk there,’” Vaughan said.