AI Agent Security: App Security for Vibe-Coded Agents

assisted development makes it faster than ever to build applications, but it also makes it easier to ship security mistakes at speed. This course teaches the fundamentals of application security for vibe coded apps through a practical, modern example: a web-based AI agent application with real tools, user data, authentication, and cloud access. Instead of learning security only through theory, you’ll work through a classic real-world pattern many developers are now building: an AI-powered app that looks like a normal web product on the surface, but behind the scenes includes LLM workflows, tool calling, memory, and backend access. That makes it the perfect example for understanding both traditional app security and AI agent security together. In this hands-on course, you’ll learn: core application security concepts every AI-assisted developer should know OWASP-style risks including injection, auth flaws, insecure defaults, and over-permissioned systems how AI code generation can introduce vulnerabilities into apps and agents how to recognize insecure patterns in generated code and architecture secure coding patterns for input validation, authentication, authorization, and sensitive data handling secrets management, dependency hygiene, and common supply chain risks how to reduce blast radius in agentic systems with layered defenses how to use automated scanning and AI-powered review workflows before deployment how to build a personal security checklist for rapid AI-assisted development A major focus of the course is showing how a classic web-coded AI agent can become vulnerable to prompt injection, data exfiltration, broken authorization, memory attacks, and excessive privilege and then walking through how to fix those issues step by step. By the end of the course, students will understand how to build faster with AI without skipping security fundamentals, and how to apply practical defenses to both conventional software and modern AI agent applications. Short Attack List Prompt Injection Indirect Prompt Injection Injection Attacks Broken Authentication Broken Authorization Insecure Defaults Secret Exposure Data Exfiltration Memory Poisoning Tool Abuse Jailbreaks PII Leakage Dependency Risks Supply Chain Risks Excessive Permissions