In early 2025, Andrej Karpathy, co-founder of OpenAI, introduced a term that would quietly reframe one of the most significant shifts in software development: vibe coding. The idea was simple – describe what you want in plain language, let AI generate the code, and build a functional website without writing a single line yourself.
For a whole new audience of builders – designers, marketers, and entrepreneurs who had never written a line of code, vibe coding opened up a world of possibilities. But with lower barriers to creation come new sources of security threats.
For digital agencies and web hosting providers, that should prompt a more urgent question: is your infrastructure stack prepared for what comes next?
To find out more about the world of vibe coding, we invited Luke Wood, Infrastructure Partnerships Lead at Netcraft – a global leader in threat intelligence and digital risk protection – onto the Openprovider Podcast.
He spoke about the rise of vibe coding as a cybersecurity weapon and the direct implications for everyone managing domain and hosting infrastructure.
The dangers of democratization
To understand why vibe coding matters to the hosting and domain industry, it’s important to understand what it removes.
Traditionally, building a convincing phishing page required technical skill – HTML, CSS, some understanding of how credential stores work. That complexity acted as a natural filter. Not every would-be fraudster could clear it.
Vibe coding eliminates that filter entirely. During their own analysis, Netcraft researchers were able to generate two fully functional phishing pages (unpublished and for testing purposes only) – one cloning a major postal delivery service, another impersonating a well-known streaming platform – using publicly available vibe coding tools, with minimal difficulty.
Wood explains why this shift has made vibe coding so attractive to attackers:
“Vibe coding has no entry-level barrier nor financial implications at the onset. Fraudsters no longer require coding or design experience and can rely less on PhaaS (Phishing as a Service) solutions, which often require financial input. Whilst vibe coding solutions often have free user limits, fraudsters can simply spin up multiple accounts to effectively bypass these limits. Upon generating a website using a vibe-coding solution, a fraudster can copy the template and deploy it at scale, ensuring a faster turnaround for a phishing campaign.”
The safeguards built into vibe coding platforms – prompt-based filters designed to prevent malicious content generation – are, in many cases, easily circumvented. Some platforms require little more than an anonymous email address to register. The result is a threat that is faster to deploy, cheaper to run, and increasingly difficult to distinguish from legitimate web content.
That ease of use is translating directly into threats at a scale the industry has never seen before – and Netcraft’s data makes that shift impossible to ignore.
Volume and precision: a lethal combination
AI is driving automation across every industry. Cybercrime is no exception.
Speaking on the Openprovider Podcast, Wood was unequivocal: the volume of attacks linked to vibe coding platforms is increasing rapidly. He outlined how one platform alone generated upwards of 4,000 reports to Netcraft per month by October 2025, compared to just under 250 in January of the same year. A 16x increase in under twelve months.
That acceleration is not simply a story of volume. It reflects a maturation in how these tools are being used. Early vibe-coded phishing pages were relatively rough around the edges. What Netcraft is now tracking is something more sophisticated: targeted campaigns built to deceive specific people, on specific platforms, with an attention to detail that makes detection genuinely difficult.
Wood describes a growing trend that moves beyond broad phishing campaigns toward highly targeted attacks – ones that exploit the specific login infrastructure of individual organisations:
“There is a growing trend of targeted phishing attacks powered by vibe coding tools. These targeted attacks tend to be focused on industries like human resources – specifically those that provide specific login portals per company. A fraudster can clone that login page to perform a specific phishing attack against a targeted brand. By nature, these attacks will be harder to detect, especially if it’s a rarely targeted company.”
The implications of that shift are significant. When phishing was predominantly a volume game – cast wide, catch a few – detection systems could rely on pattern recognition and known signatures.
Targeted attacks against unfamiliar brands, built with convincing AI-generated content, strain those systems in ways the industry is still learning to respond to.
For hosting providers and resellers managing hundreds or thousands of client domains, these are not distant threats. They are arriving in your infrastructure right now – and that raises the question about operational readiness.
Why your hosting and domain stack is part of the equation
It is tempting to frame vibe coding threats as a concern for end users or security vendors. For registrars, hosting providers, and resellers, the instinct might be to treat detection and response as someone else’s responsibility.
When a vibe-coded phishing page is deployed, however, it does not exist in isolation. It lives on a domain. It sits on hosting infrastructure. It exploits the gaps that exist between disconnected systems – between the registrar that holds the domain, the host that serves the content, and the security tooling that may or may not be watching.
Those gaps are not accidental. They are the predictable consequence of fragmented infrastructure management.
A domain registered through one vendor, hosted through another, with DNS managed somewhere else entirely and security monitoring operating independently – each handoff between systems is a potential blind spot. And blind spots are precisely what sophisticated attackers are built to find and exploit.
On the other hand, a unified infrastructure stack – one that connects domain registration, DNS, SSL, email, and security monitoring under a single operational view – closes those seams. Suspicious activity becomes visible earlier. Response times compress. The attack surface narrows.
For hosting providers managing large client portfolios, that visibility is the difference between catching a threat early and finding out about it when a client calls.
Netcraft’s own takedown data illustrates what integration with registrars like Openprovider makes possible. With connected industry partnerships in place, their median takedown time sits at 1.9 hours. That speed is not a function of effort alone – it is a function of how well systems talk to each other.
For resellers managing infrastructure on behalf of clients, operational readiness has a direct commercial dimension too. A compromise that affects a client’s domain or hosting environment does not stay contained to the technical layer. It damages trust, accelerates churn, and raises questions about the value of the infrastructure partnership you have built.
And the window for getting ahead of that cost is narrowing – because the threat is not waiting.
The vibe coding era is already here
Vibe coding will continue to mature. The platforms will improve, the safeguards will be tested, and the campaigns will grow more targeted and harder to detect. That trajectory is already visible in Netcraft’s data – and there is no reason to expect it to slow.
What separates the infrastructure providers who navigate this well from those who do not is not the sophistication of their individual tools. It is whether their stack is consolidated, monitored, and connected to the intelligence needed to act before damage compounds.
The vibe coding era has arrived.
The question is whether your infrastructure was built to meet it.
If your current setup is holding your growth back, the best way to see the difference is to experience it directly. Create a free Openprovider account today – no credit card required – and try out our platform for yourself.
