#569: Why Vibe Hacking Is a Big Cybersecurity Threat in 2026

Mar 30, 2026

Pascal Geenens, Radware researcher and cybersecurity expert behind the Global Threat Analysis Report, explains the 2025–2026 shift where AI supercharges attackers. He breaks down vibe hacking, agentic AI and MCP risks. Short takes cover AI-driven DDoS resurgence, vulnerable APIs, indirect prompt injection, and how automation hands novices powerful attack tools.

Ask episode

AI Snips

Chapters

Transcript

Episode notes

INSIGHT

MCP Gives AI Agents Practical Attack Capabilities

MCP (Model Context Protocol) gives agents 'hands' by exposing tool servers that run scanners and exploits.
Pascal Geenens notes MCP-linked toolsets allow agents to run nmap, curl, and pen-test tools remotely, enabling end-to-end automation.

ADVICE

Avoid Unchecked Offline Models For Sensitive Tasks

Prefer guarded cloud models and be cautious with offline open models when you need auditability.
Pascal Geenens warns open offline models (e.g., DeepSeek-R1) lack oversight and can be used anonymously for attacks.

INSIGHT

DDoS Is Back At Multi‑Terabit Scale

Volumetric DDoS returned strongly in 2025 with multi-terabit capability rented via DDoS-as-a-service.
Pascal Geenens links 30 Tbps proof-of-capability bursts to botnets like Isuru and Kimwolf rented to customers for short attacks.

Get the Snipd Podcast app to discover more snips from this episode

Get the app

Big thank you to Radware for sponsoring this video. Download the Radware Global Threat Analysis Report 2026 here: https://www.radware.com/threat-analys... In this interview, David Bombal sits down with Radware's Pascal Geenens to unpack the realities of the latest global threat report. The cybersecurity landscape has experienced a major paradigm shift: the era of "Vibe Hacking" is here. Pascal explains how Agentic AI, the Model Context Protocol (MCP), and uncensored offline models (like DeepSeek-R1) have created a "digital garden of Eden" for adversaries. Discover how novice script kiddies are now use the power of AI hacking which once strictly reserved for nation-state actors. We dive deep into the automation of cyber attacks, the rise of AI-driven tools like Xantarox AI, the critical dangers of AI-generated code vulnerabilities, and why traditional defense mechanisms are struggling to keep up with non-deterministic AI threats. // Pascal Geenens’ SOCIAL // LinkedIn: / Website: https://www.radware.com/ // David's SOCIAL // Discord: discord.com/invite/usKSyzb Twitter: www.twitter.com/davidbombal Instagram: www.instagram.com/davidbombal LinkedIn: www.linkedin.com/in/davidbombal Facebook: www.facebook.com/davidbombal.co TikTok: tiktok.com/@davidbombal YouTube: / @davidbombal Spotify: open.spotify.com/show/3f6k6gE... SoundCloud: / davidbombal Apple Podcast: podcasts.apple.com/us/podcast... // MY STUFF // https://www.amazon.com/shop/davidbombal // SPONSORS // Interested in sponsoring my videos? Reach out to my team here: sponsors@davidbombal.com // MENU // 0:00 - Coming up 01:20 - 2026 Global Threat Analysis Report // The future of cyber attacks 04:19 - AI threats & threat actors 09:21 - Threat Report cover page explained 15:31 - Vibe hacking 23:09 - Hackers using AI 30:28 - The rise of DDoS attacks 40:40 - AI & vulnerable APIs 53:58 - Getting easier with the help of AI 55:57 - Zero-click indirect prompt injection 01:13:33 - Conclusion Please note that links listed may be affiliate links and provide me with a small percentage/kickback should you use them to purchase any of the items listed or recommended. Thank you for supporting me and this channel! Disclaimer: This video is for educational purposes only. #radware #vibehacking #ddos