Major ‘vibe-coding’ platform Orchids is easily hacked, researcher finds

The BBC has been shown a significant – and as yet unfixed – cyber-security risk within Orchids, a rapidly growing artificial intelligence (AI) coding platform. This "vibe-coding" tool, designed to enable individuals without technical expertise to create applications and games by simply typing natural language prompts into a chatbot, represents a burgeoning segment of the AI landscape. These platforms have seen an explosion in popularity, often lauded as harbingers of a future where professional services can be delivered with unprecedented speed and cost-efficiency through AI. However, the ease with which Orchids can be compromised, as demonstrated to the BBC, underscores the inherent dangers of granting AI bots extensive access to our digital lives in exchange for convenience and autonomous task execution. Despite repeated attempts by the BBC to solicit comment, the company behind Orchids has remained silent.

The severity of the vulnerability was starkly illustrated when cyber-security researcher Etizaz Mohsin, who specializes in uncovering critical software flaws, was able to hijack a BBC reporter’s laptop after exploiting a security weakness within the Orchids desktop application. Mohsin initiated a test by downloading the Orchids software onto a dedicated experimental laptop and commenced a "vibe-coding" project. His objective was to create code for a computer game inspired by the BBC News website. The AI assistant, Orchids, automatically began generating lines of code that were indecipherable to someone without prior programming knowledge.

Exploiting a specific, undisclosed security flaw, Mohsin was able to gain unauthorized access to the reporter’s project, enabling him to view and modify any part of the generated code. He then subtly inserted a small, undetectable line of malicious code among the thousands of characters comprising the project. This seemingly minor alteration granted him unfettered access to the reporter’s computer. Shortly after, a text file titled "Joe is hacked" appeared on the desktop, accompanied by a background image depicting an AI hacker, serving as irrefutable proof of the breach.

The implications of this exploit are far-reaching, particularly considering that Orchids claims to boast a user base of one million individuals and states its services are utilized by prominent tech giants such as Google, Uber, and Amazon. The platform is also recognized as a leading tool for certain aspects of vibe-coding, according to industry analysts. The ease with which a malicious actor could have installed malware onto the reporter’s machine without any user interaction – a so-called "zero-click attack" – is a profound concern. Such an attack could have led to the theft of sensitive personal or financial data, the surreptitious access of internet browsing history, or even the hijacking of the computer’s cameras and microphones for surveillance.

This incident deviates significantly from typical hacking scenarios, which often require the victim to download malicious software or divulge login credentials. The Orchids vulnerability allows for a breach without any direct user involvement, highlighting a new frontier of cyber threats. "The vibe-coding revolution has introduced a fundamental shift in how developers interact with their tools, and this shift has created an entirely new class of security vulnerability that didn’t exist before," Mohsin explained to the BBC. "The whole proposition of having the AI handle things for you comes with big risks."

Mohsin, a 32-year-old researcher from Pakistan now residing in the UK, has a documented history of identifying serious security vulnerabilities in software, including his work on the notorious Pegasus spyware. He reported discovering the flaw in Orchids in December 2025 while experimenting with vibe-coding tools. For weeks, he attempted to alert the company through various channels, including email, LinkedIn, and Discord, sending approximately a dozen messages. The Orchids team finally responded this week, attributing their delayed acknowledgement to being "overwhelmed with inbound" messages and suggesting they had "possibly missed" his warnings. The company, based in San Francisco, was founded in 2025 and reportedly has fewer than 10 employees, according to its LinkedIn profile.

Mohsin stated that he has so far only identified these specific flaws within Orchids and has not yet found similar vulnerabilities in other vibe-coding platforms such as Claude Code, Cursor, Windsurf, and Lovable. Nevertheless, cybersecurity experts emphasize that this incident should serve as a critical cautionary tale for the broader AI industry. Kevin Curran, a professor of cybersecurity at Ulster University, warned, "The main security implications of vibe-coding are that without discipline, documentation, and review, such code often fails under attack."

AI tools that perform complex tasks on behalf of users, often referred to as "agentic AI," are increasingly capturing public attention. A recent example is the viral Clawbot agent, also known as Moltbot or Open Claw. This AI bot can execute tasks on a user’s device, such as sending WhatsApp messages or managing calendars, with minimal human intervention. It is estimated that this free AI agent has been downloaded by hundreds of thousands of individuals, granting it deep access to their computers, which inherently creates numerous potential security risks and vulnerabilities.

Karolis Arbaciauskas, head of product at the cybersecurity firm NordPass, advises extreme caution. "While it’s exciting and curious to see what an AI agent can do without any security guardrails, this level of access is also extremely insecure," he commented. His recommendation for users experimenting with such powerful AI agents is to utilize separate, dedicated machines and employ disposable accounts to mitigate potential risks. This approach aims to isolate any compromised systems and prevent widespread damage to personal or corporate data. The incident with Orchids highlights the critical need for robust security measures and responsible development practices as AI technology continues to integrate more deeply into our daily lives.