> For the complete documentation index, see [llms.txt](https://docs.ox.security/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.ox.security/vibesec/vibesec.md). # About VibeSec VibeSec helps you secure AI coding agents as they generate and modify code. It reduces the risk of introducing security issues during AI-assisted development and gives security teams a foundation for governing how AI coding agents are used across the organization. VibeSec works across multiple AI coding agents, allowing you to secure development workflows. Before you start using VibeSec, you must [install it](/vibesec/installing-vibesec.md). #### How VibeSec secures your code When a developer works with an AI coding agent, VibeSec analyzes the developer's prompt and identifies the security risks that are likely to be introduced. Based on that analysis, VibeSec provides security instructions that guide the agent toward a safer implementation. These instructions are sent to the AI coding agent, not to the developer directly. This process runs in the background and does not interrupt the developer's regular workflow. The guidance is provided before the code is generated, helping prevent vulnerabilities rather than detecting and fixing them after the code is written. For example, if VibeSec detects that a prompt may lead to an SQL injection risk in Java or Go code, it can provide the AI coding agent with instructions for preventing SQL injection risk. Then, the agent generates the code securely based on these instructions. In [Agent Guidelines](/vibesec/agent-guidelines.md), security teams can browse the active guidelines by language and vulnerability type, and enable or disable individual guidelines. #### VibeSec and AI agent governance As developers adopt AI coding agents, they install and use a growing stack of components alongside the agent, including MCP servers, external SaaS integrations, IDE extensions, and AI models. Security teams need to know what is in use across the organization, who is using it, and what data and capabilities each component reaches. VibeSec brings this AI stack under governance using the [Agent AI BOM](/vibesec/agent-ai-bom.md). The BOM provides organization-wide visibility into the MCP servers, external SaaS, and AI models that AI coding agents rely on, along with usage statistics and the users behind each component. Beyond visibility, VibeSec lets security teams apply fine-grained controls over what developers are allowed to use, such as allowing or blocking specific MCP tools, external SaaS integrations, and AI models. #### Reviewing VibeSec activity VibeSec monitors every prompt OX analyzes and every tool call the agent makes, and surfaces the results across three views: * [**Agent Activity Log**:](/vibesec/agent-activity-log.md) Real-time view of recent prompts and tool calls, with the OX action taken on each event and the guidelines or policies that fired. * [**VibeSec Prevented Risks**:](/vibesec/vibesec-prevented-risks-new.md) Long-term history of the events where OX delivered value, kept for as long as needed for reporting and review. --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.ox.security/vibesec/vibesec.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.