Cyber Daily Report

News

Home News

Amazon Lost 6.3 Million Orders to Vibe Coding. Your SOC Is Next.

  • None--securityboulevard.com
  • published date: 2026-03-20 00:00:00 UTC

None

<p>The software industry has a new word for the torrent of low-quality, AI-generated code flooding production systems: <strong>slop</strong>. <a href="https://www.merriam-webster.com/wordplay/word-of-the-year" rel="noopener">Merriam-Webster named it Word of the Year for 2025</a>. The crisis hit its most visible peak when Amazon, after mandating 80% weekly usage of its AI coding assistant Kiro, suffered a six-hour outage that knocked out checkout, login, and product pricing, costing an estimated 6.3 million orders.</p><p>The same failure pattern is now emerging in security operations. And the consequences will be harder to detect.</p><h2 class="wp-block-heading">What Is Triage Slop?</h2><p>When Andrej Karpathy coined “vibe coding” in February 2025, he described a state where developers “fully give in to the vibes” and forget the code exists. Collins English Dictionary named it Word of the Year. The practice (describing what you want in natural language, accepting whatever the LLM generates, and shipping without review) produced measurable damage: 1.7 times more major issues, up to 2.7 times more XSS vulnerabilities, and a 23.5% increase in production incidents per pull request (<a href="https://www.coderabbit.ai/blog/ai-code-quality-2025" rel="noopener">CodeRabbit, December 2025</a>).</p><p><strong><a href="https://d3security.com/glossary/triage-slop/">Triage slop</a></strong> is the SOC equivalent: AI-generated alert classifications, investigation summaries, and response recommendations that look professional but lack the depth, context, and accuracy that security operations demand. The failure mode is identical: an inexperienced operator uses a natural language interface to produce output they cannot critically evaluate.</p><h2 class="wp-block-heading">The Junior-Senior Divide Applies to Analysts Too</h2><p>Amazon’s experience made the pattern undeniable. Junior and mid-level engineers accepted AI-generated code at high rates without catching subtle flaws. After the outages, Amazon issued a 90-day mandate requiring senior engineer sign-off on all AI-assisted production deployments.</p><p>D3 Security observed the same dynamic on our own engineering team during the 24-month development of <a href="https://d3security.com/morpheus/">Morpheus AI</a>. Junior developers produced code that required extensive rework. Senior developers, once they learned to direct the LLM with architectural intent, achieved up to 10 times their normal output.</p><p>The parallel to SOC operations is direct. The average enterprise SOC receives over 4,400 alerts per day. Analysts get 70 minutes per full investigation. When an AI tool presents a classification with a confidence score and a professional summary, a Tier-1 analyst under time pressure will accept it, just as a junior developer accepts generated code. The 61% of SOC teams that already report ignoring alerts later confirmed as genuine compromise are about to get a new mechanism for doing so. One wrapped in AI confidence scores.</p><h2 class="wp-block-heading">The Downstream Cascade</h2><p>These problems are directly connected. On March 18, 2026, the Linux Foundation announced a $12.5 million initiative (backed by Anthropic, AWS, GitHub, Google, Microsoft, and OpenAI) to address the open-source security crisis driven by AI-generated code. The National Vulnerability Database has over 30,000 CVEs backlogged.</p><p>More vulnerable code in production means more alerts. More alerts means more pressure on triage systems. More pressure means more temptation to accept AI-generated triage without review. The feedback loop is self-reinforcing.</p><h2 class="wp-block-heading">Why the Problem Is Architectural</h2><p>Three structural failures produce triage slop:</p><p><strong>General-purpose LLMs lack domain knowledge.</strong> A general-purpose model can summarize a phishing alert. It cannot trace how a phishing payload transitions to credential theft, how compromised credentials enable lateral movement, or how each stage manifests differently across vendor telemetry. Cisco’s Foundation-sec-8b (an 8-billion parameter cybersecurity-specific model) outperforms general-purpose models nearly 10 times its size on security benchmarks. Domain-specific training data produces domain-specific accuracy.</p><p><strong>Static playbooks cannot adapt to context.</strong> Most AI-augmented SOAR platforms use LLMs to speed up authoring of the same rigid, pre-authored workflows. A phishing playbook runs the same 15–20 steps whether the target is an intern or the VP of Finance. Adding a natural language interface speeds creation. It does not fix the inability to adapt.</p><p><strong>No quality framework for AI triage decisions.</strong> In software engineering, code review, automated testing, and CI/CD pipelines catch slop before production. Vibe coding bypasses these gates. Most AI triage products have no equivalent. They classify alerts without exposing reasoning, without validating against ground truth, and without giving analysts a visible framework to assess correctness.</p><figure class="wp-block-image size-full"><img fetchpriority="high" decoding="async" width="960" height="540" src="https://d3security.com/wp-content/uploads/2025/03/morpheus-ai-whitepaper-cover-v2-1.png" alt="Cover art for the whitepaper titled: Morpheus AI-Driven Autonomous Investigation, Triage, and Response" class="wp-image-55641" srcset="https://d3security.com/wp-content/uploads/2025/03/morpheus-ai-whitepaper-cover-v2-1.png 960w, https://d3security.com/wp-content/uploads/2025/03/morpheus-ai-whitepaper-cover-v2-1-300x169.png 300w, https://d3security.com/wp-content/uploads/2025/03/morpheus-ai-whitepaper-cover-v2-1-768x432.png 768w" sizes="(max-width: 960px) 100vw, 960px"></figure><h2 class="wp-block-heading">How Morpheus AI Is Built to Prevent Triage Slop</h2><p>D3 Security built Morpheus AI with the explicit goal of producing triage decisions that withstand scrutiny.</p><ul class="wp-block-list"> <li><strong>Purpose-built cybersecurity LLM</strong>: 24 months, 60 specialists, trained on security telemetry and attack patterns. Built from the ground up for security, not a general-purpose model with a security prompt.</li> <li><strong><a href="https://d3security.com/morpheus/investigation/">Attack Path Discovery</a> on every alert</strong>: multi-dimensional correlation across the full security stack that exposes every node, connection, and reasoning step</li> <li><strong>Contextual Playbook Generation</strong>: bespoke response workflows generated at runtime from evidence, not static templates</li> <li><strong><a href="https://d3security.com/morpheus/self-healing-integrations/">Self-Healing Integrations</a></strong>: autonomous drift detection and remediation across 800+ tools</li> <li><strong>Deterministic/Indeterministic Trust Model</strong>: every AI decision goes through human validation before earning autonomous execution privileges</li> <li><strong>Visible code and reasoning chains</strong>: full access to back-end Python code for every AI-generated playbook</li> <li><strong>Attack simulation with known ground truth</strong>: realistic multi-stage attacks that validate whether the AI discovers complete attack paths</li> </ul><h2 class="wp-block-heading">The Question Every Security Leader Should Ask</h2><p>Does your AI triage platform show you the complete reasoning chain for every decision? Can analysts trace exactly how it reached each conclusion? Does it validate its accuracy against known ground truth?</p><p>If the answer to any of these is no, the system is producing triage slop by design. Confident-looking output from a system no one can verify.</p><p><strong>The lesson from vibe coding is definitive: the tool’s value depends entirely on the operator’s ability to evaluate what it produces.</strong></p><h2 class="wp-block-heading">See Morpheus AI in Action</h2><p><a href="https://d3security.com/demo/">Request a live demonstration</a> of <a href="https://d3security.com/morpheus/">Morpheus AI</a> to see how it prevents triage slop in your SOC environment.</p><figure class="wp-block-image aligncenter size-large size-full"><img decoding="async" width="1024" height="576" src="https://d3security.com/wp-content/uploads/2026/03/D3-Morpheus-%E2%80%94-SOC-Alert-Triage-Slop-1024x576.jpg" alt='Preview of the whitepaper: "SOC Alert Triage Slop: When AI-Generated Security Decisions Follow the Same Path as AI-Generated Code"' class="wp-image-59280" srcset="https://d3security.com/wp-content/uploads/2026/03/D3-Morpheus-—-SOC-Alert-Triage-Slop-1024x576.jpg 1024w, https://d3security.com/wp-content/uploads/2026/03/D3-Morpheus-—-SOC-Alert-Triage-Slop-300x169.jpg 300w, https://d3security.com/wp-content/uploads/2026/03/D3-Morpheus-—-SOC-Alert-Triage-Slop-768x432.jpg 768w, https://d3security.com/wp-content/uploads/2026/03/D3-Morpheus-—-SOC-Alert-Triage-Slop-1536x864.jpg 1536w, https://d3security.com/wp-content/uploads/2026/03/D3-Morpheus-—-SOC-Alert-Triage-Slop.jpg 1920w" sizes="(max-width: 1024px) 100vw, 1024px"></figure><p><strong>Read the Full Resource: </strong><a href="https://d3security.com/resources/soc-alert-triage-slop/"><strong>SOC Alert Triage Slop: When AI-Generated Security Decisions Follow the Same Path as AI-Generated Code</strong></a></p><p>A comprehensive analysis of how AI coding slop parallels AI triage slop, why the problem is architectural, and how purpose-built cybersecurity AI prevents it.</p><p>The post <a href="https://d3security.com/blog/amazon-lost-6-million-orders-vibe-coding-soc-next/">Amazon Lost 6.3 Million Orders to Vibe Coding. Your SOC Is Next.</a> appeared first on <a href="https://d3security.com/">D3 Security</a>.</p><div class="spu-placeholder" style="display:none"></div><div class="addtoany_share_save_container addtoany_content addtoany_content_bottom"><div class="a2a_kit a2a_kit_size_20 addtoany_list" data-a2a-url="https://securityboulevard.com/2026/03/amazon-lost-6-3-million-orders-to-vibe-coding-your-soc-is-next/" data-a2a-title="Amazon Lost 6.3 Million Orders to Vibe Coding. Your SOC Is Next."><a class="a2a_button_twitter" href="https://www.addtoany.com/add_to/twitter?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F03%2Famazon-lost-6-3-million-orders-to-vibe-coding-your-soc-is-next%2F&amp;linkname=Amazon%20Lost%206.3%20Million%20Orders%20to%20Vibe%20Coding.%20Your%20SOC%20Is%20Next." title="Twitter" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_linkedin" href="https://www.addtoany.com/add_to/linkedin?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F03%2Famazon-lost-6-3-million-orders-to-vibe-coding-your-soc-is-next%2F&amp;linkname=Amazon%20Lost%206.3%20Million%20Orders%20to%20Vibe%20Coding.%20Your%20SOC%20Is%20Next." title="LinkedIn" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_facebook" href="https://www.addtoany.com/add_to/facebook?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F03%2Famazon-lost-6-3-million-orders-to-vibe-coding-your-soc-is-next%2F&amp;linkname=Amazon%20Lost%206.3%20Million%20Orders%20to%20Vibe%20Coding.%20Your%20SOC%20Is%20Next." title="Facebook" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_reddit" href="https://www.addtoany.com/add_to/reddit?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F03%2Famazon-lost-6-3-million-orders-to-vibe-coding-your-soc-is-next%2F&amp;linkname=Amazon%20Lost%206.3%20Million%20Orders%20to%20Vibe%20Coding.%20Your%20SOC%20Is%20Next." title="Reddit" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_email" href="https://www.addtoany.com/add_to/email?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F03%2Famazon-lost-6-3-million-orders-to-vibe-coding-your-soc-is-next%2F&amp;linkname=Amazon%20Lost%206.3%20Million%20Orders%20to%20Vibe%20Coding.%20Your%20SOC%20Is%20Next." title="Email" rel="nofollow noopener" target="_blank"></a><a class="a2a_dd addtoany_share_save addtoany_share" href="https://www.addtoany.com/share"></a></div></div><p class="syndicated-attribution">*** This is a Security Bloggers Network syndicated blog from <a href="https://d3security.com/">D3 Security</a> authored by <a href="https://securityboulevard.com/author/0/" title="Read other posts by Shriram Sharma">Shriram Sharma</a>. Read the original post at: <a href="https://d3security.com/blog/amazon-lost-6-million-orders-vibe-coding-soc-next/">https://d3security.com/blog/amazon-lost-6-million-orders-vibe-coding-soc-next/</a> </p>

Most Popular

FIRESIDE CHAT: In the AI age, your MFA, authentication apps can be compromised in minutes

  • None -- securityboulevard.com
  • Published date: 2026-03-22 00:00:00 UTC

CTG Launches Cyber Resilience Scoring Dashboard to Give CISOs a Single Risk Number

  • None -- securityboulevard.com
  • Published date: 2026-03-22 00:00:00 UTC

This is all it takes to stop a train (Lock and Code S07E06)

  • None -- securityboulevard.com
  • Published date: 2026-03-22 00:00:00 UTC

How OTP Authentication Streamlines Service Delivery for HVAC Companies

  • None -- securityboulevard.com
  • Published date: 2026-03-21 00:00:00 UTC

Secrets Management vs. Secrets Elimination: Where Should You Invest?

  • None -- securityboulevard.com
  • Published date: 2026-03-21 00:00:00 UTC