Amazon Lost 6.3 Million Orders to Vibe Coding. Your SOC Is Next.
The software industry has a new word for the torrent of low-quality, AI-generated code flooding production systems: slop. Merriam-Webster named it Word of the Year for 2025.
AI-Driven Offensive Security: The Current Landscape and What It Means for Defense
The software industry has a new word for the torrent of low-quality, AI-generated code flooding production systems: slop. Merriam-Webster named it Word of the Year for 2025. The crisis hit its most visible peak when Amazon, after mandating 80% weekly usage of its AI coding assistant Kiro, suffered a six-hour outage that knocked out checkout, login, and product pricing, costing an estimated 6.3 million orders.
The same failure pattern is now emerging in security operations. And the consequences will be harder to detect.
What Is Triage Slop?
When Andrej Karpathy coined “vibe coding” in February 2025, he described a state where developers “fully give in to the vibes” and forget the code exists. Collins English Dictionary named it Word of the Year. The practice (describing what you want in natural language, accepting whatever the LLM generates, and shipping without review) produced measurable damage: 1.7 times more major issues, up to 2.7 times more XSS vulnerabilities, and a 23.5% increase in production incidents per pull request (CodeRabbit, December 2025).
Triage slop is the SOC equivalent: AI-generated alert classifications, investigation summaries, and response recommendations that look professional but lack the depth, context, and accuracy that security operations demand. The failure mode is identical: an inexperienced operator uses a natural language interface to produce output they cannot critically evaluate.
The Junior-Senior Divide Applies to Analysts Too
Amazon’s experience made the pattern undeniable. Junior and mid-level engineers accepted AI-generated code at high rates without catching subtle flaws. After the outages, Amazon issued a 90-day mandate requiring senior engineer sign-off on all AI-assisted production deployments.
D3 Security observed the same dynamic on our own engineering team during the 24-month development of Morpheus AI. Junior developers produced code that required extensive rework. Senior developers, once they learned to direct the LLM with architectural intent, achieved up to 10 times their normal output.
The parallel to SOC operations is direct. The average enterprise SOC receives over 4,400 alerts per day. Analysts get 70 minutes per full investigation. When an AI tool presents a classification with a confidence score and a professional summary, a Tier-1 analyst under time pressure will accept it, just as a junior developer accepts generated code. The 61% of SOC teams that already report ignoring alerts later confirmed as genuine compromise are about to get a new mechanism for doing so. One wrapped in AI confidence scores.
The Downstream Cascade
These problems are directly connected. On March 18, 2026, the Linux Foundation announced a $12.5 million initiative (backed by Anthropic, AWS, GitHub, Google, Microsoft, and OpenAI) to address the open-source security crisis driven by AI-generated code. The National Vulnerability Database has over 30,000 CVEs backlogged.
More vulnerable code in production means more alerts. More alerts means more pressure on triage systems. More pressure means more temptation to accept AI-generated triage without review. The feedback loop is self-reinforcing.
Why the Problem Is Architectural
Three structural failures produce triage slop:
General-purpose LLMs lack domain knowledge. A general-purpose model can summarize a phishing alert. It cannot trace how a phishing payload transitions to credential theft, how compromised credentials enable lateral movement, or how each stage manifests differently across vendor telemetry. Cisco’s Foundation-sec-8b (an 8-billion parameter cybersecurity-specific model) outperforms general-purpose models nearly 10 times its size on security benchmarks. Domain-specific training data produces domain-specific accuracy.
Static playbooks cannot adapt to context. Most AI-augmented SOAR platforms use LLMs to speed up authoring of the same rigid, pre-authored workflows. A phishing playbook runs the same 15–20 steps whether the target is an intern or the VP of Finance. Adding a natural language interface speeds creation. It does not fix the inability to adapt.
No quality framework for AI triage decisions. In software engineering, code review, automated testing, and CI/CD pipelines catch slop before production. Vibe coding bypasses these gates. Most AI triage products have no equivalent. They classify alerts without exposing reasoning, without validating against ground truth, and without giving analysts a visible framework to assess correctness.
How Morpheus AI Is Built to Prevent Triage Slop
D3 Security built Morpheus AI with the explicit goal of producing triage decisions that withstand scrutiny.
Purpose-built cybersecurity LLM: 24 months, 60 specialists, trained on security telemetry and attack patterns. Built from the ground up for security, not a general-purpose model with a security prompt.
Attack Path Discovery on every alert: multi-dimensional correlation across the full security stack that exposes every node, connection, and reasoning step
Contextual Playbook Generation: bespoke response workflows generated at runtime from evidence, not static templates
Self-Healing Integrations: autonomous drift detection and remediation across 800+ tools
Deterministic/Indeterministic Trust Model: every AI decision goes through human validation before earning autonomous execution privileges
Visible code and reasoning chains: full access to back-end Python code for every AI-generated playbook
Attack simulation with known ground truth: realistic multi-stage attacks that validate whether the AI discovers complete attack paths
The Question Every Security Leader Should Ask
Does your AI triage platform show you the complete reasoning chain for every decision? Can analysts trace exactly how it reached each conclusion? Does it validate its accuracy against known ground truth?
If the answer to any of these is no, the system is producing triage slop by design. Confident-looking output from a system no one can verify.
The lesson from vibe coding is definitive: the tool’s value depends entirely on the operator’s ability to evaluate what it produces.
See Morpheus AI in Action
Request a live demonstration of Morpheus AI to see how it prevents triage slop in your SOC environment.
Read the Full Resource: SOC Alert Triage Slop: When AI-Generated Security Decisions Follow the Same Path as AI-Generated Code
A comprehensive analysis of how AI coding slop parallels AI triage slop, why the problem is architectural, and how purpose-built cybersecurity AI prevents it.
The post Amazon Lost 6.3 Million Orders to Vibe Coding. Your SOC Is Next. appeared first on D3 Security.
*** This is a Security Bloggers Network syndicated blog from D3 Security authored by Shriram Sharma. Read the original post at: https://d3security.com/blog/amazon-lost-6-million-orders-vibe-coding-soc-next/
About Author
