Markets move faster than ever before. Supply chains shift overnight, customer expectations evolve constantly, and new competitors emerge from unexpected sectors. Traditional analytics that only explain what happened yesterday leave leaders flying blind about what’s coming tomorrow. However, the rise of unified data platforms and predictive analytics is enabling organisations to anticipate market changes before they happen, transforming them from reactive responders to proactive leaders.

Recent research shows that organisations using AI-powered predictive analytics have improved forecasting accuracy by 50%, with a Deloitte 2024 survey finding that 72% of organisations are using predictive analytics to drive business decisions, and 45% reporting significant improvements in decision-making accuracy¹. As market volatility increases and competitive windows narrow, the ability to predict and prepare rather than simply react is becoming the ultimate differentiator.

The Reality of Reactive Business

Most executives admit they’re stuck in “rear-view” mode. Reports arrive weeks after events occur. Market shifts are noticed only after revenue has been lost. Operations teams scramble to address downtime because warning signs were missed. By the time customer churn data reaches decision-makers, competitors have already captured those customers.

The challenge isn’t lack of data, the real problem is the inability to translate raw data into timely foresight. Emergency solutions cost 3-5 times more than planned initiatives², creating cascading effects of higher costs, reduced margins, and operational chaos. When you’re constantly firefighting, there’s no capacity for strategic thinking or proactive improvement.

The Predictive Advantage

Predictive analytics fundamentally changes how organisations operate by using historical and real-time data to forecast likely outcomes. Instead of waiting for quarterly reports, leaders can see patterns unfolding in real-time and take action before competitors recognise what’s happening.

Smart organisations across industries are already leveraging these capabilities. Leading retailers use predictive models to anticipate seasonal demand shifts, optimising stock levels to reduce both costly overstock and lost sales opportunities. IoT sensors feed data into predictive models that identify equipment anomalies weeks before failures occur, enabling manufacturers to move from costly reactive maintenance to proactive scheduling³. This shift alone can reduce maintenance costs by 30-40% while improving operational reliability. Banks apply predictive analytics to detect suspicious transaction patterns in real-time, strengthening fraud prevention while building customer trust through faster service.

Databricks: The Engine for Predictive Intelligence

At the heart of successful predictive analytics implementations lies the need for a platform that can handle massive data volumes while making advanced analytics accessible to business teams. This is where Databricks excels as the unified lakehouse platform that’s reshaping how organisations approach data and AI.

Predictive analytics uses many techniques such as statistical analysis, analytical queries, data mining, predictive modelling, and automated machine learning algorithms to create predictive models that place a numerical value on the likelihood of particular events happening⁴. Databricks eliminates the traditional barriers that have prevented companies from scaling these capabilities by providing a single platform that handles everything from raw data ingestion to production AI models.

Whether you’re analysing historical customer behaviour patterns or processing real-time IoT sensor data, the platform automatically optimises performance and manages resources⁵. This unified approach dramatically reduces complexity while accelerating time-to-insight.

The platform’s collaborative workspace enables data engineers, data scientists, and business analysts to work together seamlessly⁶. With predictive analytics, organisations can find and exploit patterns contained within data to detect risks and opportunities⁴. While business teams can leverage insights and make decisions from it, the actual creation of predictive models still requires the expertise of data analysts. Technical teams continue to manage the infrastructure and optimisation, ensuring that predictive capabilities are effectively implemented and maintained. This approach means insights are delivered close to where decisions happen, but building the models themselves remains a specialised task for data professionals.

Why Timing Matters More Than Ever

Predictive analytics is quickly becoming the new baseline for competitive business operations⁷. Market leaders are investing heavily, Databricks alone secured $10 billion in funding in 2024, with backing from Meta and major financial institutions, underscoring the market’s belief that predictive intelligence is central to enterprise competitiveness.

Waiting too long risks more than falling behind – it risks irrelevance in industries where speed and foresight are becoming competitive standards. Companies that act now will establish significant advantages in customer retention, operational efficiency, and market positioning.

Building Your Predictive Capability

The transition from reactive to predictive requires both strategic thinking and practical execution. Start with specific business outcomes by defining pain points such as equipment downtime, customer churn, or inventory optimisation. Then design predictive models to address these challenges directly.

Unify your data foundation by consolidating information into a secure, governed platform that enables both historical analysis and real-time insights across all business functions. Databricks provides a unified data platform combining data engineering, analytics, and artificial intelligence in a single environment. Its lakehouse architecture supports real-time processing, scalable analytics, and enterprise-grade AI, helping organisations streamline operations and gain insights more efficiently.

Pilot high-value use cases by beginning with one critical application (demand forecasting, anomaly detection, or predictive maintenance), before scaling to other areas. Foster cross-functional collaboration to ensure business, data, and IT teams share the same dashboards, metrics, and objectives to maximise the value of predictive insights.

From Hindsight to Foresight

The shift from reactive to predictive analytics represents more than a technology upgrade. It’s a fundamental change in how successful businesses operate. Leaders who embrace predictive capabilities gain the foresight, agility, and competitive edge needed to thrive in markets that won’t wait for slow decision-makers.

In an age of constant disruption, success isn’t determined by how quickly you react to problems. It’s defined by how well you predict what’s coming next and position your organisation to capitalise on opportunities before competitors see them.

Through our strategic partnership with Databricks, Mitrais brings deep platform expertise and hands-on experience to help organisations leverage a range of Databricks capabilities. Whether your goals involve unlocking the potential of advanced analytics, optimising data engineering workflows, enabling real-time insights, or deploying AI-driven solutions, we work alongside you to turn complex data challenges into clear business value and stay ahead of market changes rather than constantly chasing them.

Sources

1. Deloitte and The Expert Community. “Predictive Analytics Trends and Applications for 2024-2025.” August 2024. https://theexpertcommunity.com/analytics/predictive-analytics-trends-2024-2025/
2. Multiple industry studies. Referenced in: https://www.iiot-world.com/predictive-analytics/predictive-maintenance/predictive-maintenance-cost-savings/
3. IT Convergence. “A Complete Guide to Predictive Analytics.” 2024. https://www.itconvergence.com/blog/a-complete-guide-to-predictive-analytics/
4. “Predictive Analytics.” Glossary. https://www.databricks.com/glossary/predictive-analytics
5. “Introducing Predictive Optimization: Faster Queries, Cheaper Storage.” 2023. https://www.databricks.com/blog/introducing-predictive-optimization-faster-queries-cheaper-storage
6. Medium (Dorian599). “Databricks: Unlocking the Benefits and Use Cases of a Powerful Data Platform.” 2023. https://dorian599.medium.com/databricks-unlocking-the-benefits-and-use-cases-of-a-powerful-data-platform-2f50ac64c44d
7. “Meta backs Databricks as AI boom attracts investors.” 2025. https://www.reuters.com/technology/artificial-intelligence/meta-backs-data-analytics-firm-databricks-ai-boom-attracts-investors-2025-01-22/

1. What is Vibe Coding?

Vibe Coding is a relatively new term in the software development industry. Its popularity has been increasing along with AI powered development tools. Vibe Coding is so new it does not yet have a single formal definition.

The term “Vibe Coding” was introduced by Andrej Karpathy in February 2025. It refers to a programming method that relies on AI LLM to generate code from natural language expressions. Andrej Karpathy mentioned in his tweet that he relied on LLM to generate code and accept all the code generated without reading it and he found it was amusing that it mostly works (Karpathy, 2025). Accepting AI code generated without fully understanding it, has become a key part of the vibe coding paradigm (Edwards, 2025) and it has raised concerns in accountability and security.

IBM defines Vibe coding as an emerging style of programming where developers describe their intent in plain language, allowing AI systems to generate, adapt, and maintain code in an iterative and conversational way (Harkar, 2025).

Indie Hackers definition of Vibe coding is the practice of using AI coding assistants like Cursor, GitHub Copilot, and other AI tools to rapidly build software (IndieHackers, 2025).

In summary, Vibe Coding refers to writing software with the help of an AI coding assistant in a highly conversational, exploratory, and iterative manner where the programmer prompts AI using natural language to produce code. We will use this definition of vibe coding in this white paper.

2. Adoption of Vibe Coding

Vibe coding allows people without programming knowledge and experience to produce code and develop applications. For traditional programmers, AI has the potential to increase their efficiency by providing coding assistance, allowing them to have more time for planning and design.

The trend of vibe coding adoption has risen rapidly since its inception.

In March 2025, Y Combinator reported that 25% of startup companies in its Winter 2025 batch had codebases that were 95% AI-generated. It reflected a shift toward AI-assisted development in newer startups (Mehta, 2025).

With the rise in popularity of AI tools, developers often find responses from AI tools such as Chat GPT or Copilot useful to help them solve coding problems.

3. Security Vulnerability in Vibe Coding

Advocates of vibe coding say that vibe coding lowers the barrier for programming and can increase productivity. A controlled experiment showed developers using AI assistance completed tasks 55.8% faster compared to those who did not use AI assistance (Peng, Kalliamvakou, Cihon, & Demirer, 2023).

Critics argue that vibe coding raises concerns about code understanding and accountability and this leads to bugs, errors and security vulnerabilities (Edwards, 2025).

In one high-profile incident, Replit’s CEO apologised after its AI agent deleted a code base and lied about its data (Ming, 2025).

3.1       Credential and Secrets Exposure

AI generated code might not follow best practice of secure secrets management and can result in production database credentials and other secrets being hardcoded in the source code generated, leading to leaked production data. Security researchers demonstrated that GitHub Copilot sometimes suggests API keys, database passwords and access tokens in generated code due to training data included in public repositories that commit secrets to source code, so the model learned and reproduced the patterns (McDaniel, 2025).

3.2       Sensitive Information Exposure

Personal Identifiable Information (PII) may be disclosed during interactions with AI coding LLM. The risk is an OWASP Top 10 for LLM applications (OWASP, 2025).

Improper error-handling in AI generated code might include details and call stacks, potentially revealing the system’s inner working and configuration, which can be used by attackers to compromise the system.

3.3       Unsafe Data Handling

AI generated code might miss input validation and sanitisation and is vulnerable to SQL injection, Cross-site Scripting (XSS) and Cross-site Request Forgery (CSRF).

A study of 2,500 small PHP websites generated with GPT-4 found that 26% had at least one security vulnerability including SQL Injection and XSS (Tóth & Erdődi, 2024). The study shows that AI generated code contains SQL queries built directly from user input and omits input data validation and sanitation, making it vulnerable to SQL injections and XSS attacks.

3.4       Broken Access Control

AI generated code sometimes misses authentication and authorisation checks and it leads to unauthorised access to sensitive data or functionality. Tea app (www.teaforwomen.com), a social platform coded almost entirely by AI agents and launched quickly, made private messages and photo links publicly accessible because of a misconfiguration in access controls (Saadioui, 2025). This shows that we cannot rely on AI to enforce access controls. Developers need to specify, design and implement proper access controls.

3.5       Prompt Injection

This issue can potentially occur with open-source projects that implement agentic AI to fix bugs reported. Agentic AI is a class of artificial intelligence that focuses on autonomous systems that can make decisions and perform tasks without human intervention. The independent systems automatically respond to conditions, to produce process results. In July 2025, a hacker inserted a malicious prompt into an Amazon Q Developer extension via a GitHub pull request and instructed the AI to wipe local systems and delete AWS cloud resources (Udinmwen, 2025).

GitHub Copilot exploit was found and can be used to launch prompt injection attacks in projects that allow the public to report bugs and AI agents are used to create pull requests to fix bugs. Attackers can use the exploit to inject hidden malicious instructions for AI agents to create backdoors, allowing attackers to gain sensitive information by sending backdoor commands via X-Backdoor-Cmd HTTP header (Higgs, 2025).

4. Adopt Vibe Coding with Secure Coding practices

While AI coding assistance provides developers with a tool to improve productivity, it also comes with concerns of security vulnerabilities in both AI generated code, and from interactions with an AI coding assistant. The question is how can we use it without exposing ourselves to the security vulnerabilities mentioned?

At an organisational level, establish policies to adopt a security-first approach to ensure that security is built into the software development lifecycle (SDLC). Some examples include:

• Security requirements should be identified and elaborated for each feature.
• Perform threat modelling to identify security risks.
• Design, implement and test measures to resolve and mitigate those risks.
• For implementation, adopt secure coding practices.

OWASP provides guidance and checklists that can be integrated into the software development lifecycle (OWASP Foundation, 2025). Implementation of these practices will mitigate most common software vulnerabilities. If required, adjust the guidance according to organisational needs.

Coding with AI assistance must follow the security policies and secure coding practices as outlined in the following sections.

4.1 Organisation Policy

1. Use only AI coding assistants that have been reviewed and approved by your organisation.
2. Provide AI coding licenses to developers that are suitable for your organisational needs. Business licenses offer more flexibility and security protection.
3. Provide secure coding training to developers.
4. Provide policy and guidance to developers on how to incorporate the chosen AI coding assistant into software development activities.
5. Configure the AI coding assistant to block code suggestions that match public code.

4.2 Secure Prompting

1. Do not use credentials, secrets, confidential & private data and other sensitive information in prompts.
2. Do not put credentials and secrets in source code. Always use secure secret management to secure credentials and secrets.
3. Use negative constraints to prohibit AI from using insecure practices.
4. Use multi-stage prompting to get AI to implement a feature, then to review its own output for security issues.
5. Specify the authorisation needed to access protected resources to prevent broken access control and unauthorised access.
6. Specify strong and robust authentication with multi factor authentication.
7. Specify input data validation and sanitisation to prevent injection and script attacks.
8. Include details of any other security requirements e.g. encryption method, data protection.

4.3 Code Quality and Verification

Review and ensure the code is correct, secure and conforming to required standards. Provide a detailed secure coding checklist that developers can practically use to review code, including code generated/suggested by AI. The checklist needs to make sure that developers fully understand the code before committing it.

Ensure the code review checklist covers measures to prevent these security issues:

1. Hardcoded secrets
2. SQL injection
3. XSS attack
4. CSRF attack
5. Broken access control
6. Path traversal
7. Insecure deserialisation

Develop a “trust but verify” principle for developers to always verify that AI output has met functional and non-functional requirements. Conduct testing to ensure quality and requirements are met.

4.4 Integrate SAST and DAST

Run Static Application Security Testing (SAST) such as SonarQube in CI/CD pipelines to detect security vulnerabilities in code.

Perform Dynamic Application Security Testing (DAST) such as Burp Suite Pro in testing to find security issues that SAST might not detect.

4.5 Perform Software Component Analysis (SCA)

Perform SCA to scan third-party components for known security vulnerabilities. If needed, upgrade or replace components with vulnerabilities to prevent supply chain attacks.

4.6 Guard Against Prompt Injection

AI tools are susceptible to prompt poisoning coming from comments, config files, md files and external data sources that are usually perceived as not malicious. Run scanner tools to detect malicious or manipulative text potentially containing hidden instructions that could trick AI to do something harmful. The tool should detect the following:

• Obfuscated commandsg. “ignore previous instructions”, “download this file and execute”
• Encoded payloads such as base64, hex, URL-encoded
• Steganographic tricks: instructions hidden in markdown, HTML comments, or images

Block data containing suspicious content from reaching AI agents.

5. Conclusion

AI helps developers to improve their productivity in writing code. However, it also brings security risks. To mitigate those risks, establish and implement secure coding policy and procedure in your organisation to ensure productivity and security. Align the use of AI in coding with the policy and procedure.

Mitrais is an industry-leading software development company that delivers secure, scalable, and high-performing software solutions. We are thrilled with the potential of using AI coding assistant in software development process. On the other hand, we are aware of its security risks and what measures need to be taken to mitigate those risks. We are on a journey of embracing AI, not to replace our developers, but to help them to provide more added value to our customers while security remains the top priority. Contact us today if you are thinking of developing secure, scalable and high-performing software solutions to grow with your business.

6. References

Edwards, B. (2025, March 6). Will the future of software development run on vibes? Retrieved from Arstechnica: https://arstechnica.com/ai/2025/03/is-vibe-coding-with-ai-gnarly-or-reckless-maybe-some-of-both/

Harkar, S. (2025, April 8). What is vibe coding? Retrieved from IBM Think: https://www.ibm.com/think/topics/vibe-coding

Higgs, K. (2025, August 6). Prompt injection engineering for attackers: Exploiting GitHub Copilot. Retrieved from Trailofbits: https://blog.trailofbits.com/2025/08/06/prompt-injection-engineering-for-attackers-exploiting-github-copilot

IndieHackers. (2025, May 1). Vibe Coding. Retrieved from Indie Hackers: https://www.indiehackers.com/vibe-coding

Karpathy, A. (2025, February 3). Retrieved from X (formerly known as Twitter): https://x.com/karpathy/status/1886192184808149383

McDaniel, D. (2025, March 27). GitHub Copilot Security and Privacy Concerns: Understanding the Risks and Best Practices. Retrieved from GitGuardian: https://blog.gitguardian.com/github-copilot-security-and-privacy/

Mehta, I. (2025, March 6). A quarter of startups in YC’s current cohort have codebases that are almost entirely AI-generated. Retrieved from Y Combinator: https://techcrunch.com/2025/03/06/a-quarter-of-startups-in-ycs-current-cohort-have-codebases-that-are-almost-entirely-ai-generated/

Ming, L. C. (2025, July 22). Replit’s CEO apologizes after its AI agent wiped a company’s code base in a test run and lied about it. Retrieved from Business Insider: https://www.businessinsider.com/replit-ceo-apologizes-ai-coding-tool-delete-company-database-2025-7

OWASP. (2025). OWASP Top 10 for Large Language Model Applications. Retrieved from OWASP: https://genai.owasp.org/llm-top-10/

OWASP Foundation. (2025, July 15). OWASP Developer Guide. Retrieved from Devguide Owasp: https://devguide.owasp.org/

Peng, S., Kalliamvakou, E., Cihon, P., & Demirer, M. (2023, February 14). The Impact of AI on Developer Productivity. Retrieved from arxiv.org: https://arxiv.org/pdf/2302.06590

Saadioui, Z. (2025, August 11). AI-Generated Code in Production: A Security Audit of the Risks. Retrieved from Arsturn: https://www.arsturn.com/blog/ai-generated-code-in-production-a-security-audit-of-the-risks

Tóth, R., & Erdődi, L. (2024, May 21). LLMs in Web Development: Evaluating LLM-Generated PHP Code Unveiling Vulnerabilities and Limitations. Retrieved from Arxiv: https://arxiv.org/pdf/2404.14459

Udinmwen, E. (2025, July 30). Hacker adds potentially catastrophic prompt to Amazon’s AI coding service to prove a point. Retrieved from TechRadar: https://www.techradar.com/pro/hacker-adds-potentially-catastrophic-prompt-to-amazons-ai-coding-service-to-prove-a-point

 

 

 

 

 

Sometimes the most rewarding career paths aren’t the ones we initially plan, but the ones we discover along the way. This quarter we introduce Maisah Nugraha Azzizah, Senior Tester, whose journey from developer to quality assurance specialist represents the power of finding where you truly belong.

Hailing from Bogor, Maisah’s foundation began with Software Engineering studies at SMK Wikrama Bogor (vocational high school), later expanding as she pursued her degree at the Faculty of Business and Economics in Universitas Mercu Buana. This combination of technical and business expertise makes her particularly valuable in understanding both the ‘how’ and ‘why’ behind software solutions.

Starting as a developer, Maisah could have remained within familiar territory. However, she discovered her true passion lay in quality assurance, where she found the perfect balance between technical skills and analytical thinking. “Over time I discovered a deeper interest in the quality assurance side of things,” she explains, “particularly in testing how systems behave, thinking from a user’s perspective, and preventing issues before they reach production.”

This evolution speaks to something important about professional growth. When individuals are empowered to explore their strengths, it creates specialists who are genuinely passionate about their craft. Maisah’s recent promotion to Senior Tester represents someone who has found their calling and excelled within it.

At Mitrais, Maisah has thrived in an environment that genuinely values work-life balance and professional development. “It’s all about the people and the culture,” she reflects. “The team is collaborative, the environment is respectful, and the management truly values individual contributions. It’s a place where I feel supported, challenged, and inspired, all at once.”

Outside of work, Maisah enjoys simple pleasures that help maintain work-life balance: watching movies, exploring new places, trying different foods, and spending quality time with friends and family. These moments of recharge mirror her professional approach; always curious, always open to new experiences.

One of Maisah’s greatest strengths lies in her adaptability to evolving technologies and methodologies. She has mastered shifting between manual and automated testing, learning new technology stacks, and adapting to diverse client requirements. “I overcame this by dedicating time to self-learning, actively joining internal knowledge-sharing sessions, and not hesitating to ask questions,” she explains.

As Senior Tester, Maisah ensures quality isn’t treated as an afterthought but as an integral part of the software development lifecycle. Her ability to voice ideas, improve processes, and explore both functional and technical aspects of testing reflects professional growth that benefits everyone involved.

Looking ahead, Maisah’s ambitions center on continued growth and eventually stepping into leadership roles where she can guide others. “I hope to keep learning, stay adaptable, and contribute to creating products that truly make a difference,” she says.

Maisah’s journey reveals how the right environment enables professionals to discover where they can truly excel and make their greatest contribution.