Vibe Coding virus

Vibe Coding

My thoughts on the Vibe Coding virus

7 min read

Introduction

So there is now hype around Vibe Coding, it’s being banded about like the golden goose of software engineering and how it will speed up development, reduce errors, get products to market quicker and finally allow us software engineers to take a well deserved rest.

In order to explore this phenomenon, the first thing I need to establish is:

A Coder is not the same as a Programmer

In the same was as

A Brick Layer is not the same as a Builder

or a

A Joiner is not the same as a Carpenter

In all cases above, the 2 are vastly different in technical skills and abilities.

Coding is the skill of translating logic into computer instructions. Something which AI can do quickly and accurately.

Programming Programming is the skill of designing and building executable software programs to solve a problem. It is both an art and a science which requires ingenuity, creativity and instincts which come from experience. It encompases design, planning, debugging, testing and maintaining application software, something AI is not that great at.

What is Vibe Coding?

Vibe Coding is a term coined by Andrej Karpathy in February 2025 to mean “Embrace the moment and go with the vibe as you create something, forget the code exists.”

A key part of the definition of vibe coding is that the coder accepts the generated code without question, amendments or understanding of it.

AI researcher Simon Willison said: “If an LLM wrote every line of your code, but you’ve reviewed, tested, and understood it all, that’s not vibe coding, it’s using an LLM as a typing assistant.

Andrej openly admits that he doesn’t Vibe Code for anything serious citing “it’s just for weekend projects” and sums up his synopsis of Vibe Coding as “not too bad for throw-away weekend projects” describing it as “quite amusing.”

So the author who coined the term “Vibe Coding” openly admits it’s not intended for production ready projects and is more of a tool to learning or prototyping something.

The Vibe Coding Virus

This is when the media, Internet and others cottoned onto the term “Vibe Coding” and, like “Agile Software Development”, bastardised it’s meaning, changing it into something which it’s not.

It has been turned it into a gift which keeps on giving affording anyone, regardless of skill, the ability to quickly create a whole application which can be hosted on the Internet and sold to customers. You don’t need any experience in design, user experience, coding, testing, security, debugging, maintenance, marketing and sales or any other skill which is required to get a software product to market. In fact, it’s so easy a 5 year old can do it.

If this were the case, why are we not flooded with apps? There are over 8 billion people on the planet and the term was coined months ago. Even if 8 Million people jumped on the bandwagon and did this, releasing an app every week, we would be a saturated with AI generated slop. 25,000 new fitness apps, 14,000 new tracking apps, 80,0000 new productivity apps all within a few months.

The reality of Vibe Coding is that it’s not a sustainable software development paradigm to create fully fledged applications of production ready quality, because it was never intended for that purpose, any more than putting go faster stripes on a Ford Fiesta turns it into a BMW M3.

Software Gene Pool

The whole AI coding hype leads us to another question on the validity of the code in generations to come.

As most of the code is hosted on repositories (GitHub, GitLabs, etc) and the LLM’s are trained from such, then this leads to a very serious question for the future.

The current generation of code out there is handwritten, crafted by experts in their fields, created by tens, amended and tweaked by hundreds, reviewed by thousands,and tested and used by hundreds of thousands (if not millions) of people.

The second generation will be derived from the first generation, via an AI and published back onto the same repositories, ready to be consumed further by LLMs.

The third generation will be derived from the second generation, essentially AI based on AI, where the coders trusted the AI to create them great code. As the second generation was not scrutinised as carefully, flaws were introduced.

The fourth generation is now derived from the third generation, so AI built on top of flawed AI, and so on, like a diluting gene pool, degrading as no new DNA is being introduced.

How Bad Can It Be?

A recent post on X (Twitter) by someone called Leo wrote as follows:

Leo: “My SaaS product was built with cursor, zero hand written code. AI is no longer just an assistant it’s also the builder. Now you can continue to whine about it or start building. P.S. Yes people are paying for it.”

Followed by “I can build a fully functional SaaS with payments, webhooks, db and auth in the less than 24 hours.”

A mere 3 days later Leo posted the following:

Leo: “I am under attack. Ever since I started to share how I built my SaaS using Cursor random things are happening, maxed out usage on API Keys, people bypassing the subscription, creating random sh*t on the database. As you know, I’m not technical so this is taking me longer than usual to figure out.”

So a non technical coder, coupled with an AI has created an application which is being sold to the public and has not considered any of the following:

  • the storing of API Keys securely so they are not visible to the client
  • setting up CORS to protect his server
  • authenticating his API endpoints
  • Data sanitisation

I didn’t follow it for long, but I believe he had to shut down his SaaS and issued refunds.

This is one example which demonstrates quite clearly why Vibe Coding should not be used, imagine if the security functions were bypassed and customer details leaked, this could have been a lot more serious.

Now, let’s just scale this up into an application which is important to most people, your online banking application. If your bank started Vibe Coding and created version 2 of their Banking portal which lets customers login, transfer money, make payments, etc, without proper testing, verification of code, peer reviews, PR approval process, security testing, etc. The first thing you would be doing is withdrawing your money and closing your account. You demand a secure platform for business transactions and, by definition, Vibe Coding does not allow for this.

Even more terrifying, if Vibe Coding was to be used for realtime, embedded, critical systems like pacemakers, heart monitors, radiation control systems and other applications where there is a chance of death occurring, I shudder to think that any organisation would Vibe Code, or even AI code without proper protection in place on these systems.

Conclusion

So will Vibe Coding replace programmers, not if the business wants to survive. I doubt it will replace coders. Will AI replace either, there is potential for it to assist (or even replace) coders, but will AI ever understand all the security implications, context and implicit features Programmers are aware of, within a production ready code base? Not unless the person giving it instructions understands it, and there are not many people within an organisation who do.

So for a weekend plaything, prototyping, learning and other non essential systems, go ahead Vibe Code to your hearts content, for anything which money or reputation relies upon, save lives, or prevents tragedy. Just don’t!

And for the love of God, please don’t confuse Vibe Coding with using AI assistance for coding tasks. Like the industry has done with Agile Software Development, which now refers to anything and everything which has has nothing to do with the the Agile manifesto.

One final word on the topic of AI in general I heard recently, which I feel fits this aptly “In software development treat AI like a co-pilot, not an auto-pilot”.

rant AI Vibe Coding
Rod Laycock
Principle Engineer