Artificial intelligence (AI) is having a dramatic impact on software development. AI-supported software development, also known as “vibe coding,” is the latest phenomenon to impact application development. Using AI to write software shortens application development time and puts coding in the hands of less experienced developers. It also introduces the potential for adding security vulnerabilities to AI-written software.

The appeal of vibe coding is compelling, especially for smaller businesses with limited budgets. However, vibe coding can put coding in the hands of line managers who better understand strategic goals. However, just because vibe coding simplifies development, taking the developer out of the loop can be a critical error. AI-written code requires expert review and validation.

AI tools are competing with no-code and low-code tools to reduce development times and cut costs. While AI offers substantial freedom in designing software, developer supervision remains essential to prevent security weaknesses and other issues.

The Birth of Vibe Coding

Vibe coding is a new phenomenon introduced by OpenAI co-founder Andrej Karpathy in a tweet in February 2025. Karpathy’s notion is to use generative AI to write applications. Rather than writing software line by line, he describes what he wants and lets AI create the app. As he explains, “But it’s not really coding – I just see stuff, say stuff, run stuff, and copy-paste stuff, and it mostly works.”

In practice, genAI can be used for “pure” vibe coding, where the user trusts the AI to generate and refine working code to create a web application. There’s also AI-assisted vibe coding, where genAI acts as a collaborator, developing applications for user review and testing. The practice has gained momentum, and vibe coding platforms like GitHub Copilot, Replit, and Cursor are already available.

With vibe coding, anyone can develop a web app. Users describe what they want to do using natural language, and the AI generates the code. Vibe coding can be useful for experimentation, proof-of-concept development, and modeling new applications, but creating commercial-quality applications still requires developer expertise.

What vibe coding does is change software development to a problem-first approach, using AI to generate software without concern for how that code is structured. It’s akin to writing software in a black box; the application does the job but with no visibility into the underlying code or architecture. It makes optimization and debugging difficult, including identifying security weaknesses.

Security Issues with Vibe Coding

Vibe coding does accelerate app prototyping and makes software collaboration easier, but it also has several shortcomings.

Security is a serious concern. Large language models (LLMs) are inherently vulnerable to security risks when used by those without sufficient security experience. Moreover, the risk is amplified by the fact that AI is so flexible that it’s impossible to give out simple, universal rules on how to make AI write secure code for you.

LLMs may use outdated libraries, lack input validation, or fail to follow secure practices. AI code generators also lack an understanding of trust boundaries and system architectures. When using vibe coding, programmer oversight and review are necessary to prevent these issues from entering production code.

Working with black-box code also makes it difficult to provide context about the app. For example, improper configurations may expose internal logic by sending sensitive code snippets to external APIs. This can be a real problem in highly regulated industries with strict rules about code handling.

Vibe coding also tends to add technical debt, accumulating unreviewed or unexplained blocks of code. Over time, these code blocks proliferate, creating a glut and making code maintenance more difficult.

Since less experienced developers tend to use vibe coding, they can overlook security issues. Consider the recent Tea Dating Advice hack. A hacker was able to access 72,000 images stored in a public Firebase data repository because of a misconfigured Firebase storage bucket. Firebase may be a logical storage choice for scale and performance, but the genAI code generator may have chosen a more secure approach if informed that the data is sensitive and subject to privacy laws.

It has also been demonstrated that AI agents actually lie. In one well-publicized case, the AI agent generated fake data and reports, covered bugs, and deleted a production database to hide mistakes. Anthropic conducted a hypothetical test where the AI agent learned it was to be replaced. In response, the agent used information from the corporate email to blackmail the user in charge to prevent its deletion.

The Need for the Developer in the Loop

Vibe coding has its place in software development, but its role is not creating commercial-grade code. Like any other tool that abstracts machine code, vibe coding is useful for AI-assisted development. It’s an ideal tool for testing new ideas, creating proof-of-concept apps, and modeling an app for development.

Vibe coding is not as well-suited for creating commercial applications. In addition to posing security risks, the lack of visibility into the code structure makes troubleshooting, integration, and maintenance difficult. That’s why it’s essential to have a developer in the loop.

Organizations can cut development time and costs without compromising quality or control by using alternative automated coding tools. No-code tools enable businesses to create complex applications with little or no programming experience. Rather than using AI to generate code, no-code solutions provide software modules that can be assembled as building blocks to create new software. No-code draws on the expertise of proven software, since each module is thoroughly tested, making it easy to model software functionality using a simple graphical user interface to map out workflows.

Using AI for software development seems like a great solution, but relying on computers to write computer programs is fraught with problems. Vibe coding can be valuable for experimentation and ideation, but it requires software expertise to write applications that are both functional and secure. No matter how advanced the automation tools are, they still need an expert’s hand to create high-quality software.