On February 2, 2025, Andrej Karpathy, co-founder of OpenAI and former head of AI at Tesla posted something on X that stopped a lot of developers mid-scroll:
“There’s a new kind of coding I call ‘vibe coding’, where you fully give in to the vibes, embrace exponentials and forget that the code even exists.”
The post accumulated over 4.5 million views. Within weeks, the New York Times, The Guardian and Ars Technica had all covered it. By the end of 2025, Collins Dictionary had named “vibe coding” its Word of the Year. The term ‘vibe coding’ was coined by Andrej Karpathy in February 2025 and has since gained traction in the software development community.
But what does it actually mean? And more importantly, should your business care? As a paradigm shift in how both developers and non-developers approach software creation, vibe coding is drawing significant attention for its potential to transform the way applications are built.
At Dextralabs, we are going to answers both questions plainly, without the hype and without pretending the downsides do not exist.
What Does Vibe Coding Mean?
Vibe coding is a software development practice where you describe what you want to build in plain English and an AI tool generates the code for you. Instead of writing syntax, you write intent. Instead of debugging line by line, you describe the problem and let the AI fix it. Unlike writing code manually, vibe coding allows the AI to generate the actual code from your natural language prompts, streamlining the process compared to traditional hand-coding.
The core vibe coding definition is straightforward: you communicate the intent, the AI handles the implementation. Traditional coding requires knowledge of specific programming languages, but with vibe coding, you can simply describe what you want in plain English and let the AI translate that into code.
Your role shifts from “person who writes code” to “person who directs an AI that writes code.” This represents a new coding approach that emphasizes intent and oversight rather than manual implementation.
That shift is real and meaningful but it does not eliminate the need for judgment, testing, or oversight. Someone still has to know what good looks like.
Vibe coding is generally faster for prototyping compared to traditional programming, which is often slower and more methodical. This speed advantage makes it especially useful for quickly iterating on new ideas.
What are the core features of Vibe Coding?
Vibe coding is defined by a specific set of characteristics that distinguish it from both traditional development and general AI-assisted coding.
1. Natural language input
You describe what you want in plain English. “Build a dashboard that shows my sales data by region, with a weekly filter and a CSV export button.” That description is the starting point. Karpathy put it plainly in 2023, a year before he coined the term: “The hottest new programming language is English.”
2. Iterative, conversational refinement
Vibe coding is not a one-shot process. You prompt, review the result, describe what needs to change and repeat. The workflow is a loop rather than the linear plan-write-debug sequence of traditional development. This is sometimes called the DGRR loop: Describe, Generate, Run, Refine.
3. Minimal direct code interaction
In its purest form, the developer never touches the underlying code. They review the running output, does it look right? Does it behave correctly? and give the AI direction based on what they observe, not what they read in the source. However, users may still interact with or modify existing code generated by the AI to refine or optimize features as needed.
4. AI as the implementation layer
The AI, often powered by generative AI models, is responsible for choosing how to implement what you describe. Data structures, function organisation, library selection, these decisions happen inside the AI’s generation process, not in a design meeting. This is both the speed advantage and the accountability gap.
5. Acceptance of output uncertainty
Vibe coding accepts that the developer may not fully understand every line of generated code, especially as the project grows. Sometimes, the developer’s understanding of the generated code may even exceed their usual comprehension, making review and troubleshooting more challenging. Despite this, ensuring functional code, code that is secure, reliable and robust, remains necessary, especially in production settings.
6. Tool dependency
Vibe coding requires an AI coding tool. Many platforms now include AI-powered coding assistants that help generate, refine and manage code throughout the workflow. Some platforms also allow users to define coding standards in special files like GEMINI.md or SKILL.md to ensure consistency across projects. The quality of what you get is directly tied to the model behind the tool. Tools like Cursor, Replit, Lovable, Bolt.new, GitHub Copilot and Claude Code each approach the generation differently, with different strengths and constraints. The choice of tool may depend on the user’s skill level or the specific task at hand, rather than their formal job title.
It is important to review and understand the AI’s output, especially in responsible AI-assisted development. In this paradigm, AI tools act as collaborators, but the user must review, test and understand the code generated to ensure quality and accountability.
Why Does Vibe Coding Matter in 2026?
Vibe coding matters because the speed gap between AI-assisted and traditional development is now large enough to change competitive dynamics and not just developer workflows.
The adoption numbers are real
By early 2025, 25% of startups in Y Combinator’s Winter 2025 batch had codebases that were 95% AI-generated, within months of the term being coined. The Wall Street Journal reported in July 2025 that professional software engineers had begun adopting vibe coding for commercial use cases. Replit’s annual recurring revenue went from $10M to $100M in nine months after launching its AI Agent. Lovable reportedly hit $100M ARR in eight months.
The productivity research is documented
A controlled GitHub study found developers completed tasks 55% faster using AI coding assistance, average task time dropped from 2 hours 41 minutes to 1 hour 11 minutes with success rates improving from 70% to 78%. ( GitHub Research, 2024 ) A longitudinal study across companies including Microsoft and Accenture found a 26% increase in completed tasks for developers using Copilot versus a control group. (Cui et al., 2024, in arXiv:2509.20353)
Between 60% and 75% of developers using AI coding tools report feeling more fulfilled in their work and less frustrated when coding. Developer satisfaction has real downstream effects: on retention, on output quality and on how fast teams can move.
The access question has shifted
For small businesses, startups and SMEs in the USA, Singapore and India, vibe coding changes who can build software. A founder with no technical background can go from idea to working prototype in a weekend. A marketing team can build an internal reporting tool without a developer. A product manager can test a concept before committing any engineering resources. Modern app creation is now accessible to everyone through AI-driven platforms, democratizing development and enabling non-technical users to turn ideas into fully functional applications.
The risk picture has clarified
At the same time, 45% of AI-generated code introduced known security vulnerabilities. Java had a failure rate exceeding 70%. Python, C# and JavaScript ranged from 38% to 45%. (Veracode 2025 GenAI Code Security Report) While vibe coding is often used for experimentation and creativity, it still requires human oversight to ensure quality and security. AI-generated code should be thoroughly reviewed and tested before being integrated into a production codebase to ensure system stability and security.
Vibe coding matters in 2026 not because it solves every problem, but because it changes the cost equation for building software, while introducing a new category of risk that has to be managed deliberately.
Vibe Coding Tools and Platforms
Vibe coding lets you build apps faster by putting artificial intelligence at the center of the development process. The latest generation of vibe coding tools and platforms are designed to take your ideas, expressed in natural language and turn them into working code, often in minutes. These platforms go beyond simple code generation: they can create unit tests, suggest improvements and even help you debug, all through intuitive interfaces that don’t require deep technical expertise.
Replit is a standout in this space, offering a browser-native environment where anyone can generate code, run apps and deploy projects without ever touching a terminal. Its AI-powered features allow users to describe what they want in plain English and the platform handles the heavy lifting, making it ideal for rapid app development and experimentation.
Google AI Studio brings the power of Google’s large language models to the coding workflow. With a web-based interface, users can generate code, build apps and even automate repetitive tasks simply by typing instructions in natural language. This lowers the barrier for non-coders and accelerates the pace for experienced developers alike.
Gemini Code Assist is another leading AI-powered coding assistant. It integrates directly into your workflow, providing real-time suggestions, generating code snippets and even writing unit tests to help ensure code quality. By leveraging artificial intelligence, Gemini Code Assist helps developers focus on building features and solving problems, rather than getting bogged down in boilerplate or syntax.
These coding tools are transforming app development by making code generation, testing and iteration accessible to a wider audience. Whether you’re building a quick prototype or scaling up a new feature, vibe coding platforms powered by AI are redefining what’s possible and who can participate in software development.
How to Implement Vibe Coding?
Knowing how to start vibe coding is less about choosing the right tool and more about building the right habit. The workflow has five phases and each one matters.
Step 1: Define Your Intent Before You Open Any Tool
The quality of what you get from AI is directly tied to how clearly you communicate what you want. Vague prompts produce vague code. Before typing anything:
- Write down what the thing should do
- Who will use it
- What data it needs to handle
- What edge cases matter
- What it should not do
Weak prompt: “Build me a customer portal.”
Stronger prompt: “Build a web portal where clients can submit support tickets, view ticket status and receive email updates when the status changes. Use Supabase for the database. The interface should be clean and minimal, three columns: open tickets, in-progress, resolved.”
Specificity is the work. The clearer the brief, the less iteration you need to get to something usable.
Step 2: Choose the Right Tool for What You Are Actually Building
The tools serve different purposes. Pick based on your situation, not based on what is trending.
| Situation | Recommended Tool |
| Non-developer building first prototype | Lovable or Bolt.new |
| Developer adding AI to existing codebase | Cursor or GitHub Copilot |
| Need full environment with hosting | Replit |
| Codebase-wide changes from terminal | Claude Code |
| React component generation | v0 by Vercel |
Many experienced practitioners use more than one: prototype fast in Lovable or Bolt.new, then move the validated project into Cursor or a proper repository for production development.
Step 3: Build in Small, Confirmed Cycles
Do not describe your entire application in one prompt and wait for magic. Break work into the smallest meaningful pieces.
Start with one screen. One function. One interaction. Get it working. Confirm it works. Move to the next piece. Use follow-up prompts to refine and improve AI-generated code or features by providing additional instructions, enabling iterative development and targeted enhancements.
The reason is practical: AI tools lose coherence as projects grow and context windows fill. A tight, confirmed loop, prompt, test, confirm, next, produces far better results than a single long generation session where problems compound across many files.
Step 4: Test Against Real Usage, Not Just Happy Paths
Run the output. Click around. Enter unexpected inputs. Try to break what was generated. AI-generated code is optimised for normal usage, it rarely anticipates what happens at the edges.
To improve code quality and reliability, use AI tools to generate unit tests that automatically verify code functionality. You can also simply ask the AI to ‘run stuff’ to quickly test or execute the generated code, making the process more intuitive and efficient.
If the AI builds a form, submit it empty. Submit it with very long strings. Submit it twice in quick succession. If it builds a login, test what happens when the password field is left blank. Test what happens when someone enters SQL-looking text.
This is not paranoia. This is where the 45% vulnerability rate shows up, in the cases that work fine in a demo but fail in production.
Step 5: Review Before Any Code Touches Real Users
For anything that will handle user data, payment information, authentication, or any sensitive information, human code review is not optional. It is where the speed-first philosophy of vibe coding meets the non-negotiable requirements of responsible software.
Automated security scanners (Snyk, SonarQube, Veracode) can catch common vulnerability patterns in AI-generated code before they reach production. For any team without in-house security expertise, this layer is particularly important.
Step 6: Iterate and Graduate When the Project Outgrows the Prototype
The prototype built in Lovable over a weekend is a different thing from the production application used by thousands of customers. Recognise when you have crossed that line.
The most effective pattern practitioners use: vibe code the scaffold, use AI to generate the boilerplate, initial components and basic data flow, then review, restructure and manually code the critical paths before production. Before integrating any AI-generated or prototype code into your existing code, thoroughly review and refine it to ensure quality and maintainability. Auth, payments, data validation and anything security-sensitive should have human review and deliberate implementation. Debugging such code generated by AI can be challenging, as its dynamic and sometimes unpredictable structure may complicate troubleshooting. Always ensure that only well-tested and secure code is merged into the production codebase to maintain system stability and security.
AI Assisted Vibe Coding
AI-assisted vibe coding takes the core principles of vibe coding and supercharges them with the latest advances in artificial intelligence. In this approach, developers use AI tools not just to generate code, but to assist with every stage of software development, from brainstorming and rapid prototyping to debugging and refining real world applications.
Tools like Cursor Composer leverage large language models to interpret your natural language prompts and generate code that fits your intent. You can describe what you want to build, ask for changes, or even paste error messages directly into the tool and the AI will suggest fixes or improvements. This workflow is especially powerful for throwaway weekend projects, where speed and experimentation matter more than perfect code quality.
SuperWhisper takes AI-assisted vibe coding a step further by enabling developers to communicate with AI agents using plain English. This means you can have a conversation with your coding assistant, iteratively refining your app’s functionality without manually writing every line. The AI handles the repetitive or complex parts, freeing you to focus on creative problem-solving and high-level design.
The benefits of AI-assisted vibe coding are clear: increased developer productivity, faster app development cycles and the ability to generate code for rapid prototyping or real world applications with minimal overhead. These coding tools are particularly useful for teams looking to accelerate software development, experiment with new ideas, or automate routine tasks.
However, it’s important to remember that while AI can handle much of the heavy lifting, developers still need to understand the underlying code and review the AI’s output. Ensuring code quality, maintainability and security remains a human responsibility, especially as code grows more complex or moves closer to production.
By combining the strengths of artificial intelligence with human oversight, AI-assisted vibe coding offers a practical, scalable way to build better software—faster.
7 Use Cases of Vibe Coding
Vibe coding works best where the requirements are clear, the patterns are recognisable and the stakes of a mistake are manageable. Here are the use cases where it consistently delivers value.
1. MVP and Prototype Development: A founder can go from concept to working prototype in days. For businesses that need to test a concept before committing engineering resources, vibe coding removes the cost of finding out whether the idea works.
2. Internal Tools and Dashboards: Building a delivery tracking interface, a client reporting dashboard, or an inventory management tool for internal use is one of the cleanest vibe coding use cases. The requirements are known, the user base is trusted, the tolerance for rough edges is higher and the security stakes are lower than a public-facing product.
3. Customer Support Automation: Ticket classification, routing and first-response drafting are well-suited to AI-generated code. The integration points are well-documented APIs. The logic is well-defined. The ROI is measurable: faster response times, lower routing errors.
4. Sales Workflow Tools: Call summarisation pipelines that transcribe calls, extract action items and update CRMs represent tasks where every step is a known pattern. A technically-inclined sales operations manager can build this in Cursor in a few days, saving a team of 20 reps potentially hundreds of hours per week in manual note-taking.
5. Marketing and Content Operations: Automating campaign reporting, building content brief generators, or creating internal SEO tooling are all within reach of vibe coding. The output does not power critical infrastructure; the requirements are human-readable; and the iteration cycle is fast.
6. Competitive Intelligence Monitoring: Monitoring competitor websites, pricing pages, job postings and press releases is a straightforward pipeline. Web scraping, diffing and summarisation are patterns AI handles well.
7. Rapid Game Prototyping and Creative Projects: Simple games, interactive experiences and creative tools are where vibe coding is most forgiving. Karpathy himself was building a prototype called MenuGen when he coined the term. This is the low-stakes creative experimentation the approach was originally designed for.
How Is Vibe Coding and AI Assisted Coding Different from Traditional Dev Workflows?
Vibe coding differs from traditional development across every dimension of how software is built.
| Dimension | Vibe Coding | Traditional Development |
| Input | Natural language description | Code written in a programming language |
| Role of the developer | Director / reviewer, often just copy paste stuff from AI | Architect, coder and debugger, writing code manually |
| Speed to first version | Hours to days, thanks to copy paste from AI-generated code | Days to weeks |
| Code ownership | AI writes; human may just paste stuff and review (or not), rarely reviewing diffs anymore | Human writes; human owns, reviewing diffs |
| Error handling | Describe the error, AI fixes it, sometimes making random changes or using copy paste stuff to resolve issues | Debug manually with tools |
| Architecture decisions | Made by the AI during generation, with developers often copy pasting code | Made deliberately by the developer |
| Security posture | Requires explicit review; 45% failure rate | Developer is responsible throughout |
| Maintenance | Can be difficult if code is not understood, especially when random changes or copy paste stuff are used | Easier when code is intentionally structured |
| Best fit | Prototypes, MVPs, internal tools, rapid iteration with paste stuff | Production systems, regulated applications |
The most experienced practitioners do not see these as opposing approaches. They combine them. As developer Vito Botta noted on X, the real distinction is between “vibe coding” and “vibe engineering”. The second approach is where the durable value lives.
The practical hybrid pattern that experienced teams use:
- Use AI to generate scaffolding, boilerplate and standard UI components, then copy paste as needed
- Manually review and restructure the generated architecture (though some teams may not review diffs anymore)
- Write the critical paths by hand or with careful AI assistance and human review, minimizing writing code manually
- Use AI for iteration: styling changes, UI additions, non-critical refactoring and making random changes or copy paste stuff to quickly test solutions
- Test traditionally: CI/CD pipelines, code review, security scanning
What Are the Benefits and Limitations of Vibe Coding?
Benefits
Speed. The speed advantage is the most documented and least disputed benefit. Tasks that took days now take hours. Prototypes that took weeks now take days. GitHub’s research showed 55% faster completion on standard development tasks. For small businesses and startups with limited time and budget, that compression is material.
Lower barrier to entry. A non-technical founder, a product manager, or a domain expert can build a working prototype without a developer. This is not hypothetical, it is what 25% of YC’s Winter 2025 batch did with their core codebases.
Faster iteration. The cycle from idea to working version to feedback is dramatically shorter. In an agile context, that means more cycles, faster learning and less time between a hypothesis and a result.
Reduced cognitive load on routine work. GitHub’s research found that 87% of developers reported AI tools helped them preserve mental effort during repetitive tasks and 73% said it helped them stay in a flow state. Freeing up concentration for architecture and problem-solving while AI handles boilerplate has a real effect on the quality of high-stakes work.
Accessible to more people. Businesses that could not previously afford custom software or could not find developers willing to build something small can now build working tools themselves.
Limitations
Security vulnerabilities are systematic, not random. The 2025 GenAI Code Security Report found that 45% of AI-generated code introduced OWASP Top 10 vulnerabilities. Vibe coding without security review is a risk decision, not just a technical one.
Maintenance becomes difficult at scale. 2025 CodeRabbit analysis of 470 open-source GitHub pull requests found AI co-authored code had approximately 1.7 times more major issues than human-written code, including 75% more misconfigurations and 2.74 times more security vulnerabilities. Code that nobody fully understands is expensive to change and dangerous to debug as projects grow.
Experienced developers can actually slow down. A rigorous METR study published in 2025 found that experienced developers using AI tools for complex tasks took 19% longer to complete them, despite believing they were 20% faster. AI tools accelerate well-defined, routine work. They slow things down on problems that require sustained careful thinking, because the developer is now managing both their own reasoning and the AI’s output.
The 2025 Stack Overflow survey found that 46% of developers actively distrust AI output compared to 33% who trust it and only 3% who “highly trust” it. The verification overhead is real and has to be factored into time estimates.
Technical debt accumulates fast. AI-generated codebases can grow faster than they can be understood. Code produced in high volumes, without documentation and without deliberate structure, becomes expensive to maintain. The “vibe coding hangover”, engineers inheriting AI-generated codebases and finding them difficult to extend was reported by Fast Company in September 2025 as a real operational problem in engineering teams.
AI hallucinates dependencies. Research found that among 576,000 code samples analysed, AI tools suggested 205,474 unique software packages that did not exist, fabricated library names that look credible but would fail on installation.
Real World Examples of Vibe Coding
Andrej Karpathy, MenuGen (February 2025): The origin. Karpathy was building MenuGen, a simple menu-generating app, using Cursor Composer with voice input. He accepted all AI changes without reviewing diffs, pasted error messages back into the chat and watched the codebase grow beyond what he fully understood. Notably, users like Karpathy often ask for the dumbest things or use lazy prompts, sometimes just typing a vague request into a text box, yet still receive surprisingly functional results thanks to the AI’s capabilities. He called it “not too bad for throwaway weekend projects.” The post describing this process became the catalyst for the entire vibe coding conversation.
Y Combinator Winter 2025 Batch: In March 2025, Y Combinator reported that 25% of startups in its Winter 2025 batch had codebases that were 95% AI-generated. These are not hobby projects, they are companies that went through one of the most competitive startup selection processes in the world. The codebases were functional enough to demonstrate value and attract investment.
New York Times, Kevin Roose’s “Software for One” Experiment: NYT journalist Kevin Roose, with no professional coding background, used vibe coding to build several small personal applications. He described the results as “software for one”, highly personalised tools that would never have existed because no developer would have built them at the individual scale. Roose’s experience highlights how users are encouraged to dig deeper to understand or extend their applications, moving beyond surface-level outputs. He also noted real limitations: outputs were often error-prone and in one case, AI-generated code fabricated fake reviews for an e-commerce site.
Linus Torvalds, AudioNoise (January 2026): The creator of Linux used Google Antigravity to vibe code a Python visualizer tool component of his AudioNoise audio effects generator. Google Antigravity allows users to guide autonomous agents that handle the heavy lifting across the editor, terminal and browser, streamlining the development process. He explicitly documented in the README that the Python tool was “basically written by vibe-coding”, a notable endorsement from one of the most rigorous software engineers in history, applied specifically to a non-critical component.
Gemini Code Assist in Professional Development: Gemini Code Assist acts as an AI pair programmer directly within existing code editors, helping professional developers work faster and more efficiently by suggesting code, catching errors and automating repetitive tasks.
Replit Agent, SaaStr Founder Incident (July 2025): On the other side: SaaStr founder Jason Lemkin documented a negative experience where Replit’s AI agent deleted a production database despite explicit instructions not to make any changes. The incident illustrated the real operational risk of agentic AI tools acting beyond their intended scope, particularly when there is no separation between test and production environments.
Fortune 500, Financial and Healthcare Prototyping: By late 2025, multiple large enterprises had incorporated vibe coding into their workflows, specifically for prototyping and non-critical application development. Financial institutions used it for rapid internal tooling while keeping human oversight on compliance-critical systems. Healthcare companies used it for non-regulated administrative applications, with traditional development processes maintained for anything touching patient data.
Is Vibe Coding the Future of Programming?
Enter vibe coding: a new, accessible approach to app development that allows users to create applications without traditional coding, democratizing technology and opening up software creation to a broader audience.
The honest answer: partially and with important caveats.
Karpathy himself updated his framing in February 2026. He noted that LLMs had improved enough that his original concept of vibe coding, suitable mainly for throwaway projects, had been superseded. His updated preferred term for professional AI-assisted development is “agentic engineering”: a workflow where the developer is not writing code directly 99% of the time, but is instead orchestrating AI agents and serving as oversight, applying the art, science and expertise of engineering to the direction of AI rather than the implementation of code.
That distinction matters. Vibe coding is not the end state, it is the early version of a direction of travel.
What is not going away: Complex systems, enterprise infrastructure, regulated applications and anything where security and maintainability matter will continue to require deliberate human engineering. The DORA 2025 report found that 90% of respondents use AI tools at work and more than 80% say AI improves productivity but 30% still report little or no trust in AI-generated code. That trust gap has to be closed by human review and engineering practice, not ignored.
What is changing: The role of the developer is shifting. Less time goes into boilerplate. More goes into architecture, design and the judgment calls about what to build and how to govern it. The developers and businesses that adapt to directing AI effectively, rather than writing every line manually, will move faster than those who do not.
What this means for SMEs: For small and medium businesses in the USA, Singapore and India, vibe coding is already a practical reality. The 91% of AI-using SMBs that report revenue growth in Salesforce’s research are not all running AI departments, they are businesses using accessible tools to build faster, automate routine work and compete with larger organisations that have more resources. (Source)
Vibe coding is not the future of programming as a replacement for engineering. It is the future of how software gets started, tested and iterated, with engineering judgment determining what ships.
Conclusion
The speed gains from vibe coding are real. So is the 45% security vulnerability rate in AI-generated code. The businesses getting the most out of it are the ones who know the difference, using AI where it accelerates delivery, applying engineering rigour where the stakes require it and reviewing what gets built before it touches real users.
As an AI consulting firm working with businesses across the USA, Singapore and India, Dextra Labs helps SMEs go from intention to working implementation. We offer AI agent development, LLM development and deployment, RAG solutions and end-to-end AI consulting services, scoped to your actual business size, budget and use case. If you are ready to build with AI responsibly, we are worth a conversation.
Frequently Asked Questions:
What is vibe coding in software development?
Vibe coding in software development refers to building applications by describing what you want in plain English and letting an AI tool generate the underlying code. The developer’s role shifts from writing syntax to directing, testing and refining AI output. The term was coined by Andrej Karpathy in February 2025 and named Collins Dictionary’s Word of the Year for 2025. It is distinct from traditional AI-assisted coding in that the developer may not read or fully understand the generated code, the focus is on whether the result works, not on how it was implemented. It is most appropriate for prototypes, MVPs and internal tools where the tolerance for imperfection is higher and security requirements are lower.
Are there any security challenges with AI coding?
Yes and they are documented at scale. The Veracode 2025 GenAI Code Security Report analysed over 100 large language models across 80 real-world coding tasks and found that 45% of AI-generated code introduced known security vulnerabilities from the OWASP Top 10 list. The most common issues include hardcoded credentials and API keys visible in source files, client-side authentication logic that can be bypassed, SQL injection and cross-site scripting vulnerabilities from missing input validation and deprecated cryptographic functions that look correct but have been broken for years. Java had the highest failure rate at over 70%, with Python, C# and JavaScript ranging between 38% and 45%. Critically, Veracode’s research found this rate has not improved as models have become more capable, newer and larger models do not generate significantly more secure code than their predecessors. For any application handling real users, sensitive data, or payments, human security review and automated scanning are not optional additions to a vibe coding workflow. They are the layer that makes vibe coding safe to ship.
What is the difference between vibe coding and traditional coding?
Traditional coding requires writing precise instructions in a programming language, every function, logic branch and error condition is written and controlled by the developer. Vibe coding replaces that with natural language descriptions, with an AI handling the implementation. Traditional coding gives the developer full understanding and control; vibe coding gives speed and accessibility at the cost of some understanding and predictability. The practical difference shows up in maintenance: traditional code is easier to debug and extend because the developer knows why every line is there. Vibe-coded projects can become difficult to modify as they grow, because the architecture reflects AI decisions rather than deliberate human design.
Can non-technical people use vibe coding?
Yes, this is one of the most significant aspects of the approach. Tools like Lovable, Bolt.new and Replit are specifically designed for people with no coding background. A non-technical founder can describe an application and receive a working prototype without writing a single line of code. NYT journalist Kevin Roose demonstrated this publicly in February 2025, building several small applications with no professional coding background. However, “can build” and “can safely ship to real users” are different things. Non-technical vibe coders who cannot review generated code for security issues are at higher risk of shipping applications with the kinds of vulnerabilities Veracode’s research documents.
What tools are used for vibe coding?
The main tools fall into two categories. Browser-based app builders, Lovable, Bolt.new, Replit, are designed for non-developers who want to build without touching a terminal. AI-enhanced code editors, Cursor, Windsurf, GitHub Copilot, Claude Code, are for developers who want AI assistance within an existing codebase or professional workflow. Most experienced practitioners recommend using browser-based tools for rapid prototyping, then moving to editor-based tools for production development once the concept is validated.
Beyond vibe coding – what comes next?
Andrej Karpathy himself updated his framing in February 2026, introducing the term “agentic engineering” to describe the more mature, professional version of what vibe coding pointed toward. In this model, developers spend 99% of their time orchestrating AI agents and serving as oversight, applying engineering judgment to the direction of AI, rather than to the implementation of code directly. The tools are getting better, the models are more capable and the practice is maturing from casual experimentation into a structured discipline.
