What is Vibe coding?

What is vibe coding, besides one of the most polarizing topics in tech right now? You have probably come across the name on LinkedIn, YouTube or some forum. It is already on Wikipedia too, so we may as well join in.

Vibe coding is a way of building applications through AI. Instead of writing code by hand, you write prompts. It relies on tools such as GitHub Copilot, Cursor, Replit Agent or ChatGPT, which read your prompt and produce code from it, from simple prototypes to full web apps.

This can speed development up, but for now only under the supervision of an experienced programmer. For them, it frees up time for more important work, such as testing or securing the application.

The term "vibe coding" comes from a February 2025 tweet by Andrej Karpathy, a prominent AI researcher and former co-founder of OpenAI.

The tweet begins like this: "There's a new kind of coding I call 'vibe coding', where you fully give in to the vibes, embrace exponentials, and forget that the code even exists."

For senior developers, this saves time. Thanks to AI, they can focus on harder problems instead of boilerplate (repetitive code that is mostly the same across projects) or syntax. AI handles the routine, like building forms or minor refactoring, so developers can spend their time on the parts that need real logic.

Non-technical and design roles can quickly prototype an application or parts of it. Figma offers prototyping too, but an interactive site can be far more interesting and useful, for example when you want to improve the UX.

Vibe coding works like a conversation, and that encourages creativity. Developers end up exploring ideas they might not have considered before. There are even voice-controlled tools such as SuperWhisper that let you code hands-free.

AI-generated code can contain bugs, be inefficient, or fall short on security. Large language models (LLMs) can produce code that works on the surface but hides problems you will not spot right away. The security firm Snyk, for example, writes that AI-generated code is often vulnerable to issues such as SQL injection (an attack where a user sends their own SQL to a server and changes or deletes data), and should always be reviewed.

In the hands of inexperienced developers, you get so-called "spaghetti code", another term you hear a lot right now. It is simply poorly written or generated, inconsistent code that experienced programmers then have to clean up.

When the AI does not get a specific enough prompt, and the changes touch a large part of the code across many files, it often misses the connections. Components or files then may not work together. AI also tends to write more complex code than you need. If you want it to do something, you should know how you want it done and put that in the prompt. For example, "Do X using Y (such as the map function in JavaScript)".

Developers, especially beginners, can lean on AI too much, which slows their learning. They risk falling behind on basics like debugging and never moving up a level. That comes back to bite them when the AI tools are unavailable or making mistakes of their own.

Vibe coding projects often lack modularity and documentation, and skip best practices, which makes them hard to scale and maintain. When a project needs a fix, developers struggle to understand the code. That leads to technical debt and high costs.

AI can quietly pull in copyrighted or licensed code from elsewhere. That creates ambiguity about who owns the code and whether you are honoring open source licenses. Applications can also miss critical safeguards, such as proper protection of user data or payment cards. Avoid uncontrolled vibe coding on projects that demand strict data security, such as banking or healthcare software.

This one is debatable, but we lean toward seeing it as a downside. The idea that anyone can build an app and the barriers fall is appealing. But even the apps we already have are, in many cases, not fully secure or finished.

You can "prompt" an app into existence, but it then needs even more care. You have to test it thoroughly, and that is a technical skill. You have to check that the code makes sense and that the different parts of the app talk to each other correctly, and that again takes solid programming knowledge.

There are more and more cases where a non-technical person vibe-coded an app and paid for not understanding the code. Hobby hackers killed it off, through an unprotected rate limit on the API (how many requests you can send within a given time) and other security holes.

For example, Lovable, where you can try vibe coding, says its new version is more secure, but does not say how. The announcement only tells us they added a Security Scan feature.

The code AI learns from is still written by humans, and unfortunately most developers and companies have not fully figured out security either.

Vibe coding is a different way of building software, where AI turns natural language into code. That can make programming faster, more accessible, and more creative.

But it has its pitfalls. The generated code can be unreliable, harder to maintain, and may carry legal risks. That is why human oversight still matters. When developers combine AI with classic skills and stick to best practices, they get the most out of vibe coding and avoid most of the traps.

It is not a replacement for traditional software engineering, but it is a great tool when you use it correctly.

Related articles: