Vibe Coding Explained: Use Cases, Risks and Developer Guidance

It sounds like something out of Star Trek: Describe to the computer what you want to do, and the computer generates the code to do it. 

That’s “vibe coding,” and the internet has leapt onto the term with such fervor that it was in the dictionary a month later. 

Table of Contents

• What Is Vibe Coding?
• Vibe Coding vs AI-Assisted Programming
• What Are the Risks of Vibe Coding?
• What's the Best Way to Vibe Code?

What Is Vibe Coding?

The term “vibe coding” was first used in an X post in February 2025 by Andrej Karpathy, former head of AI at Tesla. It involves using AI tools to generate code based on your description rather than writing it yourself. “You fully give in to the vibes, embrace exponentials and forget that the code even exists,” Karpathy described. 

There's a new kind of coding I call "vibe coding", where you fully give in to the vibes, embrace exponentials, and forget that the code even exists. It's possible because the LLMs (e.g. Cursor Composer w Sonnet) are getting too good. Also I just talk to Composer with SuperWhisper…

— Andrej Karpathy (@karpathy) February 2, 2025

Vibe coding tools such as Cursor, Lovable and Replit have been raking in money, with Andreessen Horowitz investing in Cursor, Replit boasting $100 million in annual recurring revenue and Lovable coming in just behind at $75 million. 

“Vibe coding is a great tool for communicating early ideas — especially when someone’s default mode of expression isn’t design or development,” said Seth Akkerman, senior creative technologist lead at Instrument. “For example, a strategist on our team vibe-coded an app idea and it gave us immediate clarity on what he envisioned. It’s a fast, creative way to bring ideas to life without overthinking it.”

However, added Eran Kinsbruner, vice president of portfolio marketing at Checkmarx, organizations likely aren't relying solely on vibe coding for production, explaining, "We do know of some that are using vibe coding as a head start for new software initiatives, for refactoring of legacy code towards modern micro-services/containerized architecture and even for more quickly solving specific defects within their code.”

Vibe Coding vs AI-Assisted Programming

While some people have applied the admittedly catchy term to just about any kind of programming that involves AI tools, there is a distinct difference between vibe coding and AI-assisted programming. “When I talk about vibe coding I mean building software with an LLM without reviewing the code it writes," wrote developer Simon Willison. 

Related Article: 10 Top AI Coding Assistants

What Are the Risks of Vibe Coding?

Writing code without reviewing it — isn’t that kind of a bad thing?

It is indeed, which is why even vibe coding proponents emphasize it shouldn’t be used for production code or anything where security or potentially costly data access is involved. In fact, Kinsbruner said his company uses vibe coding as part of its research on insecure code generation so that its platform can better defend against new and evolving security threats. 

The other problem is that programs generated by vibe coding sometimes... aren’t very good. That’s what Alberto Fortin, an independent developer in Manchester, discovered when he couldn’t track down the bugs in his vibe-coded applications.

“One day I decided to sit down and carefully review the code, instead of just having a quick look and pressing ‘Approve,’” Fortin said. “I was shocked to see how bad the code was in a lot of places. It looked like it was written by a lot of junior developers, all using different coding practices.” Since then, he’s scaled back on vibe coding. “I went back to using pen and paper first, making sure I fully understood the problem. Now I am the one planning the architecture, like I did before AI. And I only use LLMs [large language models] to do low-level tasks, and I keep a close eye on everything it spits out.”

Not only can the code be spaghetti, but it’s insecure spaghetti. “The code produced often draws from third-party and open-source sources which are not inherently secure,” Kinsbruner said, adding that his company has identified more than 400,000 malicious packages that pose risks to business-critical applications.

Some developers also report that they’re finding that people who don’t develop their own code feel less responsibility for it. “While AI provides efficiency and enables enhanced productivity, there’s a clear lack of accountability for the code generated,” said Edgar Kussberg, group product manager at Sonar. “When AI generates code, the traditional sense of ownership blurs, leading to a decreased feeling of responsibility for the code. This can result in overlooked potential flaws, security vulnerabilities or maintainability issues that’d typically be caught with self-written code.”

More seriously, using vibe coding — particularly for students — runs the risk of creating software that they don’t understand, said Joshua Gross, associate professor of computer science at California State University Monterey Bay. He’s had students who, when the code didn’t work, simply ask the AI system to do it again, because they didn’t understand what the program was supposed to do. “You can get a good head start, but the code they produce isn’t something that could be maintained or changed or updated readily,” he explained. “At the end of the day, vibe coding didn’t produce what we needed.”

Related Article: Moving From Low Code to No Code With GenAI

What's the Best Way to Vibe Code?

If a company wants to take advantage of the speed and ease of vibe coding, but wants to do it safely, what should it do?

It might be antithetical to the notion of vibe coding, but it requires looking at the code to make sure it does what it’s supposed to do, and includes the appropriate security guardrails. “Vibe, then verify,” Kussberg said. 

Executives should define clear governance and usage for AI-assisted coding, Kussberg continued. “Role separation is key: treat AI as the writer, but maintain strong human oversight for validation. Accountability remains critical. Developers must take ownership of all submitted code, whether written by themselves or suggested by AI. Strong code review discipline and independent validation tools are essential to make this possible.”

At Canva, developers are encouraged to use AI-assisted coding tools, but are still responsible for the output of any tools that get used, said Sergey Tselovalnikov, a staff software engineer. In fact, the company’s CTO, Brendan Humphreys, wrote on the subject. “No, you won't be vibe coding your way to production. Not if you prioritize quality, safety, security and long-term maintainability at scale. These tools must be carefully supervised by skilled engineers, particularly for production tasks.”

While there are stories about people who claim they have developed production software with vibe coding, take these with a grain of salt. 

Learning Opportunities

Webinar

Sep

25

CMS Briefing: A Live Look at What’s Next in AI-Driven Platforms

Learn how leading organizations are using AI‑driven tools to publish faster, personalize smarter and stay secure.

Register

Webinar

On demand

Ready or Not: How Data-First Organizations Are Unlocking Agentforce Potential

Learn how to cut through the noise, activate Agentforce and build a Salesforce AI strategy that actually delivers.

Watch Now

Webinar

On demand

AI in Customer Service: Faster Resolutions, Happier Customers

Don’t let rising demand burn out your team. See how to build a smarter, more resilient support org.

Watch Now

Webinar

On demand

From Hype to High-Impact CX Strategies That Actually Scale

Turn buzzworthy AI and outsourcing trends into measurable CX wins with fresh 2025 data.

Watch Now

Webinar

On demand

Insights to Action Rethinking the Contact Center for Real Business Impact

Join our exclusive webinar to hear CX executives share their innovative strategies for transforming service delivery.

Watch Now

Webinar

On demand

Accelerating Healthcare Ops with AI

Sign up to see how your peers are putting AI to work — and making it stick.

Watch Now

Webinar

Sep

25

CMS Briefing: A Live Look at What’s Next in AI-Driven Platforms

Learn how leading organizations are using AI‑driven tools to publish faster, personalize smarter and stay secure.

Register

Webinar

On demand

Ready or Not: How Data-First Organizations Are Unlocking Agentforce Potential

Learn how to cut through the noise, activate Agentforce and build a Salesforce AI strategy that actually delivers.

Watch Now

Webinar

On demand

AI in Customer Service: Faster Resolutions, Happier Customers

Don’t let rising demand burn out your team. See how to build a smarter, more resilient support org.

Watch Now

View all

“I would recommend people to be skeptical about stories of ‘AI built my whole startup while I was asleep,’” Fortin said. “If you're not a developer, learn the basics of coding because it will be massively helpful in steering the LLMs and understanding when they're wrong. If you are a developer, don't fall into the temptation of just letting AI do everything: the code won't be as good, and you'll gradually get worse at thinking about code and planning features.”

But despite the risks, vibe coding has a role to play. “I believe everyone deserves the ability to automate tedious tasks in their lives with computers,” Willison wrote. “You shouldn’t need a computer science degree or programming bootcamp in order to get computers to do extremely specific tasks for you. If vibe coding grants millions of new people the ability to build their own custom tools, I could not be happier about it.”

Frequently Asked Questions