Vibe coding is the latest phenomenon sending shockwaves through the developer community. Coined earlier this year by Andrej Karpathy, co-founder of OpenAI, vibe coding refers to the practice of directing AI coding agents using natural language prompts. The result? A surge in productivity and a wave of new startups capitalizing on the trend. Vibe coding companies like Replicit, which recently reached a staggering $3 billion valuation, and Lovable, now the fastest-growing software development startup in history, are proof that vibe coding is more than just a passing trend. It signifies a seismic shift in how software is built.
Coding has never been more accessible or intuitive, but this new ease of access also introduces significant risk and raises a critical question: how can organizations harness the power of emerging technologies such as AI while keeping security at the forefront?
The Vibe Coding Revolution
The appeal of vibe coding lies in its simplicity and speed. Over the past 70 years, AI has always played a role in software development, but now it has the capacity to generate entirely new programs from scratch. This has transformed AI from a supporting tool to a central pillar of the development process.
Recent research by Fastly reveals that 59% of senior developers report AI tools help them ship code faster and it’s clear to see why. Vibe coding allows developers to enter a “flow state” more easily, enabling them to code fluently without constant interruptions. With repetitive tasks and bug fixes handled by AI, developers can focus on higher-level problem solving, fostering creativity and reducing burnout.
For startups, vibe coding is a game-changer. In enabling the rapid building of software, it becomes ideal for testing ideas quickly. It has taken hold so firmly that the CEO of startup accelerator Y Combinator told CNBC that in roughly a quarter of current YC startups, 95% of their code is written by AI.
For experienced engineers, it’s a powerful tool for automation and experimentation and for novices, it opens doors that were previously closed due to the steep learning curve of traditional programming.
The Risks Lurking Beneath the Surface
But the good vibes don’t come without consequences. With all the benefits of this new approach, it also introduces significant risks to software integrity and security – a recent study found that 74% of organizations have experienced incidents due to insecure code, with nearly half suffering multiple breaches.
Senior developers are already seeing the trade-offs. Nearly 1 in 3 say they frequently have to fix or edit AI-generated code enough that it offsets most of the time savings. The real risk however comes when this technology is in the hands of more inexperienced developers. In the absence of knowledge and training they are less likely to report investing time into fixing AI-generated code and may approve code without understanding the security implications of what they’re building.
In the rush to adopt AI tools, teams appear to have begun prioritizing speed over security.
Why Secure Coding Still Matters
While AI can suggest fixes and static analyzers and DAST tools can catch vulnerabilities after deployment, the best outcome is when the vulnerability never exists in the first place, because a trained developer knows better.
You don’t send someone on a tightrope and hope the net catches them. You teach them how to walk the rope the right way and secure coding knowledge does exactly that, it provides developers with the necessary safety net to use AI confidently and responsibly. That means treating LLMs as untrusted components during threat modelling, mandating testing and documentation for AI-generated code, and embedding AI-specific risks into development training.
Without this knowledge, AI generated code is trusted blindly and deeper issues are overlooked, introducing real risk. AI simply cannot replace the understanding of business rules, data contextualization and system architecture that human developers bring to the table.
The most dangerous thing you can do is give someone a powerful tool they don’t understand.
A Vibe Coded Future
The rise of vibe coding signifies a fundamental shift in how software is created. It democratizes development, accelerates innovation, and empowers a broader range of people to build software. However, like any powerful tool it must be used thoughtfully and responsibly.
Whilst software development continues to evolve at a rapid pace, it cannot do so recklessly and striking the right balance between automation and understanding is essential. At the heart of this balance lies a non-negotiable foundation: secure coding knowledge. Developers must be consistently equipped with and held accountable to these principles. Only by doing so can we ensure that the good vibes last, without compromising the integrity, reliability, and safety of the code we build.
