"Vibe coding" - the practice of describing what you want and letting AI generate the code - has become a phenomenon. Andrej Karpathy coined the term in February 2025, and Collins Dictionary named it their Word of the Year.
The promise is compelling: natural language to working software. The reality is more nuanced. Here's an honest assessment.
What Vibe Coding Actually Is
Vibe coding means generating code through AI without fully understanding or reviewing every line. You describe the vibe of what you want, and the AI figures out the implementation.
This is distinct from AI-assisted engineering, where developers use AI as a tool while maintaining understanding and oversight of all code.
The difference matters.
Where Vibe Coding Works
Rapid Prototyping
Vibe coding excels at getting something working fast:
- Hackathon projects
- Proof of concept demos
- Internal tools you'll rebuild later
- Learning experiments
When the goal is "show this can work" rather than "build something maintainable," vibe coding delivers.
Throwaway Code
Scripts you'll run once, automation you'll discard, tools with a short lifespan - these are ideal for vibe coding. The code quality doesn't matter if the code won't exist tomorrow.
Boilerplate and Scaffolding
Generating repetitive code, starter templates, and standard configurations works well. The patterns are well-established, and errors are easy to spot.
Small, Isolated Tools
Simple utilities with clear inputs and outputs can be vibe-coded safely:
- Data format converters
- Single-purpose CLI tools
- Basic CRUD operations
When the problem space is constrained, AI generates reliable code.
Where Vibe Coding Fails
Production Systems
The numbers are stark. In an August 2025 survey, 16 of 18 CTOs reported experiencing production disasters directly caused by AI-generated code.
Problems include:
- Security vulnerabilities in AI-generated authentication
- Data corruption from misunderstood database operations
- Performance issues from naive implementations
- Integration failures from hallucinated APIs
Complex Architecture
AI tools struggle with:
- Multi-service coordination
- Database schema design
- Authentication and authorization flows
- Distributed system concerns
These require understanding the full system context, which AI doesn't have. AI optimizes locally, creating code that "works" in isolation but fails in integration.
Edge Cases and Error Handling
AI generates happy-path code well. Error handling, edge cases, and failure modes get less attention. Production systems encounter edge cases constantly.
Long-Term Maintenance
AI-generated code often becomes what engineers call "spaghetti code" - inconsistent styles, unclear structure, minimal documentation. The AI solves similar problems differently each time, creating a patchwork that's hard to maintain.
Six months later, nobody understands why the code works. Debugging becomes archaeology.
Security-Critical Code
A May 2025 analysis found 170 of 1,645 web applications built with one vibe coding platform had security vulnerabilities allowing unauthorized data access.
Security requires paranoid, defensive thinking. AI generates optimistic code that assumes good inputs and benign environments. That's the opposite of what security requires.
The Hallucination Problem
AI models hallucinate - they confidently generate code that references:
- Non-existent libraries
- Incorrect API methods
- Deprecated functions
- Imaginary parameters
Research shows commercial AI models recommend nonexistent software packages 5.2% of the time. Open source models do it 21.7% of the time.
If you don't verify every dependency, import, and function call, you're building on sand.
The Accountability Gap
When AI generates code, traditional ownership blurs. Developers who didn't write the code may not catch flaws they would have avoided when writing manually.
This creates a dangerous dynamic:
- AI generates plausible-looking code
- Developer assumes it's correct (it compiled, after all)
- Bugs ship to production
- Nobody truly understands the code to debug it
The code works until it doesn't, and then nobody knows why.
How Professionals Use AI Coding Tools
The key distinction: AI-assisted engineering maintains human understanding and oversight.
Simon Willison's Rule
"I won't commit any code to my repository if I couldn't explain exactly what it does to somebody else."
If an AI wrote code that you reviewed, tested thoroughly, and can explain to someone else - that's software development, not vibe coding.
Review Everything
AI is a fast typist, not a trusted colleague. Every line needs review:
- Does this do what I intended?
- Are there edge cases not handled?
- Is this the right approach architecturally?
- Are the dependencies real and appropriate?
- Is error handling adequate?
Test Rigorously
AI-generated code needs more testing, not less:
- Write tests before generating implementation
- Test edge cases explicitly
- Run security scanners
- Load test performance-critical paths
Understand Before Committing
If you can't explain the code, don't ship it. This is the line between vibe coding and professional AI-assisted development.
Practical Guidelines
Use AI For:
- First drafts and starting points
- Boilerplate and repetitive code
- Exploring implementation options
- Generating test cases
- Documentation drafts
Don't Use AI For:
- Security-critical code without expert review
- Database migrations without verification
- Production code without thorough testing
- Anything you can't explain line by line
When Vibe Coding:
- Accept you'll probably rewrite it
- Don't connect it to production data
- Keep the scope small
- Treat it as disposable
The Bottom Line
Vibe coding is real and useful for specific scenarios. But it's not a replacement for understanding software development.
As Canva's CTO put it: "No, you won't be vibe coding your way to production - not if you prioritize quality, safety, security and long-term maintainability at scale."
AI makes coding faster. It doesn't make software engineering easier. The hard parts - architecture, security, edge cases, maintenance - still require human judgment.
Use AI tools. They're genuinely helpful. Just don't outsource understanding.