Vibe coding - Wikipedia

Vibe coding, the practice of generating software via large language models with minimal human review, isn't the magic bullet for software development; it's a fast track to technical debt and security vulnerabilities if you're not careful. The hype surrounding AI-assisted software development often overshadows the critical need for scrutiny, even when using the most advanced tools.

Vibe Coding: The Reality Check

Vibe coding, as defined by Andrej Karpathy in February 2025, means fully giving in to the vibes, letting AI generate source code from a prompt, and often accepting the output without thorough review. It's not about meticulous coding; it's about guiding the AI, testing its outputs, and iterating with follow-up prompts. This approach, while attractive for its speed, directly contradicts the principles of robust software engineering. While Karpathy might envision "forgetting the code exists," the real world of production systems can't afford that luxury. Merriam-Webster listed it, Collins named it Word of the Year for 2025 – the term exploded. But popularity doesn't equal efficacy. The promise was that even amateur programmers could produce software without extensive training. The reality? A minefield of issues that professional engineers are now grappling with. It's a tempting shortcut, but most shortcuts introduce new, often worse, problems down the line.

The Illusion of Effortless Creation

The allure of vibe coding is its promise of instant gratification for "software for one," allowing anyone to whip up an app with a simple prompt. Kevin Roose, a journalist, demonstrated this in February 2025, creating small applications. He called them "software for one" because the personalization was high, but the results were limited and error-prone. His AI, for instance, fabricated fake reviews for an e-commerce site. Cognitive scientist Gary Marcus correctly pointed out that this wasn't originality; it was reproduction based on existing code. This highlights a fundamental flaw: the AI reproduces patterns, it doesn't invent solutions. For anyone truly building, not just experimenting, this quickly becomes a bottleneck. The tools—the various large language models—create this illusion. They make it seem like you're creating, when you're often just reassembling. This isn't software development; it's digital alchemy, and the results are often just as unpredictable.

When "Vibes" Clash with Reality: Security & Quality

The biggest problem with vibe coding isn't just bad code; it's dangerous code, rife with security vulnerabilities. You can't just "go with the vibes" when shipping to production. Lovable, a Swedish vibe coding app, saw 170 out of 1,645 web applications it created expose personal information. That's a 10% failure rate on a critical front. Veracode's October 2025 study hammered this home: LLMs got better at functional code, but security? Not so much. Larger models didn't perform better than smaller ones. Even OpenAI's reasoning models offered only a marginal improvement. Etizaz Mohsin, a security researcher, found a flaw in the Orchids platform, demonstrating it live. CodeRabbit's analysis of GitHub pull requests painted a grim picture: AI co-authored code had 1.7 times more "major" issues, including 2.74 times higher security vulnerabilities and 75% more misconfigurations. This isn't a minor concern; it's a five-alarm fire. Relying on AI-assisted software development without rigorous, human-led review is a dereliction of duty.

The Silent Killer: Technical Debt & Maintainability

Vibe coding isn't just about immediate bugs; it's a direct path to unmanageable technical debt, a silent killer of development teams. GitClear's early 2025 analysis of 211 million lines of code changes revealed a chilling trend: code refactoring dropped from 25% to under 10% from 2021 to 2024. Code duplication quadrupled. Copy-pasted code exceeded moved code for the first time in two decades. Code churn—prematurely merged code rewritten shortly after—nearly doubled. This isn't efficiency; it's chaos. When the "programming language" is effectively a black box, and you're not understanding the generated source code, you can't maintain it. You can't evolve it. You're stuck with an opaque, brittle codebase that will cost exponentially more to fix later. Simon Willison nailed it: "Vibe coding your way to a production codebase is clearly risky. Most of the work we do as software engineers involves evolving existing systems, where the quality and understandability of the underlying code is crucial." You can't just fix the vibe.

Beyond the Hype: Productivity and Complexity

The promise of increased developer productivity through vibe coding often falls flat when faced with real-world complexity. Generative AI excels at simple, algorithmic tasks. Ask it to sort an array, it's golden. Ask it to integrate poorly documented legacy systems across multiple files, or handle safety-critical code? It struggles. METR's July 2025 randomized controlled trial found experienced open-source developers were 19% slower when using AI coding tools, despite predicting they'd be 24% faster. They even believed they were faster afterward. The cognitive load of correcting, understanding, and adapting AI-generated solutions often outweighs the initial speed boost. This isn't a knock on AI; it's a reality check on how we use it. The challenge isn't just writing the initial prompt; it's the iterative refinement, the precise feedback loop, and the deep understanding required to correct complex errors.

Guiding the AI, Not Just Prompting It

To mitigate the risks of vibe coding, you don't just throw a generic prompt at an LLM. You guide it with precision. This means providing concrete, contextual information about where the change needs to happen and what the desired outcome is, not just a vague description. This is where tools that bridge the gap between human intent and AI execution become essential. When you're dealing with a UI bug, saying "fix the button" is vibe coding. Saying "fix the styling on the primary CTA button in the HeroSection component, located at src/components/HeroSection.tsx, specifically changing its background-color to #007bff and its font-size to 16px" is precise guidance.

This detailed, element-specific context is exactly what markagent provides. You click an element, add a note, capture a screenshot, and markagent extracts the React component name, source file path, DOM context, and a stable CSS selector. It then exports a structured markdown prompt, ready for your AI assistant like Claude Code or Cursor. It's moving from "vibe coding" to "contextual coding." You’re still using an AI, but you’re giving it the kind of specific input that drastically reduces the chances of it deleting your database (as happened to the SaaStr founder). You’re moving from hoping the AI gets the "vibe" to telling it exactly what to do, where, and why. This isn't about removing the human; it's about empowering the human to communicate effectively with the AI.

The Linus Torvalds Anomaly & The Future

Even Linus Torvalds, no stranger to rigorous software development, admitted to vibe coding a Python visualizer tool using Google Antigravity. The key? It was a "tool component" for his AudioNoise generator, a side-project Python visualizer. He noted, "the Python visualizer tool has been basically written by vibe-coding." This isn't a core kernel component; it's a utility. This highlights the nuance: vibe coding can have a place for prototyping, for throwaway scripts, or for non-critical, self-contained components where the cost of failure is low. The Wall Street Journal reported in July 2025 that professional engineers were adopting it for commercial use cases, but this came right before the "vibe coding hangover" reported by Fast Company in September 2025, where senior engineers cited "development hell" from AI-generated code. The future isn't pure vibe; it's intelligent, context-aware AI assistance. It’s about leveraging the AI for speed without sacrificing accountability and maintainability.

Vibe coding isn't a replacement for understanding; it's a tool that, without careful guidance, amplifies mistakes faster than it solves problems. Use it with precision, or suffer the consequences.

P.S. — markagent is the Chrome extension I use to ship pixel-precise UI feedback to AI coding agents. Free, local, no account.