Vibe Coding Hits One-Year Mark: AI Tools Democratize Tech but Raise Security Concerns

Vibe coding, a term coined by Andrej Karpathy, has reached its one-year mark. Experts are concerned about its implications on security after a Stanford study found that developers using AI coding tools write less secure code but report higher confidence in its security.

According to Richard Wells, covering some of the pitfalls of DIY vibe coding for Tech Times, a Stanford study showed that developers using AI coding tools not only wrote less secure code than those who didn't, but they also reported higher confidence in its security. This trust paradox has practical consequences for non-developers, who don't have an engineering baseline to calibrate this misplaced confidence.

Even Karpathy has shifted his stance a little, now referring to it as ‘agentic engineering’. In his own words, “The goal is to claim the leverage from the use of agents but without any compromise on the quality of the software. Many people have tried to come up with a better name for this to differentiate it from vibe coding. Personally, I'm currently a fan of calling it ‘agentic engineering’: – ‘agentic’ because the new default is that you're not writing the code directly 99% of the time; you're orchestrating agents who do and acting as oversight. – ‘engineering’ to emphasize that there's an art and science and expertise to it. It's something you can learn and become better at, with its own depth."

A panel at the Imagination in Action event at MIT in April discussed the phenomenon. Maria Gorskikh, connected to MIT through her work on the NANDA protocol for agentic internet, interviewed Ryan Meadows of Lovable, Christopher Harris of Blitzy, and Serge Vasylechko of the Harvard Medical School.

Gorskikh and Meadows talked about how Lovable appeals to a non-technical user base, allowing non-technical folks to build something. Blitzy, on the other hand, is designed for enterprise. Harris explained how the project's founders developed an ideology around model ensembles and pioneered the technology toward a coherent intended use. He realized that you could create the ability for agents to dynamically recruit other agents, and stitch context across agents that could create a knowledge graph of the entire codebase. This resolves the fundamental problem that's seen in many enterprise usages: the limited context window.

What emerged, Harris said, is “a whole new way of engineering.” Gorskikh asked Harris about what happens if an AI creates a codebase quickly, but it turns out to need weeks' worth of debugging, because it was created in haste by a model. Harris responded with the idea that the overarching architecture can come first, to be refined on an incremental basis, with that idea of a “knowledge graph” that reaches across the entire scope of the codebase.

The first thing Blitzy does, he said, is ingest and understand things down to the file and module level, and that becomes really powerful because it's a knowledge graph based on everything that's in there.

Later, Meadows talked about how Lovable wants to help founders. “We are their co-founder,” he said, “and so right now, we're very good at helping them build the product, but we also want to help them grow the product.” In looking at the process of agentic coding, Gorskikh asked the panel how they feel about the term itself: vibe coder.

“Some people use this, ‘vibe coder,’ as a negative connotation of a person who doesn't know how to code and doesn't care about the code,” Vasylechko said, “but personally, I think it's a great term.” The general feel in the room is that we've somehow solved coding, but Vasylechko noted that there are still many unsolved challenges in the vibe coding era.

We can build amazing stuff, but there are so many things that we cannot build with these vibe coding tools, and I think I hit on that issue every single day, he said. Vasylechko trains AI models and finds it impossible to hold in context complicated training loops or read out logs as his models train. This is a significant challenge in building with vibe coding tools.

I love the term vibe coding, Meadows said, adding that it took him a while to get on board but now we've really embraced it. What can't you build, he asked, noting that one of the things they're really working on is deploying everywhere. This is tricky today.

Gorskikh asked the panel what they see as the values of great people working on AI. Vasylechko suggested that a good pro can explain what they've vibe coded because they don't just rely on AI to do it all, or go into waters that they themselves have never waded through. Meadows added that knowing the customer is crucial, and that you have to be forward leaning and willing to remove biases and be open to new things.

You must be willing to remove biases, and be open to embracing and educating yourself on the new normal, he said, and recognize that the new normal is going to change and probably next quarter, or in many cases, your prompts are going to have to change across all the foundational as they change.

A lot of folks are very comfortable and familiar with how they've developed software over their careers, Meadows said, but if you're not forward leaning or willing to challenge yourself, you're going to limit your upside.

In lines of code, it's probably in enterprise, Meadows said, but I'm most impressed by the number of new entrepreneurs that have come out of this. I'm most optimistic that whatever sort of consolidation we see in the enterprise, because of agentic workflows, will be easily made up for in the explosion in entrepreneurship that we see, and that's the fun part of my job.

We just see millions and millions and millions of new entrepreneurs, Vasylechko said, folks that wanted to get in the game, had the idea that had been sitting on the shelf for a long time, could never build – now they can build.

Vasylechko believes that the new entrepreneurs and the founders who are using it are not the big oil tanker that's going to take forever to turn; they have their agility, whereas at the big enterprise, a big part of what you need to do is forget the way you used to work, and that is a challenge in itself.

However, Harris and Meadows both agreed that enterprise is in the act of catching up. If you work at a major enterprise, your entire career is going to be based on if you're forward leaning and you get good at this stuff. I think, like, as that becomes very apparent, there's no other option, Harris continued. They have to also be creating value.

The democratization of tech through AI tools raises concerns about security and the trust paradox.