Vibe coding and the future of software development

Vibe coding is the next evolutionary step in how generative AI is impacting coding and the software development lifecycle. Vibe coding, or AI-assisted development, lets a developer or less technical builder develop full-stack applications using an iterative series of AI prompts to establish and then improve the application’s design.

Vibe coding represents a significant advancement over AI code generation and the use of AI to enhance the software development process. Watching a demo of using Replit to generate an interactive map recently, I was reminded of the Star Trek holodecks, which crew members used to develop a fully interactive scene with just a series of prompts.

I recently asked whether AI is the end of IT as we know it. After seeing vibe coding in action, I had the same question: Could vibe coding be the end of software development as we know it?

Vibe coding is only the beginning

I asked a range of experts for their thoughts about vibe coding and received an enormous response. Many weighed in philosophically, sharing best practices, and issuing warnings about the perils of vibe coding. Some experts view vibe coding as an AI development tool, rather than a threat to software developers.

“I don’t think vibe coding is the end of software development any more than the compiler, high-level languages, or the virtual machine were,” says Nic Benders, chief technical strategist at New Relic. “Those shifts felt disruptive at the time but became foundational, moving us from hardware whisperers to application builders,” he says. “And this will be the same, so long as we stay grounded in defining the right problems, keeping humans in the loop, and having visibility and security in place.”

Bharat Guruprakash, chief product officer at Algolia, agrees that vibe coding is an evolutionary step in software development and not an endpoint. “Vibe coding is just another abstraction to a higher order, the same way procedural and object-oriented programming became an abstraction in the 1960s and 1970s for punched cards and assembly language programming. In all previous cases of coding abstraction, the volume of development work did not go down; it increased significantly, but the nature of the job changed, and we will see the exact same thing happen with vibe coding.”

Others see vibe coding as an early, yet fundamental shift in software development. Diego Tartara, global CTO at Globant, says, “The future of coding will look more like vibe coding than traditional coding as tech moves fast, and we need to adapt when there is actual benefit—even if some of us still miss the days of C and assembly. Still, vibe coding and mainstream tooling are works in progress or steps towards a more stable future. Building reliable, efficient, and maintainable software at scale using an unstructured language open to multiple interpretations isn’t ideal without proper processes.”

Also see: Is AI the 4GL we’ve been waiting for?

Pros and cons of vibe coding

Experts generally acknowledge vibe coding can produce highly functional prototypes very quickly, and being able to rapidly prototype a fully functional application and iterate on the user experience has significant value. It can lead to faster development iterations and better user experiences compared to design prototypes and static wireframes.

But some challenge whether vibe coding can produce sophisticated, scalable, and secure enterprise-ready applications.

“Vibe coding is ideal for prototyping, exploratory work, and early-stage design,” says Michael Berthold, CEO and founder of KNIME. “However, its strengths are also its limits, and it rarely produces predictable, reproducible, or explainable systems, which makes debugging often impossible. When deployed, vibe-coded systems can produce edge-case failures that vibe-coded tests didn’t find, and this also means that those systems can contain security holes. Since those systems often can’t be audited clearly, they shouldn’t be trusted in production or safety-critical contexts.”

Base44, Cursor, Replit, and other vibe coding tools target different development personas and technical skills. Beyond prompts, they offer different developer experiences, features, and tools. The disparity in capabilities can make it challenging for developers working in regulated industries, with development and infrastructure standards, to do more than prototype.

“Vibe coding gets ideas into visual form fast, but most tools lack the infrastructure needed to scale beyond prototypes,” says Marcus Torres, chief product officer at Quickbase. “Without built-in data structures, access controls, or enterprise-grade security, non-developers often hit a wall. That’s why vibe coding has mostly stayed in the realm of low-risk or experimental projects.”

Still, vibe coding represents a paradigm shift in how architects, product owners, and engineers collaborate. Experimenting with vibe coding is excellent for testing functionality and determining the best way to utilize selected tools.

“AI-assisted coding marks the start of a new model for development, where developers shift from coding line by line to shaping the logic, context, and goals that guide intelligent systems,” says Michael Ameling, president of SAP Business Technology Platform. “With vibe coding, success depends less on speed and more on how well teams architect with AI as a collaborator, grounded in clean, well-structured data to deliver the most accurate results.”

Should non-developers vibe code?

The early days of low-code and no-code development offer many parallels to how experts perceive the potentials and risks of vibe coding today. Similar to low-code development, some experts are excited about rapid iteration, simplifying development skills, and the benefits of accelerating end-user feedback.

“Approach vibe coding with iteration in mind, break problems down, and iterate on them with the AI,” says Noah Schwartz, head of product at Postman API Network. When working with a colleague, you might start by describing the ultimate goal, and the next step would be to break down the problem and build toward the solution. Demo how you vibe code, just like you demo the features you build. Vibe coding is a skill and can be taught, demoed, and learned.”

Others caution that expanding development capabilities widens the potential for security vulnerabilities.

“Vibe coding has the benefit of democratizing development, but it also has the potential pitfall of decentralizing risk,” says Ashwin Mithra, global head of information security at CloudBees. “Security checks are limited and can’t catch everything, especially context-specific risks or complex vulnerabilities, API leaks, weak authentication, exposed PII, and unencrypted data.”

The secret to scaling citizen data science and citizen development is establishing strong AI governance. Organizations looking to try vibe coding should document their policies and define their devsecops non-negotiables.

Priorize security, even with prototypes

Even with governance defined, some experts note that developers often add security after implementation, and many haven’t adopted shift-left security practices. Extending this mindset to vibe coding, where there is still much to learn about securing AI-generated code, poses real risks.

“Best practices for vibe coding revolve around being extra vigilant and ensuring that all the established security best practices are not overlooked,” says Liav Caspi, CTO at Legit Security. “This includes vulnerability scanning and threat modeling, establishing automated checks and validations, and maintaining oversight over what the AI is producing. Developers need to take a zero-trust approach with AI-generated code, and remember that vibe coding tools prioritize productivity versus privacy and security, and must be used with care.”

Chris Joynt, director at Securiti AI, adds, “Vibe coding with an AI assistant offers unparalleled speed for a first draft, but this velocity can easily lead to injection vulnerabilities, broken access controls, or leaked secrets without proper setup, context, oversight, and, of course, thorough code review.”

Third-party code and intellectual property concerns

Low-code and no-code development platforms have built-in security guardrails that govern how code is generated and whether they enable developers to integrate third-party components. Vibe coding platforms can be more open-ended, requiring a more thorough security review of the included components and generated code.

“Vibe coding elevates upfront definition and architecture, letting creativity flourish in rapid prototyping and building minimal viable products by favoring iteration over perfection,” says Scott Sanders, VP of platform engineering at Sonar. “From a security perspective, the vast amount of generated code makes adhering to security and regulatory standards difficult, adding a new cognitive load on developers to review and validate at scale.”

Another area of concern is the ownership and terms of use of the intellectual property created in vibe coding platforms. IT leaders should consult with their legal department before prototyping to understand how each platform treats intellectual property.

“Centralized vibe coding platforms quietly log and ingest everything users prompt, from creative ideas to business-sensitive code snippets,” says David Minarsch, founder of Olas. “This introduces a real risk for developers building proprietary workflows or internal tooling because users potentially forfeit rights to their own logic, workflows, and creative projects.”

Risks in ungoverned production deployments

When organizations sanction vibe coding platforms for prototyping, additional questions and concerns arise regarding the deployment of these applications in production environments.

“Vibe coding may feel fast and frictionless, but it’s an anti-pattern masquerading as productivity,” says Steve Touw, co-founder and CTO of Immuta. “It discards foundational engineering practices in favor of AI guesswork, producing brittle systems riddled with hidden bugs and security gaps. While useful for low-stakes prototyping, relying on it for real applications without testing, auditability, or access governance is reckless.”

Another concern is whether developers connect vibe coding to production environments with unfettered access to make infrastructure changes. In one example, a vibe coding platform deleted a production database, but questions remain about whether this constitutes a governance failure.

Rob Whiteley, CEO of Coder, says that vibe coding represents a shift in how we collaborate with code, moving from a manual to a creative flow, similar to pair programming with AI. “Treat vibe coding like working with a junior developer, with code reviews, scoped permissions, and tight loops because AI lacks architectural context, long-term thinking, and safe defaults. Without boundaries, it can go from helpful to hazardous fast, and fast code without governance is guaranteed to fail one way or another.”

Gurjeet Arora, co-founder and CEO of Observo AI, warns that AI-assisted coding, including vibe coding, is contributing to a surge in raw telemetry and observability data. “Even when the code works, it can be wildly inefficient with log generation. At organizations that process all their logs through a SIEM [Security Information and Event Management system], all this new data can dramatically spike costs. IT organizations need to keep a close eye on SIEM traffic to spot rogue applications that might be flooding the system.”

For these reasons, many experts recommend limiting the use of vibe coding to creative exploration and prototyping, at least for now.

Facundo Giuliani, developer relations engineer at Storyblok, recommends treating vibe coding as a method for prototyping or exploring concepts, and not a direct path to production. “Vibe coding excels at sparking creativity, quickly transforming ideas into working prototypes through natural language prompts—perfect for experimentation and rapid validation,” he says.

Vibe coding and the art of possibility

It is a mistake to assume that today’s concerns and challenges around vibe coding platforms and practices won’t mature over time. Eight years ago, I challenged whether AI could learn to code, and now it’s building entire applications. If vibe coding follows a similar trajectory as low-code development, expect to see its capabilities, security, and risks addressed as adoption increases.

“We’re experiencing change, but it’s evolution rather than revolution,” says Tobie Morgan Hitchcock, CEO and co-founder of SurrealDB. “The starting posts have shifted, and simple manual coding will give way to AI, lowering the barriers to hobbyists and small businesses, while developers’ more demanding tasks will be iteration, reviewing, testing, and refining.”

With every new methodology comes both evangelists and naysayers, as well as opportunities and risks. But if vibe coding’s capabilities improve in time, as many experts expect, then it may spell an evolution in software development far beyond the code generators and copilots developers are using today.