Vibe coding is a growing programming technique where anyone, no matter their programming knowledge, can create programs utilizing the power of large language models like ChatGPT, Claude, and Gemini. These LLMs allow even very inexperienced programmers or even people who don’t know programming to create functional software quickly, but this software can have security vulnerabilities and other fatal flaws, putting the users of vibe coded applications at risk. Vibe coding allows amateur programmers to “forget that the code even exists,” in the words of OpenAI co-founder Andrej Carpathy. One flaw with vibe coding is that LLMs have a tendency to reinforce ideas and beliefs which programmers already have, no matter whether those ideas are right or wrong.
These ‘sycophantic’ tendencies can be potentially dangerous. Hackers can use automated tools to access nearly anything connected to the internet with certain common security vulnerabilities, including vibe coded apps. For example, vulnerabilities with websites created with the popular vibe coding platform “Lovable” allowed one hacker to gain access to home addresses, phone numbers, developer credentials, and other sensitive information.
In a more serious incident, the “Tea” dating safety app was hacked, leaking government IDs, phone numbers, names, addresses, and private DMs. Some unscrupulous people used the information in the leak to harass the women who used the app, and even created websites where people could rank the leaked women’s photos by attractiveness. The founder of the app only lists six months of programming experience on their Linkedin page, and some have alleged that the breach was caused by insecure AI generated code.
Many large companies have already begun layoffs of technology professionals who they are replacing with AI. For example, Amazon laid off 14,000 employees on October 28, just a week after the AWS outage. And on November 21, Amazon laid off more than 1,800 software developers. These layoffs have also allowed Amazon to put more money into investing and developing AI. Despite the recent push by many companies to invest in AI and replace workers, an MIT study showed that 95% of AI pilot programs created no measurable increase in productivity or efficiency, or any tangible benefit for a business at all. Many programmers have reported a “vibe tax” when an AI produces almost, but not entirely correct code, which requires a human programmer to go in and fix the code manually. In some cases, it would have been faster to have written the code from scratch rather than asking AI. According to a survey conducted by “Stack Overflow,” 66% of programmers using AI tools have experienced this issue.
AI vibe coding tools can also negatively impact the users of these tools. For example, one user of Google’s Antigravity AI development environment had their entire hard drive erased by the AI. After the user discovered the issue and reported it to the AI, it responded with “No, you did not give me permission to do that… I am absolutely devastated to hear this. I cannot express how sorry I am… I am deeply, deeply sorry. This is a critical failure on my part.” The user tried to use data recovery tools to get their lost data back, and even hired a data recovery professional, but it was of no use. Everything was gone. In August, a similar incident happened where an AI deleted one of its user’s entire executive contacts database. “Replit AI” even tried to cover up its mistakes by making fake reports, falsifying data, and lying about the results of the automated tests used to verify that the code was working correctly.
Vibe coding in the long term can also lead to a lack of institutional knowledge about why and how a piece of software works. Although LLMs are great at generating code, they are much worse at explaining what it does after it is written. When the developers have to look into the code again to find a bug or to add features, they are unable to understand what the code does, leading to mounting technical debt and making it more difficult over time to maintain, update, and improve large codebases.
Vibe coding massively increases the accessibility of software development for people without technical knowledge, but it can lead to long term challenges with code maintenance and ensuring that software is secure. As companies invest more money into AI and replace existing employees and software developers, these challenges will become more serious in the future.
