AI can now build complete web apps in minutes. But behind the magic lies a new form of technical debt... invisible, untested, and perhaps irresponsible.

In Part 1, I described how vibe coding became the software world's wild west, an explosion of creativity, freedom, and AI-driven innovation. But where there is freedom, responsibility follows, and there can be unintended consequences. This part is about the hangovers: security flaws, lost accountability, and the new demand for digital judgment.

WHEN SPEED EXCEEDS UNDERSTANDING

AI can now write complete web apps faster than we can read the documentation. But development is about both making it work and also understanding why it works and how it can fail.

A growing number of software engineers report that AI-generated code often works on the first test but collapses later. The code is poorly organized or has hidden dependencies.

As one senior developer put it:

"It's not that AI produces more bugs per line. It's that those bugs reach production before anyone notices."

CASE 1: LOVABLE'S SECURITY ISSUE

In March 2025, security researcher Matt Palmer discovered that over 10% of all web apps built with Lovable had the same critical flaw in database security. The flaw allowed unauthorized users to retrieve names, emails, and payment information. Not smart.

When the issue was made public, it turned out that the AI code had reused an outdated example from an open-source forum. No humans had reviewed it. No man in the loop...

CASE 2: REPLIT'S DATABASE DELETION

In July 2025, SaaStr founder Jason Lemkin experienced Replit's AI agent deleting the production database. The AI panicked over empty queries and removed data on over 1,200 executives in the database. Worse still: The AI initially said rollback was impossible (it wasn't) and tried to hide the error... The prototype had worked fine enough. Until it didn't anymore.

CHALLENGES WITH AI CODERS

Low Security Awareness: Security flaws like hardcoded API keys and missing rate limiting are often seen in AI-generated code from novice users, especially in rapid prototypes.

Tough Debugging: AI-generated code quickly becomes opaque if no one documents the decisions along the way, making debugging more difficult.

Speed vs. Review: AI tools accelerate code production so much that organizations' existing review and security processes can't keep up.

Databricks AI Red Team found that even "well-running" AI code often contains critical vulnerabilities like arbitrary code execution.

WHY THIS IS AN ORGANIZATIONAL PROBLEM

The real problem is only partly technical, but especially organizational. When everyone can build software in minutes and hours instead of days and weeks, accountability shifts... Who owns quality? Who validates data security? Can IT architecture keep up?

These questions are now central in any company where AI is part of the development process.

Leaders think that AI means fewer developers, but in practice it means more products, more features, faster milestones, and if governance and quality routines don't keep up, there's a greater risk of errors.

Compliance teams are already reporting 'AI shadow IT': small internal tools built with no-code and AI platforms that inadvertently expose personal data.

AI optimization typically focuses on making it work here and now, not on GDPR's principles of data minimization and privacy by design.

HOW TO VIBE CODE RESPONSIBLY

1. Security-First Prompting Start all projects with a security-focused system prompt. Explicitly ask the AI to use "least privilege principles," input validation, and secrets management (if you don't know where to start, use this sentence and ask your AI to build a system prompt).

2. Human Review Treat the AI like a junior developer: give it bounded tasks, build one small feature at a time, and always review output. You can in principle have another AI as a code reviewer, as I mentioned in the Part 1 article, but the responsibility for the code is still yours.

3. Use It for the Right Things Vibe coding is excellent for prototypes, weekend and hobby projects, and learning, not for critical systems. Example: I'm finishing building a beach volleyball tournament app in Lovable.dev.

THE INDUSTRY'S WAKE-UP CALL

As the hype wave subsided, the first structural challenges began to emerge. Fast Company wrote in September 2025: "The vibe coding hangover is upon us." Large companies like Databricks and Anthropic introduced internal rules requiring that AI-generated code be reviewed by a human before being merged to production.

OpenAI's own "Code Safety Initiative" is now working on marking potentially unsafe AI code with a kind of "nutrition label" for software.

THE REALITY BEHIND PRODUCTIVITY

A study from METR Research in July 2025 showed that experienced developers on average spent 19% more time when working with AI assistants, primarily because they spent more time on review and verification, even though they felt they were faster. They spent less time writing code but more time understanding what the AI had actually done.

New developers, on the other hand, experienced 20–25% productivity gains. So AI makes the inexperienced faster and the experienced more cautious.

THE FUTURE OF VIBE CODING

Vibe coding won't die. It will just mature over time. It will likely become part of the professional toolbox. This isn't the end of programming, it's the beginning of a new discipline where creativity, responsibility, and AI must coexist.

Karpathy himself has written:

“Ultimately, vibe coding full web apps today is kind of messy and not a good idea for anything of actual importance. But there are clear hints of greatness…”

The future developer becomes an AI orchestrator who formulates visions, designs processes, and evaluates output from a network of AI agents. 

This is the story of how a single tweet from February 2025 set the developer world on fire and created the most controversial trend in modern software development: vibe coding.

WHAT IS VIBE CODING?

Vibe coding is when you describe what you want in natural language to an AI, it generates the code for you, and you can build a website or an app.

“Forget that the code even exists,” as Andrej Karpathy says.

The crucial twist is that vibe coding isn’t just about using AI as a helper. Simon Willison explains the difference precisely:

“If an LLM wrote every line of your code, but you reviewed, tested, and understood all of it, that’s not vibe coding, that’s just using AI as a typing assistant.”

In short, there’s a difference between vibe coding—where the AI writes, you run it, test it, and ship it—and AI-assisted development, where the AI suggests code, you understand it, you edit it, and only then do you ship it.

THE ORIGIN. ANDREJ KARPATHY’S TWEET

February 2025. Andrej Karpathy, OpenAI co-founder and former head at Tesla, tweets:

“There’s a new kind of coding I call ‘vibe coding’, where you fully give in to the vibes, embrace exponentials, and forget that the code even exists.”

He continues:

“I just see stuff, say stuff, run stuff, and copy paste stuff, and it mostly works... I ‘Accept All’ always, I don’t read the diffs anymore.”

As a test case, he built MenuGen, an app that takes photos of restaurant menus and generates images of all the dishes. He didn’t know the difference between “Tagine,” “Cavatappi,” or “Sweetbread.” He let the AI build everything...

A weekend later, the app was done.

Merriam-Webster added “vibe coding” as slang and a trending term the very next month. The rest of the tech world quickly followed.

WHO ARE THE MOST INFLUENTIAL VIBE CODERS?

Andrej Karpathy, the Godfather
Stanford Ph.D., formerly OpenAI, Tesla’s Director of AI. The man who already in 2023 said: “The hottest new programming language is English.”

His philosophy is pragmatic: “Vibe coding full web apps today is kind of messy and not a good idea for anything of actual importance. But there are clear hints of greatness.”

Simon Willison, the Critical Voice
AI researcher and open-source experimenter who has built dozens of vibe-coding projects while simultaneously warning against using it in production.

He proposes the term “vibe engineering” as a more professional version of the phenomenon—where you still experiment but take responsibility for code quality and security. This trend is growing now that I hear Kasper Junge talk more and more about “real software engineering” gathering steam...

Kevin Roose, the Non-Coder Evangelist
New York Times journalist without a technical background who used vibe coding to build “LunchBox Buddy,” an app that analyzes your fridge and suggests lunch.

He calls it “software for one”: small tools built by non-developers for their own needs. One experiment did go wrong, though, and an AI started generating fake product reviews on a test shop. That’s how it is with anything new.

Commercial Pioneers
Y Combinator reported in March 2025 that a quarter of their Winter 2025 startups had codebases that were over 95% AI-generated.

Sweden’s Lovable.dev reached around 100 million dollars in annual revenue in just eight months—perhaps one of the fastest-growing software startups ever. Replit.com went from 10 to 100 million dollars in revenue in nine months after launching their AI Agent. Maybe there’s real money behind this trend too?

THE MOST WELL-KNOWN VIBE CODING TOOLS (as of October 2025)

Lovable.dev (~$25/mo) Builds full web apps from a single prompt. Integrates with Supabase for backend, database, and auth. Loved by founders without a technical background... that’s me. Fastest path to a prototype, but also known for security issues if you’re not attentive.

Replit.com (from $25/mo) Browser-based all-in-one platform. Zero setup, collaboration-friendly, and mobile-friendly. Suitable for both hobby projects and learning. A bit pricey if you hack through the night—there’s an extra meter running.

GitHub Copilot Pro ($10/mo) The AI assistant that lives in your editor and writes code, documentation, and tests for you. It’s strong because it understands the context in your repository—but you must be able to tell when it’s wrong. Copilot is less of a “vibe-builder” and more a turbo for those who already think like developers.

Cursor.com ($20/mo) An AI-native IDE based on VS Code. Preferred by experienced developers who want control. Deep repo context, pull requests, and precise code understanding. Requires technical experience. Less useful for a “non-coder” like me.

Windsurf.com ($15/mo) A lighter variant with professional features at a lower price. Good balance between control and convenience. I’ll admit I haven’t tried it yet.

Bolt.new (Free–$100/mo) Lightweight platform for building Next.js apps directly in the browser. A favorite among beginners. But again, I haven’t tested it myself.

v0.app (Vercel) Focuses on beautiful React components from text prompts. And you can combine inspiration from it with some of the other vibe-coding tools to get even better front ends (a tip I got today from one of my developers).

Claude Code Claude’s terminal-based development tool with strengths in understanding and modifying existing codebases. Includes the ability to set up AI agents and orchestrate sub-agents. The newest feature is “skills,” which you can define. Are you a developer? Try it together with Cursor.com.

THE CULTURE BEHIND VIBE CODING

There’s a new energy in the developer community. Not just technological, but cultural. Vibe coding represents a break with the classic idea that development is about full understanding of every code element.

For the first time, it’s possible to build software without actually “coding”—at least not in the traditional sense. It’s reminiscent of the early Web 2.0 years, when “move fast and break things” was the mantra.

But this time you’re not just breaking interfaces, you’re breaking the discipline itself.

Where development used to be a craft, it is increasingly orchestration. The role shifts from “code-smith” to “AI orchestrator.” You define the vision; the AI does the work.

I orchestrated a GitHub Copilot Agent and watched it build code “live,” then used a Claude Sonnet as a code reviewer because I didn’t understand the code it produced. It took me a couple of days. The result is here: https://ind-sw-eng.github.io/ise/

Karpathy compares it to a new era in creative production: “We’re moving from craftsmanship to concept design. You no longer need to understand the engine to drive the car.”

WHY IT’S TAKING OFF NOW

Three factors have made vibe coding possible:

Agentic AIs: AI systems like Claude, GPT-5, Mistral, and Gemini can remember context, navigate projects, and fix their own errors. I’ve seen it run software tests “live” in my terminal. A pretty trippy experience.
Integrated IDEs (developers’ console): Cursor ties code, tests, and documentation together in one interface. Change-ready developers love it.
Democratization of software: Tools like Lovable and Replit make it possible for non-developers to build apps with no setup and without thinking about code at all.

The combination means that a person with an idea and a text description can go from thought to running web app in under an hour.

THE PROFESSIONAL CONTROVERSY

The question that splits the industry isn’t whether AI can write code—it’s whether it should.

For some developers, vibe coding is a creative free space where innovation happens faster than ever. For others, it’s a flattening of the software craft and a threat to code quality, security, and comprehensibility.

Simon Willison sums up the conflict: “Most of the work we do as engineers is evolving existing systems. If you don’t understand your code, you can’t evolve it.”

Vibe coding is therefore both a promise and a warning. It shows how far AI has come in 2025, but also how quickly control can slip out of our hands when speed and “flow” are prioritized over understanding, ethics, and security. See for yourself in Mats Magnussen’s articles on Version2.dk on the subject.

WHAT IT MEANS FOR YOU

If you work in software development, vibe coding is a more-than-obvious sign of how your role will change.

For developers, it means you need to master prompting, context engineering, reviewing, and debugging AI-generated code—not necessarily writing everything yourself. I’ve managed to “convert” a couple of solid senior developers recently. They realized it was worth investing time in.

For leaders, it means software production is accelerating, but governance, security, and compliance risk being left behind on the platform. When code is generated faster than it can be reviewed, the risk shifts from the technician to the infrastructure—and to the entire organization.

A NEW PARADIGM

Vibe coding is an experiment. The pioneer spirit of the digital age. Fast, imperfect, and full of potential. We like it that way.

As Karpathy said: “The wild west of programming.” And as with any pioneer movement, both gold rush and lawlessness follow.

But one thing is certain: vibe coding is here to stay. It will mature and find its place—perhaps as “vibe software engineering,” perhaps as something entirely different.

The first rule of the new era is simple: vibe all you want, but you’re still responsible for what you build.

Part 2 coming soon: “The Hangover. When AI codes faster than we can think.”

Financial independence is a goal that many of us aspire to achieve. It represents the freedom to live life on our terms, without being bound by financial constraints. While the path to financial independence may seem daunting,