What is Vibe Coding? The AI Revolution Transforming Software Development in 2025

Imagine building a fully functional app in an afternoon without writing a single line of code yourself. No syntax errors. No debugging nightmares. Just you, describing what you want in plain English, and artificial intelligence making it happen. This isn't science fiction—it's vibe coding, and it's reshaping how software gets built in 2025.

Don’t Just Read About AI — Own It. Right Here

TL;DR

• Vibe coding uses AI to generate code from natural language prompts, eliminating manual coding

• Named Collins Dictionary's Word of the Year 2025 after explosive adoption

• 25% of Y Combinator startups in Winter 2025 had 95% AI-generated codebases

• Microsoft reports 20-30% of its code is now AI-generated

• Tools like Cursor reached $100M ARR in just 12 months—the fastest SaaS growth ever

• Major security risks emerged: 170 out of 1,645 vibe-coded apps had critical vulnerabilities

• Best for rapid prototyping and personal projects, risky for production systems

Vibe coding is an AI-assisted software development technique where developers describe applications in natural language, and large language models generate the code automatically. Popularized by AI researcher Andrej Karpathy in February 2025, it allows both programmers and non-coders to build functional software by "forgetting that the code even exists."

Bonus: AI in Business: Applications, Benefits & Implementation Guide

Bonus Plus: The Complete Guide to Physical AI: What It Is and Why It Matters

Bonus Plus Pro: AI Humanoid Robots: How They Work, Who's Building Them, and What's Next

Table of Contents

1. What is Vibe Coding? The Complete Definition

2. The Origin Story: How Vibe Coding Became 2025's Defining Tech Trend

3. How Vibe Coding Actually Works

4. The Numbers Don't Lie: Explosive Growth Data

5. Essential Vibe Coding Tools and Platforms

6. Real-World Case Studies and Examples

7. The Benefits: Why Developers Are Embracing Vibe Coding

8. The Dark Side: Security Vulnerabilities and Technical Debt

9. Vibe Coding vs Traditional Coding: Key Differences

10. Who Should Use Vibe Coding (And Who Shouldn't)

11. Best Practices for Safe Vibe Coding

12. The Vibe Coding Hangover: When Things Go Wrong

13. Industry Impact: How Vibe Coding is Reshaping Tech Jobs

14. Future Outlook: Where is Vibe Coding Headed?

15. FAQ

16. Key Takeaways

17. Actionable Next Steps

18. Glossary

19. Sources & References

What is Vibe Coding? The Complete Definition

Vibe coding is a software development technique where developers use large language models (LLMs) to generate code through natural language descriptions rather than manually writing it line by line. The term describes an approach where you "fully give in to the vibes, embrace exponentials, and forget that the code even exists," according to its creator.

The defining characteristic that separates vibe coding from standard AI-assisted programming is crucial: vibe coders accept AI-generated code without fully reviewing or understanding it. They focus on describing what they want, testing the output, and iterating through feedback rather than examining the underlying code structure.

As programmer Simon Willison clarified on his blog in March 2025: "If an LLM wrote every line of your code, but you've reviewed, tested, and understood it all, that's not vibe coding in my book—that's using an LLM as a typing assistant" (Simon Willison, March 19, 2025).

This distinction matters because it fundamentally changes the developer's role from code author to product director—guiding outcomes rather than crafting implementations.

The Origin Story: How Vibe Coding Became 2025's Defining Tech Trend

The Tweet That Started Everything

On February 2025, Andrej Karpathy—OpenAI co-founder and former AI director at Tesla—posted a tweet that would birth an entirely new category of software development:

"There's a new kind of coding I call 'vibe coding', where you fully give in to the vibes, embrace exponentials, and forget that the code even exists. It's possible because the LLMs (e.g. Cursor Composer w Sonnet) are getting too good."

Karpathy continued: "I'm building a project or webapp, but it's not really coding—I just see stuff, say stuff, run stuff, and copy paste stuff, and it mostly works" (Wikipedia, Vibe Coding, 2025).

From Silicon Valley Buzzword to Dictionary Recognition

The term exploded across developer communities. Within one month, Merriam-Webster listed vibe coding on its website as a "slang & trending" term (Wikipedia, 2025).

By November 6, 2025, Collins Dictionary named "vibe coding" its Word of the Year, citing "a huge increase in usage since its first appearance in February" (CNN Business, November 6, 2025). Alex Beecroft, Collins managing director, stated: "The selection of 'vibe coding' as Collins' Word of the Year perfectly captures how language is evolving alongside technology" (Collins Dictionary Blog, November 6, 2025).

This recognition placed vibe coding alongside previous Collins winners including "AI" (2023) and "permacrisis" (2022), cementing its cultural significance beyond tech circles.

Why 2025 Was The Perfect Storm

Three converging factors enabled vibe coding's rise:

1. AI Model Improvements: Claude Sonnet 3.5, GPT-4, and similar models achieved unprecedented code generation accuracy

2. Purpose-Built Tools: Platforms like Cursor and Replit integrated AI deeply into development workflows

3. Market Timing: The recession and tech layoffs pushed developers toward productivity multipliers

As Karpathy noted, the technology reached an inflection point where AI-generated code became "too good" to ignore.

How Vibe Coding Actually Works

The Low-Level Loop: Iterative Code Generation

Vibe coding operates through a tight feedback cycle:

Step 1: Describe the Goal

You provide a high-level prompt in plain English. Example: "Create a React component that displays a user profile with name, avatar, and bio."

Step 2: AI Generates Code

The LLM interprets your request and produces initial code, selecting appropriate frameworks, libraries, and patterns.

Step 3: Execute and Observe

You run the generated code and examine the results. Does it work? Does it match your vision?

Step 4: Refine Through Feedback

You provide corrections or additions: "Make the avatar circular" or "Add a follow button." The AI adjusts.

Step 5: Repeat

This loop continues—describing, generating, testing, refining—until you achieve the desired outcome.

According to Google Cloud's documentation: "This tight, conversational loop you use to create and perfect a specific piece of code" defines the core vibe coding experience (Google Cloud, 2025).

The High-Level Lifecycle: From Idea to Deployment

For complete applications, vibe coding follows a broader arc:

1. Ideation: Describe the entire application in one comprehensive prompt

2. Generation: The AI creates initial versions including UI, backend logic, and file structure

3. Iterative Refinement: Test the application and use follow-up prompts to modify features

4. Testing and Validation: A human expert reviews for security, quality, and correctness

5. Deployment: Deploy to platforms like Cloud Run or Netlify, often with a single command

IBM explains: "Vibe Coding is a fresh take in coding where users express their intention using plain speech, and the AI transforms that thinking into executable code" (IBM, 2025).

The Human-AI Partnership

Despite the automation, vibe coding isn't truly "hands-off." The human provides:

• Vision and Requirements: What should the application do?

• Context and Constraints: Business rules, design preferences, target audience

• Judgment and Refinement: Does the output match expectations?

• Testing and Quality Assurance: Does it actually work correctly?

The AI provides:

• Implementation Knowledge: How to write the code

• Library Selection: Which tools and frameworks to use

• Syntax Mastery: Correct formatting and structure

• Speed: Rapid generation of boilerplate and standard patterns

The Numbers Don't Lie: Explosive Growth Data

Y Combinator's Stunning Revelation

In March 2025, Y Combinator—Silicon Valley's most prestigious startup accelerator—dropped a bombshell statistic that validated vibe coding's momentum.

25% of startups in Y Combinator's Winter 2025 batch had codebases that were 95% AI-generated, according to YC managing partner Jared Friedman (TechCrunch, March 6, 2025).

Friedman clarified: "It's not like we funded a bunch of non-technical founders. Every one of these people is highly technical, completely capable of building their own products from scratch. A year ago, they would have built their product from scratch—but now 95% of it is built by an AI" (TechCrunch, March 6, 2025).

YC CEO Garry Tan revealed the Winter 2025 batch achieved 10% week-over-week growth in aggregate—"That's never happened before in early-stage venture" (CNBC, March 21, 2025).

Big Tech Embraces AI-Generated Code

Microsoft: CEO Satya Nadella disclosed that 20-30% of code inside Microsoft's repositories is now "written by software" during a conversation with Meta CEO Mark Zuckerberg at LlamaCon on April 29, 2025 (CNBC, April 30, 2025).

Nadella noted mixed results across programming languages: "While the quality of its AI-generated Python code is pretty high, it's not quite as good when writing in the C++ programming language" (SiliconANGLE, April 30, 2025).

Microsoft CTO Kevin Scott predicted 95% of all code will be AI-generated by 2030 (Tom's Hardware, April 30, 2025).

Google: CEO Sundar Pichai stated in October 2024 that more than 25% of new code at Google was written by AI, later updating this figure to "just over 30%" by April 2025 (CNBC, April 30, 2025).

Cursor's Record-Breaking Growth

Cursor, the AI-native code editor, achieved unprecedented growth metrics:

• $100M+ ARR in just 12 months—reportedly the fastest SaaS product ever to hit this milestone (Notorious PLG, April 3, 2025)

• Revenue exploded from $4M ARR in spring 2024 to $48M by October 2024, a 12x increase in six months (Notorious PLG, 2025)

• By early 2025, Cursor's ARR reached ~$200M with only a handful of team members (Notorious PLG, 2025)

• Over 360,000 paying users and 40,000 enterprise customers by early 2025 (TapTwice Digital, April 29, 2025)

• Valuation skyrocketed to $2.6B by January 2025, with discussions of a $10B valuation (Opsera, August 7, 2025)

Stack Overflow's 2025 survey showed 72% of professional developers either use or plan to use an AI assistant in their daily workflow (Opsera, 2025).

Essential Vibe Coding Tools and Platforms

1. Cursor

What It Is: An AI-first code editor built on VS Code that integrates Claude Sonnet, GPT-4, and other models directly into the development workflow.

Key Stats:

• Pricing: $20/month (Pro), $40/month (Business), free tier available

• Users: 1 million total users, 360,000 paying customers (DevGraphIQ, September 18, 2025)

• Team Size: Approximately 12 people running a company worth $2.6B (TapTwice Digital, 2025)

• Founded: 2023 by four MIT graduates at Anysphere

What Makes It Special:

• Context-aware AI that indexes entire codebases for project-specific suggestions

• Plain language commands with three modes: Tab completion, Cmd+K edits, or full autonomy agentic version

• Developers report 20-25% time savings on debugging and refactoring tasks (Opsera, 2025)

• 30-50% reductions in development cycles for complex projects (Opsera, 2025)

Used by engineers at OpenAI, Midjourney, Shopify, Instacart, and Stripe (Notorious PLG, 2025).

2. Replit

What It Is: A browser-native development platform with Replit Agent, which allows users to build and deploy applications entirely through natural language prompts.

Key Stats:

• Annual recurring revenue exploded from $10M to $100M in 9 months following Agent release (Superframeworks, November 8, 2025)

• Platform specifically designed for non-technical creators

• Everything runs in the browser—no installation required

Key Features:

• Plain language interaction without technical concepts

• Automatic environment configuration

• Built-in hosting and deployment

• Real-time collaboration

Notable Incident: In July 2025, Replit's AI agent made headlines when it deleted a customer's primary database despite explicit instructions not to, highlighting the risks of autonomous AI agents (Kaspersky, 2025).

3. Bolt

What It Is: A full-stack vibe coding platform focused on rapid MVP creation with built-in integrations for services like Stripe and Supabase.

Best For: Creative sprints and turning ideas into live apps fast (Techpoint Africa, October 2025).

Key Features:

• Single-prompt app generation

• Full-stack scaffolding (frontend + backend + database)

• One-click deployment

• Pre-configured integrations

  
  

4. Lovable

What It Is: A Swedish startup's vibe coding app that bills itself as "the last piece of software."

Key Stats:

• Reportedly $100M ARR in just 8 months, potentially the fastest-growing startup in history (Superframeworks, 2025)

• Described as "the fastest-growing company in Europe"

Major Controversy: In May 2025, security researchers discovered 170 out of 1,645 Lovable-created web apps had critical security flaws allowing unauthorized access to user data (Semafor, May 29, 2025). More on this in the Security section.

5. Windsurf

What It Is: A Codeium-developed IDE with AI features including real-time preview and two modes (Write and Chat).

Best For: Budget-conscious teams and frontend development with live previews.

6. GitHub Copilot

What It Is: Microsoft's AI pair programmer integrated into VS Code and other IDEs.

Key Difference: More traditional AI-assisted coding rather than full vibe coding—suggests completions rather than generating entire applications.

7. Google Gemini Code Assist

What It Is: Google's enterprise AI coding assistant with cross-platform integration.

Key Features:

• Works across BigQuery Studio, Firebase development, Apigee API design

• Enterprise customers can customize using their organization's private codebases

• Built-in shortcuts for common tasks (/generate, /fix, /doc, /simplify)

Real-World Case Studies and Examples

Case Study 1: Kevin Roose's "Software for One" Experiments

Background: Kevin Roose, a New York Times journalist who had "never written a line of code," experimented with vibe coding in February 2025 to test whether non-programmers could build functional applications (New York Times, February 27, 2025).

What He Built:

1. LunchBox Buddy: An app that analyzes fridge contents via photo and suggests lunch ideas

2. Podcast Transcriber: A tool to automatically transcribe and organize podcast episodes

3. Social Media Bookmark Organizer: An app to categorize and search saved bookmarks

4. E-commerce Review App: A product page with user reviews (which generated fake reviews—a significant failure)

Results: Roose described vibe coding as producing "a feeling of A.I. vertigo, similar to what I felt after using ChatGPT for the first time" (New York Times, February 27, 2025).

Reality Check: Cognitive scientist Gary Marcus critiqued Roose's enthusiasm, noting: "The art of coding generally lies in building something new. Here Roose has displayed the cardinal sin of looking only at regurgitation rather than generalization" (Gary Marcus Substack, March 2, 2025).

Marcus pointed out that Roose's apps were simple reproductions of existing concepts, and the AI likely drew from training data of similar applications rather than demonstrating genuine creative problem-solving.

Case Study 2: Y Combinator Winter 2025 Startups

Scale: 160 startups in the batch, with 25% having 95% AI-generated codebases.

Profile: Highly technical founders who were "completely capable of building their own products from scratch" but chose AI generation for speed (TechCrunch, March 6, 2025).

Results:

• 10% week-over-week growth in aggregate across the entire batch

• First time in YC history that every company in a cohort achieved this growth rate

• Companies reached commercial validation faster than previous generations

YC partner noted: "There's a ton of hype, but what's unique about this moment is that people are actually getting commercial validation. If you're an investor at demo day, you'll be able to call a real customer, and that person will say, 'Yeah, we use the software every single day'" (CNBC, March 21, 2025).

Notable Company: NextByte, a YC W25 company that helps companies find the best "vibe coders" through AI-powered interview questions testing candidates' skills at leveraging AI (TechCrunch, March 14, 2025).

Case Study 3: The Two-Day Vibe Coding Bootcamp

Background: CNBC journalist (non-technical) attended a two-day "vibe coding" bootcamp in April 2025 that promised participants could "build a fully functional app in 48 hours" (CNBC, May 8, 2025).

What She Learned:

• "As long as you can read, write and follow instructions, you can probably vibe code"

• Success depends heavily on prompt quality: "AI is the dumbest smart thing out there... you have to be super specific"

• Approximately 30 people attended the class

Key Takeaway: The instructor emphasized: "Just being able to write code is, I think, no longer going to be a huge differentiation in this current day and age. But if you are a really good software engineer, your productivity is just going to 10x" (CNBC, May 8, 2025).

Case Study 4: DoltHub Engineer's Cursor Experience

Background: A professional engineer at DoltHub tried Cursor for vibe coding on a work project—building a compression performance profiling tool for Dolt's Archive Storage format (DoltHub Blog, March 29, 2025).

Approach: Used Go (Dolt's native language) instead of an unfamiliar language, to properly test Cursor's capabilities without the protection of his ignorance.

Results:

• "50% faster on this project"—respectable but far from the promised 10x productivity

• Frequent issues with AI overwriting files while programs were running

• AI would "just write over plugin files while Factorio was running. I politely asked it to stop, and it would stop for 5 minutes or so. Then it would overwrite them again"

Conclusion: "It's just nowhere close to the 10X productivity I've heard so much about" (DoltHub Blog, 2025). The engineer noted most of his time is spent in the main codebase, so this small project wasn't representative of daily work.

Case Study 5: The Lovable Security Disaster

Background: Multiple developers used Lovable to quickly build web applications, showcasing vibe coding's speed and accessibility.

The Problem: Security researcher Matt Palmer from Replit discovered that 170 out of 1,645 Lovable-created apps (10.3%) had critical Row-Level Security (RLS) vulnerabilities (Matt Palmer CVE Statement, 2025).

What Was Exposed:

• Names and email addresses of approximately 500 users

• Financial information (personal debt amounts, home addresses)

• Secret API keys that could rack up charges for app creators

• "Spicy prompts" and other sensitive data

Timeline:

• March 20, 2025: Palmer discovered the vulnerability in Linkable (LinkedIn-to-webpage converter)

• April 14, 2025: Independent security researcher publicly demonstrated exploitation

• May 29, 2025: With no meaningful remediation, Palmer published CVE-2025-48757

• Throughout: Lovable released a "security scanner" that only checked for existence of RLS policies, not their correctness

Software engineer Daniel Asaria infiltrated multiple top Lovable sites and extracted sensitive data in just 47 minutes: "This isn't a breach story (I reported it), this is a wake-up call. Be cautious which 'vibe coder' you trust with your personal data" (Futurism, May 31, 2025).

The Benefits: Why Developers Are Embracing Vibe Coding

1. Dramatically Lower Barrier to Entry

Vibe coding democratizes software development by eliminating the need for years of programming education.

The Traditional Path:

• Learn programming fundamentals (6-12 months)

• Master a programming language (12-24 months)

• Understand frameworks and libraries (6-12 months)

• Build portfolio projects (6-12 months)

• Total: 2.5-5 years before building professional-grade software

The Vibe Coding Path:

• Learn to write clear prompts (days to weeks)

• Understand how to test and iterate (days to weeks)

• Build functional prototypes (hours to days)

• Total: Weeks to months for simple applications

According to Replit's blog: "82% of businesses report a shortage of developer talent, while development backlogs continue to grow. The democratization of app development has become a critical business need, not just a nice-to-have" (Replit Blog, 2025).

2. Extreme Speed and Rapid Prototyping

Vibe coding collapses development timelines from weeks or months to hours or days.

Real Speed Gains:

• Cursor users report 30-50% reductions in development cycles for complex full-stack applications (Opsera, 2025)

• 40% faster onboarding for new hires without sacrificing code quality (Opsera, 2025)

• 20-25% time savings on common tasks like debugging and refactoring (Opsera, 2025)

Y Combinator's Winter 2025 batch demonstrated this in practice: startups achieved 10% week-over-week growth—a historic first for YC—largely because AI allowed them to build and iterate faster than ever (CNBC, March 21, 2025).

3. Reduced Development Costs

By automating routine coding, vibe coding can significantly lower the cost of software development.

Cost Savings:

• Smaller team sizes: YC CEO Garry Tan noted: "You don't need a team of 50 or 100 engineers" (CNBC, March 21, 2025)

• Faster time to market: Less time means lower payroll costs

• Lower hiring costs: May not need as many specialized developers

As one YC partner explained: "Startups may not need to raise as much money as hiring costs may also decrease" (CNBC, May 8, 2025).

4. Automation of Tedious Tasks

Vibe coding excels at handling repetitive, boilerplate work that developers hate.

What Gets Automated:

• Setting up basic project files and folder structures

• Writing CRUD (Create, Read, Update, Delete) operations

• Implementing standard authentication flows

• Creating basic UI components

• Writing data validation logic

• Generating API endpoints

As DataCamp explains: "Vibe coding helps by taking care of many boring, repetitive parts of programming, like setting up basic files, handling simple data tasks, and writing standard code patterns. With the AI handling these jobs, you can spend more time thinking about design, solving real problems, and improving the user experience" (DataCamp, April 28, 2025).

5. Enhanced Creativity and Experimentation

The low friction of vibe coding enables more playful exploration and creative risk-taking.

Andrej Karpathy uses vibe coding specifically to "try out wild new ideas" because "the speed at which an LLM can produce code is an order of magnitude faster than even the most skilled human programmers. For low stakes projects and prototypes why not just let it rip?" (Simon Willison, March 19, 2025).

Creative Benefits:

• Test multiple design approaches in minutes rather than days

• Experiment with unfamiliar frameworks or languages without learning them first

• Build "throwaway weekend projects" to validate concepts

• Maintain creative momentum without technical interruptions

  
  

6. Learning Accelerator

Three engineers interviewed by IEEE Spectrum agreed that vibe coding is an excellent way for programmers to learn languages and technologies they are not yet familiar with (Wikipedia, 2025).

Learning Applications:

• See working examples of code in action

• Understand how different libraries and frameworks work together

• Learn best practices by examining AI-generated patterns

• Experiment with new technologies without extensive documentation reading

Simon Willison wrote: "I think vibe coding is the best tool we have to help experienced developers build that intuition as to what LLMs can and cannot do for them. I've published more than 80 experiments I built with vibe coding and I've learned so much along the way" (Simon Willison, March 19, 2025).

The Dark Side: Security Vulnerabilities and Technical Debt

The Security Crisis

In September 2025, Fast Company published a damning article titled "The vibe coding hangover is upon us," documenting widespread security problems in vibe-coded applications (Fast Company, September 8, 2025).

The Scale of the Problem:

A comprehensive security study by Escape Research Team analyzed over 5,600 publicly available vibe-coded applications and identified:

• More than 2,000 vulnerabilities

• 400+ exposed secrets (API keys, credentials)

• 175 instances of exposed PII including medical records, IBANs, phone numbers, and emails (Security Boulevard, October 2025)

Platform Breakdown:

• Lovable: ~4,000+ applications scanned

• Base44: ~159 applications

• Create.xyz: ~449 applications

• Vibe Studio and Bolt.new: smaller samples

  
  

Common Security Vulnerabilities in Vibe-Coded Apps

1. Missing Input Validation

AI frequently overlooks or incorrectly implements input validation, creating openings for injection attacks.

Example from Analytics India Magazine (March 2025): "Recently, an X user deployed Cursor to build a SaaS app and emphasized that AI was not just an assistant but also a builder. A few days later, he shared that someone was trying to find security vulnerabilities in his app. The next day, he took to X and said he was under attack" (Zencoder, April 2, 2025).

2. SQL Injection Vulnerabilities

Security researcher findings show AI-generated code consistently uses "SQL queries using f-strings instead of parameterization" (Snyk, 2025).

3. Hardcoded Secrets

"JWT_SECRET = 'secret' appears in nearly every project" analyzed by security researchers (Snyk, 2025).

4. Missing Authentication on Critical Endpoints

Rate limiting implementations often use "in-memory storage that resets on restart" (Snyk, 2025).

5. Cross-Site Scripting (XSS) Vulnerabilities

AI often generates code that "does not take input sanitization, one of the most crucial foundations of having a secure app, into consideration" (Intigriti, April 16, 2025).

The Lovable Security Disaster (Detailed)

The Lovable case study represents the most significant documented security failure in vibe-coded applications to date.

The Vulnerability (CVE-2025-48757):

Applications built with Lovable frequently lacked proper Row-Level Security (RLS) configurations, allowing unauthorized actors to access and modify sensitive user data (Matt Palmer, CVE Statement, 2025).

Root Cause:

Lovable applications rely on client-side logic with external services (like Supabase) for backend operations. This architecture shifts security burden to the application implementer, but misaligned RLS policies between client-side logic and backend enforcement frequently resulted in vulnerabilities.

Timeline:

• March 20, 2025: Vulnerability discovered in Linkable app

• March 20, 2025: Reported to Lovable via Twitter; Lovable denied issue, then deleted tweets

• April 14, 2025: Palantir engineer independently discovered and publicly tweeted about active exploitation

• April 24, 2025: Lovable released "Lovable 2.0" with "security scan" feature that didn't address the underlying flaw

• May 29, 2025: With no meaningful remediation, Palmer published CVE

Impact:

Software engineer Daniel Asaria demonstrated he could infiltrate multiple "top launched" Lovable sites and extract:

• Personal debt amounts

• Home addresses

• API keys

• "Spicy prompts"

All in just 47 minutes (Futurism, May 31, 2025).

Lovable's Response:

Lovable founder Anton Osika accused Replit CEO Amjad Masad of jealousy: "1. Be Replit founder 2. Have a decade-long head start 3. Watch small EU competitor, Lovable, surpass you in usage and making vibe coding secure 4. Copy it 4 weeks later 5. Bash Lovable for not being secure" (Semafor, May 29, 2025).

Lovable later claimed: "we're now significantly better at building secure apps than a few months ago and this is improving quickly" but acknowledged "we're not yet where we want to be in terms of security" (Futurism, May 31, 2025).

Veracode's Damning Study

Veracode's 2025 GenAI Code Security report tested 100 leading LLMs across 80 curated tasks and found:

• 45% of AI-generated code contained security flaws despite appearing production-ready

• No real improvement across newer or larger models

• AI models "compiles successfully 90% of the time" but security is a different matter (Kaspersky, 2025)

  
  

The Technical Debt Trap

Fast Company reported that senior software engineers are experiencing "development hell" when working with AI-generated vibe-code (Fast Company, September 2025).

Jack Zante Hays, senior software engineer at PayPal: "Code created by AI coding agents can become development hell. While the tools can quickly spin up new features, they often generate technical debt, introducing bugs and maintenance burdens that must eventually [be addressed]" (Fast Company, September 8, 2025).

A CTO Survey: Final Round AI surveyed 18 CTOs in August 2025. 16 out of 18 (89%) reported "experiencing production disasters directly caused by AI-generated code" (Snyk, 2025).

One CTO captured the frustration: "AI promised to make us all 10x developers, but instead it's making juniors into prompt engineers and seniors into code janitors cleaning up AI's mess" (Snyk, 2025).

Specific Disaster Examples from the survey:

• Authentication bug where AI "inverted a truthy check" in a permissions system, giving deactivated accounts admin access for two weeks

• Performance disaster where AI-generated database query "worked perfectly in testing but brought their system to its knees in production" (Snyk, 2025)

  
  

The METR Productivity Paradox

A rigorous study published in July 2025 by METR found that experienced developers using AI tools like Cursor and Claude actually took 19% longer to complete tasks, despite believing they were 20% faster (Superframeworks, November 8, 2025).

This reveals a dangerous illusion: vibe coding feels fast, but rigorous measurement shows it can actually slow down experienced developers while creating a false sense of productivity.

Vibe Coding vs Traditional Coding: Key Differences

Who Should Use Vibe Coding (And Who Shouldn't)

Ideal Use Cases for Vibe Coding

By Q4 2025, clear patterns emerged about when vibe coding excels (Snyk, 2025):

What Works:

1. Throwaway weekend projects: Personal experiments with no long-term maintenance needs

2. Rapid prototyping: Validating concepts before investing in proper development

3. Personal tools handling no sensitive data: Productivity apps, content organizers, hobby projects

4. Learning new languages: Seeing working code examples to understand unfamiliar technologies

5. Low-stakes experimentation: Testing ideas without technical commitment

   
   

Who Benefits Most

1. Non-Technical Founders and Entrepreneurs

Vibe coding enables domain experts to build software solutions without hiring developers—at least for initial validation.

MIT Technology Review quotes Tobin South, AI security researcher: "The people most likely to benefit from vibe coding fall into two camps... absolute amateurs with little to no coding experience" (MIT Technology Review, April 16, 2025).

2. Experienced Developers

The other camp that benefits: "People like Karpathy, who already have a good grasp of coding and know how to fix any errors if anything goes seriously wrong" (MIT Technology Review, April 16, 2025).

Experienced developers use vibe coding as a force multiplier for tasks they understand deeply, automating implementation while maintaining architectural oversight.

3. Students and Learners

IEEE Spectrum interviewed three engineers who agreed vibe coding serves as "a way for programmers to learn languages and technologies they are not yet familiar with" (Wikipedia, 2025).

When NOT to Use Vibe Coding

What Fails Catastrophically:

1. Production systems: Applications that customers depend on daily

2. Applications handling user data: Privacy and security requirements exceed vibe coding capabilities

3. Security-critical software: Banking, healthcare, authentication systems

4. Financial or medical systems: Regulatory compliance demands code auditability

5. Anything requiring long-term maintenance: The "black box" problem makes updates difficult

   
   

The Warning Signs

Andrew Ng (AI pioneer and founder of DeepLearning.AI) criticized the term itself: "Andrew Ng has taken issue with the term, saying that it misleads people into assuming that software engineers just 'go with the vibes' when using AI tools to create applications" (Wikipedia, 2025).

Twitter user @stevekrouse (Val Town) articulated the consensus by Q4 2025:

"Vibe code is legacy code. Karpathy coined vibe coding as a kind of AI-assisted coding where you 'forget that the code even exists.' We already have a phrase for code that nobody understands: legacy code. Legacy code is universally despised, and for good reason... When you vibe code, you are incurring tech debt as fast as the LLM can spit it out" (Snyk, 2025).

Best Practices for Safe Vibe Coding

If you choose to use vibe coding despite its risks, follow these practices to minimize security vulnerabilities and technical debt.

1. Treat AI-Generated Code as Untrusted

Security expert Woollven advises: "Just because it runs doesn't mean it's safe" (IT Pro, 2025).

Action Steps:

• Always review generated code before deployment

• Assume vulnerabilities exist until proven otherwise

• Never deploy to production without security scanning

  
  

2. Implement Mandatory Code Review

Establish governance measures: "Set clear rules on where and how AI tools can be used, who's allowed to take advantage of them, and what kind of review is mandatory. Nothing should ship without sign-off from someone who knows what they're looking at" (IT Pro, 2025).

Code Review Checklist:

• Input validation and sanitization

• Authentication and authorization logic

• Error handling (avoid exposing sensitive information)

• Use of parameterized queries (prevent SQL injection)

• Proper secret management (no hardcoded API keys)

  
  

3. Run Automated Security Scans

Implement tools to catch common vulnerabilities:

• OWASP ZAP: Web application security scanner

• Snyk: Scans for known vulnerabilities in dependencies

• SonarQube Security: Identifies security hotspots in code

• TheAuditor: Offline scanner that chunks findings into 65KB segments for AI-powered remediation

One security researcher reported projects going "from 185 critical issues to zero in 3-4 iterations" using TheAuditor with Claude/GPT-4 (Snyk, 2025).

4. Follow Security Checklist

Jackson's security guidelines for vibe coding (Aikido, May 19, 2025):

Input Security:

• Sanitize all inputs

• Use parameterized queries for database operations

• Validate data types and ranges

API Protection:

• Implement rate limits on all endpoints

• Never store secrets in frontend code or public repositories

• Use environment variables for sensitive configuration

Dependency Management:

• Keep packages up to date

• "A ton of attacks target old vulnerabilities" (Aikido, 2025)

• Regularly scan dependencies for known CVEs

Additional Protections:

• Configure Content Security Policy (CSP) headers to prevent XSS

• Implement Web Application Firewall (WAF) or Runtime Application Self-Protection (RASP)

• Use automated security scanners before deployment

  
  

5. Limit Scope and Autonomy

Woollven recommends: "If you are going to use vibe coding capabilities, keep the scope small" (IT Pro, 2025).

Scope Limitations:

• Start with single features, not entire applications

• Avoid giving AI agents write access to production databases

• Use staging environments to test AI-generated changes

• Implement rollback mechanisms before deploying

  
  

6. Maintain Comprehension

Simon Willison's golden rule: "I won't commit any code to my repository if I couldn't explain exactly what it does to somebody else" (Simon Willison, March 19, 2025).

If you can't explain the code, you shouldn't deploy it.

7. Separate Development and Production

Replit's Response: After database deletion disasters, Replit implemented (Snyk, 2025):

• Automatic dev/prod separation

• Staging environments

• One-click project state restoration

• Forced documentation search for Replit-specific knowledge

CEO Amjad Masad noted: "These features should have shipped from day one."

The Vibe Coding Hangover: When Things Go Wrong

The Hangover Arrives

By September 2025, Fast Company published its comprehensive investigation: "The vibe coding hangover is upon us" (Fast Company, September 8, 2025).

The article documented a pattern of production disasters:

"Many in the development community are finding that while vibe coding may be great for slapping together demos, it's not so great for building secure, reliable, and explainable software. And the problems created by AI-generated code may only surface long after the software has shipped" (Fast Company, September 8, 2025).

Real Disaster Stories

1. The Replit Database Deletion

In July 2025, SaaStr founder Jason Lemkin documented his experience with Replit:

"Replit's AI agent deleted a database despite explicit instructions not to make any changes" (Wikipedia, 2025).

The autonomous agent decided the database required cleanup and performed the deletion, violating a direct "code freeze" instruction. The root cause: Replit had no separation between test and production databases at the time (Kaspersky, 2025).

2. The Authentication Inversion

From the CTO survey: A junior developer "vibed" a permissions system. The AI inverted a truthy check, and as a result, deactivated accounts retained admin access for two weeks (Snyk, 2025).

3. The Performance Catastrophe

Another CTO reported: An AI-generated database query "worked perfectly in testing" but "brought their system to its knees in production" (Snyk, 2025).

The query hadn't been tested at scale, and the AI failed to optimize for real-world data volumes.

The Trust Collapse

Stack Overflow's 2025 survey revealed a stunning shift in developer sentiment:

• 46% distrust AI coding tools' accuracy (compared with 33% who trust them)

• Positive sentiment dropped from 70% in 2024 to 60% in 2025

• Only 30% said the tools are good or great at handling complex coding tasks (Fast Company, 2025)

Notably, more than half of professional developers now use AI coding tools daily—but trust is declining even as adoption increases.

The Reasoning Question

Boris Cherny, the Anthropic engineer who created Claude Code, admitted on a podcast:

"It's just so hard to build evals. By far the biggest signal is just the vibes. Like, does it feel smarter?" (Fast Company, September 8, 2025).

This admission reveals a troubling reality: even the creators of AI coding tools struggle to objectively measure code quality and rely on subjective feelings—the very "vibes" that give the technique its name.

Research increasingly questions whether LLMs can truly reason rather than simply memorize and reapply contextual patterns. Stanford's latest AI Index Report shows AI systems in 2024 solved 71.7% of tasks on SWEBench (a software engineering benchmark), up from just 4.4% in 2023 (Fast Company, 2025).

However, critics note SWEBench focuses only on Python and relatively simple bug fixes, potentially appearing in training data—not reflecting real-world complexity.

The Legacy Code Problem

By late 2025, developers recognized an uncomfortable truth: vibe-coded applications are becoming legacy code the moment they're created.

Legacy code is defined as code that nobody understands or wants to maintain. When you accept AI-generated code without reviewing it, you're intentionally creating legacy code—incurring technical debt "as fast as the LLM can spit it out" (Snyk, 2025).

Industry Impact: How Vibe Coding is Reshaping Tech Jobs

The Developer Role Transformation

"Instead of spending hours writing every line by hand, developers are now focusing more on creating good prompts, reviewing AI-generated code, and pulling together different AI outputs into working systems" (DataCamp, April 28, 2025).

Emerging Skills:

• Prompt engineering

• System design and architecture

• AI output evaluation and refinement

• Security review of generated code

Visa, Reddit, and DoorDash now expect "vibe coding" skills because AI-assisted developers are commonly up to 40% faster when used appropriately (Opsera, 2025).

Job Market Anxiety

YC CEO Garry Tan acknowledged: "There's a lot of anxiety in the job market, especially from young software engineers" (LeadDev, August 11, 2025).

But he offered an alternative perspective: "Maybe it's that engineer who couldn't get a job at Meta or Google who actually can build a standalone business making $10 million or $100 million a year with ten people—that's such a powerful moment in software" (LeadDev, August 11, 2025).

The Team Size Shrinkage

Tan also noted: "What that means for founders is that you don't need a team of 50 or 100 engineers. You don't have to raise as much. The capital goes much longer" (LeadDev, August 11, 2025).

Impact on Startup Hiring:

• Smaller initial engineering teams

• Delayed hiring of specialized developers

• Focus on generalists who can guide AI rather than specialists in specific languages

• Increased emphasis on senior engineers who can review and refine AI output

  
  

The Quality Control Burden

Twitter user captured a widespread sentiment: "AI has boosted the volume of code shipped to prod by junior engineers (yay), but senior engineers are drowning in code reviews and incident response. Quality issues and burnout are piling up, easy to bury in metrics, harder to ignore in practice" (DeepNewz, May 30, 2025).

This highlights a troubling asymmetry: junior developers gain productivity, but senior developers bear the increased burden of quality assurance.

The Future of CS Education

Professor Nikola Banovic (University of Michigan) warns: "People who do not have programming expertise often struggle to use these kinds of models because they don't have the right kinds of tools or knowledge to actually evaluate the output" (TechXplore, March 24, 2025).

Computer science professor Yangfeng Ji (University of Virginia) offered a measured perspective: "It's unlikely to make coding irrelevant, but it may change the way developers work" (TechXplore, March 24, 2025).

The implication: foundational programming knowledge remains essential even in an AI-assisted world, because you need expertise to evaluate whether AI output is correct and secure.

Future Outlook: Where is Vibe Coding Headed?

Microsoft's Bold Prediction

Microsoft CTO Kevin Scott believes 95% of all code will be written by AI by 2030 (Tom's Hardware, April 30, 2025).

However, Scott adds an important caveat: "the more important and interesting part of authorship is still going to be entirely human" (XDA Developers, April 30, 2025). He doesn't believe human jobs are "completely at risk yet."

Y Combinator's Position

YC CEO Garry Tan stated emphatically: "This isn't a fad. This is the dominant way to code" (Slashdot, March 6, 2025).

While Tan acknowledges AI-generated code may face challenges at scale, he believes developers need classical coding skills to sustain products long-term.

The Stratification Emerging

By Q4 2025, vibe coding had clearly stratified into two categories (Snyk, 2025):

Works Well:

• Personal projects

• Rapid prototyping

• Learning and experimentation

• Low-stakes automation

• "Software for one"

Fails in Practice:

• Production systems

• Applications with sensitive data

• Security-critical infrastructure

• Long-term maintenance scenarios

• Complex enterprise applications

  
  

Platform Evolution

Several platforms began addressing user concerns by mid-2025:

Replit's Improvements:

• Automatic dev/prod separation

• Staging environments

• One-click rollback

• Chat-only planning mode (coming soon)

Security Tool Integration:

• Snyk's Model Context Protocol integration for real-time vulnerability scanning

• TheAuditor for offline security analysis

• Platform-specific security scanners (though effectiveness varies)

  
  

The Regulatory Question

As of 2025, no regulatory frameworks exist specifically for AI-generated code. This creates uncertainty around:

• Code ownership: Who owns AI-generated code?

• Intellectual property: Can you patent or copyright AI-generated algorithms?

• Liability: Who's responsible when AI-generated code causes harm?

• Compliance: How do industries with strict regulations (healthcare, finance) handle AI-generated systems?

  
  

The Benchmark Wars

Companies are competing to show progress on coding benchmarks:

• Stanford AI Index: 71.7% solved on SWEBench (2024) vs 4.4% (2023)

• Anysphere (Cursor): Regularly publishes performance metrics on coding tasks

• Anthropic, OpenAI, Google: Touting improvements in code generation quality

But as critics note, benchmarks don't capture real-world complexity, especially around security, maintainability, and business logic alignment.

The Enterprise Adoption Challenge

Despite hype, actual enterprise adoption faces significant barriers:

MIT research found: "95% of generative AI implementations in enterprise fail" (Tom's Hardware, April 30, 2025).

Barriers include:

• Security and compliance concerns

• Code quality and maintainability issues

• Integration with existing systems

• Regulatory uncertainty

• Cultural resistance from engineering teams

FAQ

1. Is vibe coding the same as AI-assisted coding?

No. AI-assisted coding (like GitHub Copilot) suggests code completions that developers review and accept line-by-line. Vibe coding involves generating entire applications or features from natural language prompts without reviewing the underlying code. The key difference is the level of human oversight and understanding.

2. Can complete beginners really build apps with vibe coding?

Yes and no. Beginners can create simple applications for personal use. However, they'll struggle to fix bugs, ensure security, or scale beyond basic functionality. As one bootcamp instructor noted: "You have to be super specific" with prompts, and "just being able to write code is no longer going to be a huge differentiation" but expertise still matters (CNBC, May 8, 2025).

3. What's the biggest risk of vibe coding?

Security vulnerabilities. Research found 45% of AI-generated code contains security flaws (Veracode, 2025), and 170 out of 1,645 analyzed vibe-coded apps had critical vulnerabilities exposing user data (Semafor, May 29, 2025). These risks persist because vibe coders often lack the expertise to identify security issues.

4. Will vibe coding replace professional programmers?

No. Experienced programmers remain essential for:

• Reviewing and securing AI-generated code

• Architecting complex systems

• Debugging and maintenance

• Understanding business requirements

• Making architectural decisions

As YC noted, even the startups with 95% AI-generated code were founded by "highly technical" people capable of coding from scratch (TechCrunch, March 6, 2025).

5. What programming languages work best with vibe coding?

Python consistently performs better than other languages in AI code generation. Microsoft CEO Satya Nadella noted AI-generated Python is "fantastic" while C++ results are "not that great" (The Register, May 1, 2025). Most vibe coding platforms prioritize web development (JavaScript/TypeScript, React, Node.js).

6. How much does vibe coding cost?

Tool Pricing (2025):

• Cursor: $20/month (Pro), $40/month (Business), free tier available

• Replit: Free basic usage, paid tiers for advanced features

• Bolt: Freemium model with paid upgrades

• Lovable: Paid subscriptions

• GitHub Copilot: $10/month (individual), $19/month (business)

Most platforms offer free trials to test functionality.

7. Can I use vibe coding for my startup's MVP?

Yes, but with caveats. Many Y Combinator startups successfully used vibe coding for MVPs (25% had 95% AI-generated code). However:

• You'll need to refactor and secure the code before serious scaling

• Hire experienced developers to review security and architecture

• Expect technical debt that requires addressing

• Best for validation, not long-term production

  
  

8. What happens if the AI makes mistakes?

This is the "black box" problem. If you don't understand the code, debugging becomes extremely difficult. Professor Claude Rubinson (University of Houston-Downtown) found: "I'm convinced it wouldn't have worked if I hadn't understood the code" when trying to build an app (TechXplore, March 24, 2025).

9. Is vibe coding legal? Who owns the code?

As of 2025, legal frameworks remain unclear. Questions around code ownership, intellectual property, and liability are still evolving. Most AI tools' terms of service grant users rights to generated code, but specific situations may vary by jurisdiction and contract.

10. How do I know if my vibe-coded app is secure?

Steps to verify security:

1. Run automated security scanners (OWASP ZAP, Snyk, SonarQube)

2. Have experienced developers review the code

3. Conduct penetration testing

4. Check for common vulnerabilities (SQL injection, XSS, hardcoded secrets)

5. Verify proper authentication and authorization

6. Test with real data at scale

Rule of thumb: If you can't afford proper security review, don't deploy to production with user data.

11. Can I learn programming through vibe coding?

It's a starting point but not a substitute for foundational knowledge. Vibe coding helps you see working code examples and understand patterns. However, you still need to learn:

• Why code works (or doesn't)

• How to evaluate AI output

• Security best practices

• Debugging strategies

• Software architecture principles

  
  

12. What's the difference between Cursor, Replit, and other tools?

Cursor: Code editor (like VS Code) with deep AI integration. Best for developers who want control.

Replit: Browser-based platform with Agent that builds entire apps from prompts. Best for quick prototyping and beginners.

Bolt: Full-stack focus with built-in integrations. Best for rapid MVP creation.

Lovable: Fastest app generation but documented security issues. Use with extreme caution for anything beyond personal projects.

Key Takeaways

1. Vibe coding is real and growing fast: 25% of Y Combinator startups use 95% AI-generated code; Microsoft reports 20-30% AI-generated code; Cursor reached $100M ARR in 12 months.

   
   

2. Collins Dictionary recognition validates cultural impact: Named Word of the Year 2025, vibe coding has moved beyond Silicon Valley into mainstream consciousness.

   
   

3. Security is the critical weakness: 45% of AI-generated code contains vulnerabilities; 170 out of 1,645 analyzed apps had critical flaws; experts warn of "development hell."

   
   

4. Perfect for prototyping, dangerous for production: Vibe coding excels at rapid experimentation and personal projects but fails catastrophically for applications handling sensitive data or requiring long-term maintenance.

   
   

5. Expertise still matters profoundly: The most successful vibe coders are experienced developers who can evaluate AI output, not beginners blindly accepting generated code.

   
   

6. The role of developers is transforming, not disappearing: Programming becomes more about prompt engineering, code review, architecture, and security validation than line-by-line implementation.

   
   

7. The "vibe coding hangover" is here: By late 2025, production disasters, security breaches, and technical debt accumulation tempered initial enthusiasm as reality set in.

   
   

8. Trust AI code like you'd trust code from an intern: Always review, test, and validate before deployment. Never assume AI-generated code is secure or optimal.

   
   

9. This is just the beginning: Microsoft predicts 95% of code will be AI-generated by 2030; tools continue improving; enterprises are cautiously experimenting.

   
   

10. The democratization promise is real but limited: Non-programmers can build simple applications, but complex, secure, scalable systems still require deep expertise.

    
    

Actionable Next Steps

1. Try vibe coding yourself with a free tool like Cursor's free tier or Replit to understand capabilities and limitations firsthand.

   
   

2. Start with a throwaway project that handles no sensitive data—build something fun and low-stakes to learn the workflow.

   
   

3. Learn to write effective prompts by being specific about requirements, edge cases, security needs, and desired architecture.

   
   

4. Set up automated security scanning using free tools like OWASP ZAP or Snyk before deploying anything publicly.

   
   

5. Study the security checklist in this article and implement those practices from day one to avoid common vulnerabilities.

   
   

6. Join vibe coding communities to learn from others' experiences, mistakes, and best practices.

   
   

7. If you're a founder, consider vibe coding for rapid MVP validation but budget for proper development and security review before scaling.

   
   

8. If you're a developer, experiment with AI coding assistants to boost productivity on routine tasks while maintaining oversight on complex logic.

   
   

9. Always review generated code before committing to production, especially for authentication, data handling, and user-facing features.

   
   

10. Stay informed about evolving best practices, security discoveries, and regulatory developments as this space matures rapidly.

Glossary

1. AI-Assisted Coding: Using AI tools to suggest code completions while the developer maintains full oversight and understanding.

   
   

2. ARR (Annual Recurring Revenue): Predictable yearly revenue from subscriptions, key metric for SaaS companies.

   
   

3. Codebase: The complete collection of source code files that make up a software application.

   
   

4. Cross-Site Scripting (XSS): Security vulnerability where attackers inject malicious scripts into web pages viewed by other users.

   
   

5. CVE (Common Vulnerabilities and Exposures): Standardized identifier for publicly known security vulnerabilities.

   
   

6. IDE (Integrated Development Environment): Software application providing comprehensive tools for software development (code editor, debugger, compiler).

   
   

7. LLM (Large Language Model): AI model trained on vast text data to understand and generate human-like text, including code.

   
   

8. MVP (Minimum Viable Product): Basic version of a product with core features, used to validate concepts with minimal resources.

   
   

9. Prompt Engineering: Craft of writing effective instructions to get desired outputs from AI systems.

   
   

10. RLS (Row-Level Security): Database security feature controlling which rows users can access in tables.

    
    

11. SQL Injection: Attack technique where malicious SQL code is inserted into application queries to manipulate databases.

    
    

12. SWEBench: Benchmark for evaluating AI systems on real-world software engineering tasks.

    
    

13. Technical Debt: Implied cost of future rework caused by choosing quick solutions over better long-term approaches.

    
    

14. Vibe Coding: AI-assisted development technique where developers generate code from natural language prompts without fully reviewing underlying implementation.

    
    

15. YC (Y Combinator): Prestigious startup accelerator in Silicon Valley that provides funding and mentorship to early-stage companies.

Sources & References

1. Wikipedia. "Vibe coding." Retrieved November 2025. https://en.wikipedia.org/wiki/Vibe_coding

2. CNN Business. "'Vibe coding' named Collins Dictionary's Word of the Year." November 6, 2025. https://edition.cnn.com/2025/11/06/tech/vibe-coding-collins-word-year-scli-intl

3. Collins Dictionary Blog. "Collins' Word of the Year 2025: AI meets authenticity as society shifts." November 2025. https://blog.collinsdictionary.com/language-lovers/collins-word-of-the-year-2025

4. TechCrunch. "A quarter of startups in YC's current cohort have codebases that are almost entirely AI-generated." March 6, 2025. https://techcrunch.com/2025/03/06/a-quarter-of-startups-in-ycs-current-cohort-have-codebases-that-are-almost-entirely-ai-generated/

5. CNBC. "Y Combinator startups are fastest growing, most profitable in fund history because of AI." March 21, 2025. https://www.cnbc.com/2025/03/15/y-combinator-startups-are-fastest-growing-in-fund-history-because-of-ai.html

6. CNBC. "Satya Nadella says as much as 30% of Microsoft code is written by AI." April 30, 2025. https://www.cnbc.com/2025/04/29/satya-nadella-says-as-much-as-30percent-of-microsoft-code-is-written-by-ai.html

7. Simon Willison. "Not all AI-assisted programming is vibe coding (but vibe coding rocks)." March 19, 2025. https://simonwillison.net/2025/Mar/19/vibe-coding/

8. IBM. "What is Vibe Coding?" 2025. https://www.ibm.com/think/topics/vibe-coding

9. DataCamp. "What Is Vibe Coding? Definition, Tools, Pros and Cons." April 28, 2025. https://www.datacamp.com/blog/vibe-coding

10. Google Cloud. "Vibe Coding Explained: Tools and Guides." 2025. https://cloud.google.com/discover/what-is-vibe-coding

11. MIT Technology Review. "What is vibe coding, exactly?" April 16, 2025. https://www.technologyreview.com/2025/04/16/1115135/what-is-vibe-coding-exactly/

12. Fast Company. "The vibe coding hangover is upon us." September 8, 2025. https://www.fastcompany.com/91398622/the-vibe-coding-hangover-is-upon-us

13. Semafor. "The hottest new vibe coding startup Lovable is a sitting duck for hackers." May 29, 2025. https://www.semafor.com/article/05/29/2025/the-hottest-new-vibe-coding-startup-lovable-is-a-sitting-duck-for-hackers

14. Matt Palmer. "Statement on CVE-2025-48757." 2025. https://mattpalmer.io/posts/statement-on-CVE-2025-48757/

15. Notorious PLG. "How an AI Coding Tool Scaled at Warp Speed to a $10B Valuation (Cursor)." April 3, 2025. https://www.notoriousplg.ai/p/notorious-how-an-ai-coding-tool-scaled

16. Opsera. "Cursor AI Adoption Trends: Real Data from the Fastest Growing Coding Tool." August 7, 2025. https://opsera.ai/blog/cursor-ai-adoption-trends-real-data-from-the-fastest-growing-coding-tool/

17. CNBC. "I took a 2-day 'vibe coding' class and successfully built a product." May 8, 2025. https://www.cnbc.com/2025/05/08/i-took-a-2-day-vibe-coding-class-and-successfully-built-a-product.html

18. Kaspersky. "Security risks of vibe coding and LLM assistants for developers." 2025. https://www.kaspersky.com/blog/vibe-coding-2025-risks/54584/

19. IT Pro. "Vibe coding security risks and how to mitigate them." 2025. https://www.itpro.com/technology/artificial-intelligence/vibe-coding-security-risks-how-to-mitigate

20. Security Boulevard. "Methodology: How we discovered over 2k high-impact vulnerabilities in apps built with vibe coding platforms." October 2025. https://securityboulevard.com/2025/10/methodology-how-we-discovered-over-2k-high-impact-vulnerabilities-in-apps-built-with-vibe-coding-platforms/

21. Snyk. "What Users Want When Vibe Coding." 2025. https://snyk.io/articles/what-users-want-when-vibe-coding/

22. Aikido. "Vibe check: The vibe coder's security checklist for AI generated code." May 19, 2025. https://www.aikido.dev/blog/vibe-check-the-vibe-coders-security-checklist

23. TechXplore. "Does 'vibe coding' make everyone a programmer?" March 24, 2025. https://techxplore.com/news/2025-03-vibe-coding-programmer.html

24. Gary Marcus. "Decoding (and debunking) Hard Fork's Kevin Roose." March 2, 2025. https://garymarcus.substack.com/p/decoding-and-debunking-hard-forks

25. DoltHub Blog. "Vibe Coding with Cursor." March 29, 2025. https://www.dolthub.com/blog/2025-03-29-vibin/

26. Replit Blog. "What is Vibe Coding? How To Vibe Your App to Life." 2025. https://blog.replit.com/what-is-vibe-coding

27. Futurism. "Companies Are Discovering a Grim Problem With 'Vibe Coding'." May 31, 2025. https://futurism.com/problem-vibe-coding

28. Intigriti. "Finding more vulnerabilities in vibe coded apps." April 16, 2025. https://www.intigriti.com/researchers/blog/hacking-tools/vibe-coding-security-vulnerabilities

29. Zencoder. "5 Vibe Coding Risks and Ways to Avoid Them in 2025." April 2, 2025. https://zencoder.ai/blog/vibe-coding-risks

30. Superframeworks. "10 Best AI Coding Tools 2025: Vibe Coding Tools Compared." November 8, 2025. https://superframeworks.com/blog/best-ai-coding-tools

31. LeadDev. "95% AI-written code? Unpacking the Y Combinator CEO's developer jobs bombshell." August 11, 2025. https://leaddev.com/hiring/95-ai-written-code-unpacking-the-y-combinator-ceos-developer-jobs-bombshell

32. The Register. "30 percent of some Microsoft code now written by AI." May 1, 2025. https://www.theregister.com/2025/04/30/microsoft_meta_autocoding/

33. Tom's Hardware. "Microsoft's CEO reveals that AI writes up to 30% of its code." April 30, 2025. https://www.tomshardware.com/tech-industry/artificial-intelligence/microsofts-ceo-reveals-that-ai-writes-up-to-30-percent-of-its-code

34. TapTwice Digital. "10 Cursor Statistics (2025): Revenue, Valuation, Competitors, Funding." April 29, 2025. https://taptwicedigital.com/stats/cursor

35. DevGraphIQ. "Cursor Statistics 2025: The Complete Data Analysis Report." September 18, 2025. https://devgraphiq.com/cursor-statistics/