As someone who’s been in the coding world for a while, I’ve seen a lot of trends come and go. Some stick around because they’re genuinely useful. Others fade out when people realise they’re more style than substance. Vibe coding, using AI to write code based on natural language prompts, is the latest one on my radar. And while I’m not against it, I’ve got real concerns.
The Speed Is Tempting – But At What Cost?
Let’s be honest, the idea of getting working code out of a well-written prompt is pretty amazing. It can speed things up, help non-coders get started, and give you quick prototypes to build from. I use AI for coding myself, but only for distinct elements of code that I then thoroughly check and debug. It speeds up my workflow significantly. Fantastic!
However, what worries me is the increasing number of people, especially younger devs, treating AI-generated code as good to go without really understanding what’s under the bonnet. That’s a big problem!
Shortcuts Can Be Dangerous
We’ve already seen research showing that tools like GitHub Copilot can produce insecure code. One study found that nearly 40% of AI-generated code snippets contained security vulnerabilities, things like SQL injections, hardcoded secrets, and XSS (source). That’s not just bad code – that’s a potential data breach waiting to happen.
I get that in startups and fast-paced teams, speed is everything. But cutting corners on security is a risky gamble. We’re seeing more and more real-world examples, like the Chevrolet chatbot that offered a car for $1 thanks to a poorly designed AI system. That’s not “move fast and break things”, that’s “move fast and lose trust.”
A Generation of Lazy Coders?
Maybe that sounds harsh, but I do worry that vibe coding is encouraging a “don’t need to learn it” mindset. If you can just tell an AI what you want, why bother learning how the code works? Tempting.
Here’s why: If you can’t read and understand the code that AI spits out, how can you be sure it’s secure, or even that it does what you think it does?
Coding isn’t just about getting something to run, it’s about knowing how it runs, why it runs, and what might go wrong. That knowledge comes from getting your hands dirty and debugging for hours, not just copying what the AI gives you.
It’s Not All Doom and Gloom
Look, I’m not saying we should ditch vibe coding. Used properly, it’s a powerful tool. It can absolutely boost productivity and help you experiment with new ideas. But it’s just that. A tool. Not a replacement for actual understanding, yet.
If you’re using AI to write code, here’s my advice:
Read every line it generates
Ask yourself what it’s doing and why
Look for edge cases, bad inputs, and security flaws
Never ship AI-generated code without reviewing it properly
And if you are a company employing coders, be cautious of overuse of vibe coding in your development workforce.
Let’s not get lazy just because the tech is flashy. In a few years, AI might be good enough to reliably write safe, optimised code, but we’re not there yet. Until then, vibe coding needs to be treated with care, especially when security is on the line.
