My grandma managed stock spreadsheets for a textile firm for 40 years. She calculates compound reductions in her head sooner than most individuals can with calculators, however has zero coding expertise.
After I prompt constructing a backyard monitoring app collectively utilizing AI, her skepticism was virtually prompt.
Two hours in, she had a working internet software till we requested for yet another factor, and the app broke. That is an all-too-common story of vibe coding.
Now, I’ve a framework for understanding what vibe coding truly delivers versus what it guarantees, so you possibly can look past the advertising and marketing hype and make precise use of the product.
First, What Is Vibe Coding?
Vibe coding is constructing software program by describing what you need in plain English and letting AI write the code for you.
Former Tesla AI director and OpenAI co-founder Andrej Karpathy coined the time period in February 2025 when he tweeted: “There’s a brand new type of coding I name ‘vibe coding’, the place you totally give in to the vibes, embrace exponentials, and overlook that the code even exists.”
The publish exploded with over 5 million views, capturing a improvement strategy that was already spreading via the tech neighborhood.
As a substitute of studying programming languages and wrestling with syntax, you simply inform an AI what you wish to construct. The AI generates the code. You develop into a product supervisor moderately than a programmer, targeted on what the app ought to do as a substitute of the way to make it work.
Why Does Vibe Coding Matter Now?
87% of firms face expertise shortages or anticipate to inside the subsequent few years, based on McKinsey.
AI coding instruments like Bolt.new, Lovable, Replit Agent, and Cursor promise to resolve this drawback by bettering productiveness for current builders and permitting non-devs to check their concepts shortly.
The numbers again up the hype:
- In March 2025, Y Combinator revealed that 25% of their Winter 2025 batch had 95% of their codebases generated by AI.
- In April 2025, Microsoft CEO Satya Nadella revealed that 20–30% of the codebase was written by AI.
- 1 / 4 of startups in YC’s present cohort have codebases which might be virtually totally AI-generated.
- Google CEO Sundar Pichai reported related figures, stating over 25% of Google’s code is AI-generated.
We’ve gone from primary autocomplete to writing complete purposes with minimal human enter.
However the identical options that make vibe coding accessible, like pure language enter, autonomous code era, and automated complexity dealing with, create critical issues when your app must develop past that first model.
What Can You Really Construct with Vibe Coding?
When you possibly can truly construct with vibe coding is determined by three issues:
- How complicated your app must be
- Whether or not you possibly can spot unhealthy code and safety holes
- If you recognize when to cease including options
In case your app necessities are easy, and you may establish technical gaps and resist pointless characteristic additions, vibe coding might help you ship quick practical outcomes.
Nevertheless, as complexity grows or if it’s good to construct production-grade apps, skilled overview and architectural planning develop into non-negotiable.
My grandmother’s expertise constructing a backyard monitoring app confirmed precisely the place these limits are.
What Occurred in Hour One? Easy Directions Labored
There are not less than a dozen AI vibe coding platforms like Bolt, Lovable, OpenAI Code, Claude Code, Google Opal, and many others.
We began with the OpenAI Codex extension in VS Code as a result of I already had a subscription, however I’d advocate beginning with Bolt.new, Lovable, or Vercel for a extra visible vibe-coding expertise.
Our first immediate: “Construct a backyard monitoring app the place I can report what I planted, once I planted it, and the way a lot I harvested. Embody a option to see which crops carried out greatest every season.”
This immediate labored as a result of it contained three important parts:
- Clear information construction (plant identify, planting date, harvest quantity, season)
- Outlined output (efficiency comparability by season)
- Particular use case context (private backyard monitoring)
Inside a couple of minutes, Codex generated a whole software. It had an SQLite database with tables for crops, plantings, and harvests, REST API endpoints for CRUD operations, a Python frontend with information tables and enter kinds, and primary styling with CSS.
It even had some demo information by default.
The net app regarded good. That’s vibe coding’s superpower and its biggest hazard. However earlier than I bounce into that, let me clarify what’s truly taking place behind Codex’s considering. I performed round with the app, found out what we had and what else we wanted.
What Occurred Behind the Interface
The generated code made architectural choices for a single-user software. The database schema might deal with new entries simply. The API adopted RESTful conventions. The frontend elements have been separated logically.
Nevertheless, I seen that it didn’t make important safety issues by default. There was no enter validation, no authentication layer, no charge limiting, no consideration of SQL injection vulnerabilities, and no encryption.
The AI agent’s structure assumed a trusted single consumer in a managed setting.
Contemplating this was a undertaking for my grandma and nobody else, these omissions are manageable dangers. Nevertheless, for anybody contemplating vibe coding to construct a multi-user internet software, these are important safety dangers that merely can’t be ignored.
I generally see discussions about this on Reddit or PostStatus: builders efficiently iterate on AI-generated code as a result of they establish these gaps and implement correct safety layers. Non-technical customers see a working app and assume production-readiness.
What Occurred in Hour Two? Characteristic Creep Grew to become Apparent
The app labored as supposed, and this breakthrough second helped her construct confidence. My grandmother began fascinated with enhancements. That is the place vibe coding’s limitations develop into obvious.
We tried a characteristic request: “Add the power to add photographs of every plant so I can see what they regarded like at completely different progress levels.”
This seemingly easy request triggered a cascade of architectural complexity.
Database schema and app module adjustments required:
- New photographs desk with columns: id, plant_id (international key), photo_url, upload_date, growth_stage
- Relationship definition between crops and photographs (one-to-many)
- Migration technique for current information
Backend modifications wanted:
- File add endpoint with multipart kind dealing with
- File storage resolution (native filesystem vs. cloud storage)
- New API endpoints for photograph CRUD operations
- Replace current plant endpoints to incorporate photograph information
Frontend adjustments required:
- File enter element with drag-and-drop
- Picture preview performance
- Photograph gallery show for every plant
- Replace current plant playing cards to indicate thumbnails
- Loading states for add progress
OpenAI Codex tried to implement the whole lot concurrently. The most recent mannequin GPT5-Codex-Excessive was capable of make this work inside ~5 minutes from getting into the immediate.
The issue is that it created buggy and insecure code. Right here’s what broke:
- The unique crops desk construction modified
- Frontend elements that referenced the previous schema stopped working
- CSS conflicts between new photograph elements and current UI (as seen within the screenshot) emerged
After which there was the overengineering drawback: Codex generated a fancy system with pointless picture processing and information taken for every photograph, and many others.
Every repair try launched new issues. Replace the database schema, break the API. Repair the API, break the frontend. Resolve frontend points, uncover new backend bugs. The codebase that labored completely with 200 strains of code now sprawled throughout 1,500 strains with interconnected dependencies.
The Non-Extensible Structure Entice
The app’s structure was optimized for solely what we requested for within the first hour. With vibe coding, you must be very particular, and that’s the troublesome half for non-developers.
You wouldn’t know what extensible structure means if the AI applied it.
You probably have a easy app prepared after which want to increase it, a non-extensible structure would imply rewriting the code from scratch for the AI.
Architectural assumptions from the primary hour:
- Single desk design (affordable for easy information)
- Direct API-to-database queries (quick for read-heavy operations)
- Inline element definitions (acceptable for small UIs)
- No separation between enterprise logic and information entry (superb for easy CRUD)
Why these assumptions turned constraints:
- The one-table design prevented correct relational information modeling for photographs
- Direct queries required full rewrites when the schema modified
- Inline elements meant adjustments cascaded via the whole codebase
- No enterprise logic layer meant each characteristic touched the database instantly
We have been previous the return level. An excessive amount of code existed to desert. Every repair try consumed extra tokens attempting to salvage an structure that couldn’t assist the brand new necessities.
What Occurred in Hour Three? Token Exhaustion and Barely Purposeful Code Emerged
After the photograph add characteristic labored, we tried further enhancements.
- “Add classes for plant varieties (greens, herbs, flowers)”
- “Present planting suggestions based mostly on season”
- “Let me mark crops as favorites”
Every request adopted the identical sample: Codex tried thorough implementation for some seemingly easy asks, launched breaking adjustments, created overengineered options, and consumed 1000’s of tokens attempting to repair ensuing bugs.
The app works simply superb, and my grandma was glad with the output.
As a developer, although, I might clearly see we have been on the final leg when it comes to code. A number of extra options and the app could be a large number.
by way of Imgflip
Why Is This Such a Widespread Downside?
Coding brokers are simply massive language fashions “prompted” to output code.
So that they have all the issues that common massive language fashions have, together with:
- Not being particular about what’s anticipated of them
- Making up random operate calls (hallucinations)
- Writing sophisticated code for simplistic objectives
Additionally, as chat historical past grows, coding brokers hit their context window limits.
- Authentic structure choices and their rationale
- Subsequent modifications and their interdependencies
- Present bugs and their root causes
- Desired performance for brand new options
Every new immediate was interpreted in isolation and not using a full understanding of architectural historical past. The AI prompt options that made sense for particular person options however created systemic conflicts when built-in with current code.
This Reddit information emphasizes: “When the chat will get very large, simply open a brand new one. The AI context window is restricted. If the chat may be very large, it would overlook the whole lot earlier, overlook any patterns and design, and begin producing unhealthy outputs.”
However opening a brand new chat meant shedding all context about what existed. Offering that context consumed tokens. Even with “summarized” context, we’re nonetheless lacking necessary particulars in terms of code.
We Confronted the TEA App Downside at a Smaller Scale
The TEA app demonstrated this actual failure sample at manufacturing scale. Launched in 2023 as a girls’s security platform, it quickly scaled to 1.6 million customers.
Then, in July 2025, it failed catastrophically:
- The breach: Safety researchers found an unsecured Firebase storage bucket containing 72,000 consumer photos, together with 13,000 verification selfies and authorities IDs. A second database uncovered 1.1 million non-public messages.
- The technical failures: API keys hardcoded in supply code, Firebase bucket publicly accessible with out authentication, no runtime protections, and no safety overview layer. Consultants linked these vulnerabilities to vibe coding practices, the place characteristic velocity eclipsed safety structure.
- The result: An Nameless 4chan poster found and shared obtain instruments. Class-action lawsuits filed inside 48 hours. The platform shut down. Common breach value: $4.88 million.
TEA’s failure has the identical sample we skilled at such a tiny scale, which makes me marvel why folks don’t confirm AI-generated code.
We had an preliminary implementation that labored effectively; nevertheless, characteristic additions sophisticated the structure, safety issues have been neglected for brand new performance, and systemic vulnerabilities have been unknowingly left open for exploitation.
How To Vibe Code With out Experiencing the Identical Issues We Did
In case you’re not a developer, it’s unattainable to keep away from the issues totally. Nevertheless, there are methods to reduce issues.
1. Begin With Ruthless Characteristic Minimalism
Outline absolutely the minimal characteristic set earlier than writing the primary immediate, however at all times resist the temptation so as to add options in the course of the preliminary improvement.
Efficient scoping framework:
- Checklist all desired options
- Determine the three–5 options that validate your core speculation
- Construct solely these options in model one
- Ship, validate, and iterate
Don’t give prompts like, ‘Construct me this complete characteristic.’ The AI will hallucinate and produce horrible code. Break down any characteristic into not less than 3–5 sequential requests.
In case you can’t establish the minimal characteristic set, use the “Plan mode” or “Chat mode” obtainable in a lot of the AI coding instruments.
This allows you to inform the agent what you need in pure language and permits AI to determine the way to break the app into particular person options or recordsdata.
2. Decide to Git After Each Working Characteristic
For a non-developer, model management can sound sophisticated, nevertheless it’s a vital addition. Git is a model management software that creates restore factors when characteristic additions break current performance.
Git workflow for vibe coding:
- Initialize the repository earlier than the primary immediate
- Commit after the preliminary working model
- Create a brand new department for every characteristic addition
- Commit ceaselessly throughout characteristic improvement
- Check totally earlier than merging to the principle department
You possibly can inform the coding agent of your selection to do that for you when you’re not comfy with Git instructions.
3. Design for Extension in Preliminary Prompts
Your first immediate defines the codebase. Easy prompts will solely provide you with a working app till you begin asking for brand new options.
As a substitute, ask for an extensible structure proper from the start.
- Ineffective preliminary immediate: “Construct a backyard monitoring app the place I can report what I planted and harvested.”
- Efficient preliminary immediate: “Construct a backyard monitoring app with an extensible database schema that may accommodate future options. Use a modular structure the place frontend elements, API endpoints, and database entry are separated. Embody clear documentation of schema and API construction for future modifications.”
This does improve the token utilization to start out with. Nevertheless, while you start including new options, the AI won’t must waste tokens refactoring the previous code to accommodate requests.
4. Select Instruments Primarily based on Architectural Stability
- Bolt.new, Replit agent, and Lovable: Glorious for single-session prototypes and simple deployment. Poor for multi-session characteristic additions. Structure turns into progressively extra fragile with every modification.
- Claude/OpenAI/Gemini coding brokers: Typically helpful for complicated coding, however can really feel extra sophisticated in comparison with the visible web-apps we’ve seen earlier than.
- DreamHost Liftoff: Nice as a WordPress basis with confirmed extensibility patterns. WordPress structure is designed for modification and plugin additions. This solves the non-extensible structure drawback by beginning with a battle-tested extensible basis.
5. Implement Safety From Hour One
Much like extensibility, you wish to combine safety proper from the primary immediate. So, together with asking for an extensible, modular structure, you additionally wish to add security-first elements to the preliminary immediate.
Right here’s an instance of how I’d add safety within the first immediate: “Construct a backyard monitoring app with bcrypt password hashing, enter validation on all fields, parameterized SQL queries to forestall injection assaults, charge limiting on all API endpoints, and secrets and techniques saved in setting variables by no means uncovered to frontend code.”
In case you’re constructing a client-facing app, right here are some things to remember:
- By no means belief consumer information—validate and sanitize server-side
- Preserve secrets and techniques in setting variables
- Confirm permissions for each motion
- Use generic error messages—detailed logs for builders solely
- Implement possession checks to forestall unauthorized information entry
- Defend APIs with charge limits
Understanding how generative AI works helps you acknowledge when AI makes safety assumptions that create vulnerabilities.
6. Know When To Begin Contemporary vs. Proceed
Acknowledge the indicators that persevering with will waste tokens.
Begin contemporary when:
- Token consumption exceeds 300k with out working options
- Every bug repair introduces two new bugs
- Architectural modifications break a number of current options
- Chat historical past exceeds 30 exchanges
- You can not clarify the present codebase structure
Proceed when:
- New options combine cleanly with current code
- Bug fixes resolve points with out unwanted effects
- Token consumption stays inside budgets
- Structure stays understandable
When the AI will get it fallacious and goes within the fallacious method, returning, altering the immediate, and sending once more could be a lot better than finishing this shit code.
7. Assessment With AI Safety Evaluation
After constructing core performance, copy the whole codebase to Gemini 2.5 Professional for complete safety evaluation. I want this language mannequin due to its massive context window of two million tokens so you possibly can transfer the whole code base into it.
Safety overview immediate: “Act as a safety knowledgeable. Analyze this entire codebase for vulnerabilities. Determine SQL injection dangers, XSS vulnerabilities, authentication weaknesses, authorization flaws, credential publicity, and any OWASP Prime 10 points. Present particular code areas and remediation suggestions.”
This approximates knowledgeable safety overview at a fraction of the fee.
It’s inadequate for manufacturing deployment, nevertheless it identifies catastrophic flaws in prototypes earlier than they attain customers.
When Does Vibe Coding Make Enterprise Sense?
You don’t must discard vibe coding altogether simply because it’s unable to create sophisticated purposes proper now. Listed below are just a few instances once I suppose a vibe-coded prototype or app truly is sensible.
- Speedy idea validation: Construct prototypes in hours to check market curiosity. Common validation value dropped from $15,000–$100,000+ to beneath $500. Use vibe coding to reply: “Do clients need this sufficient to make use of it?”
- Inside course of automation: Present instruments on your staff the place you management entry and settle for larger danger tolerance as a result of blast radius stays restricted. Inside instruments can iterate towards safety moderately than requiring safety from day one.
- Pre-development specification: Perceive necessities earlier than hiring builders to cut back costly miscommunication. Vibe-coded prototypes function interactive necessities paperwork.
- MVP for fundraising: Show performance to traders whereas being clear about technical maturity. Many startups use vibe-coded MVPs to safe seed funding, then rebuild correctly with skilled groups.
When Skilled Improvement Turns into Non-Negotiable
Buyer-facing purposes processing any consumer information require knowledgeable safety overview. The price of incorrect safety implementation exceeds any financial savings from vibe coding.
Some instances the place you want skilled overview embrace:
- Multi-user authentication
- Fee processing
- Private data storage
- Public-facing deployment
- Conditions involving compliance necessities (similar to GDPR, CCPA, HIPAA)
Microsoft’s CEO revealed 30% of the corporate’s code is now AI-generated. Google reported related figures. Each keep intensive safety overview processes, automated testing, and human oversight.
Manufacturing deployment requires related safeguards no matter code era methodology.
Understanding whether or not AI will exchange builders helps set life like expectations about what you possibly can safely construct and deploy alone. Discover the greatest on-line assets to study code to bridge the hole between vibe coding prototypes and production-ready programs.
FAQs About Vibe Coding
What’s vibe coding, and the way is it completely different from conventional programming?
Vibe coding is the method of constructing purposes by describing necessities in plain English to an AI, which generates the code for you. In contrast to conventional programming, which calls for data of programming languages, vibe coding shifts focus to product administration and intent moderately than handbook coding.
Can non-developers construct production-ready apps utilizing vibe coding?
Whereas vibe coding lets non-developers shortly prototype practical apps, most AI-generated code lacks the safety and robustness wanted for manufacturing deployment. That stated, vibe-coded prototypes are nice for idea validation.
What are the most important dangers of utilizing AI-generated code for app improvement?
Probably the most important dangers embrace safety flaws (like lacking validation, authentication, charge limiting, and safety in opposition to SQL injection), non-extensible structure, and have creep that results in fragile or damaged programs. The TEA app breach is an instance of speedy improvement with out correct safety overview, leading to catastrophic penalties.
When does it make sense to make use of vibe coding for actual enterprise tasks?
Vibe coding is good for speedy prototyping, inside instruments, pre-development specification (necessities gathering), and MVPs for fundraising. Nevertheless, for customer-facing apps or ones that course of delicate information, at all times spend money on skilled improvement and safety opinions.
The Backside Line: Know Your Architectural Limits
My grandmother maintains her simplified backyard tracker for private use. She additionally added practical analytics (the navbar button didn’t go anyplace earlier than) to see how her backyard is performing.
This works as a single-user app. In case you’re constructing a platform for multi-client use, you would nonetheless create vibe-coded prototypes, MVPs, and many others., to get the ball rolling. However relying solely on vibe coding with out understanding what’s happening is just repeating the story of the TEA app.
Vibe coding democratizes software program creation whereas introducing new obligations. You possibly can construct apps in half-hour. Nevertheless, you could perceive architectural limits, safety implications, and token consumption patterns earlier than transport to customers.
The longer term belongs to builders who perceive the prototype-production hole.
Able to construct your first internet app? Begin with DreamHost Liftoff for WordPress-powered vibe coding that features extensible structure, managed internet hosting, safety infrastructure, and confirmed scalability from day one. Construct quick. Prolong safely. Personal your code.
Professional Companies – Design
Lovely Web sites, Designed From Scratch
Stand out from the group with a contemporary WordPress web site that’s 100% distinctive to you.
Did you get pleasure from this text?
