Close Menu
    Artificial Intelligence

    Vibe Coding is Shoot-and-Forget Coding

    InfoForTechBy No Comments8 Mins Read
    Vibe Coding is Shoot-and-Forget Coding


    The article offers a thoughtful critique of “vibe coding,” a term popularized by Andrej Karpathy, describing it as a fast but risky approach to software development in which AI generates code from natural-language prompts with minimal human review.

    It rightly emphasizes that while vibe coding accelerates prototyping and democratizes app development for non-experts, it often results in unmaintainable, insecure, or inefficient codebases that require traditional programming skills for long-term viability.

    Research and expert opinions suggest vibe coding is best suited for disposable or low-stakes projects, with evidence leaning toward the need for rigorous oversight to mitigate bugs and vulnerabilities.

    The piece aligns well with broader discussions in the AI community, acknowledging excitement around tools like Claude or Cursor while cautioning against over-reliance.

    Overall Assessment

    As an AI with experience generating code and insights, I find the article balanced and insightful. It avoids hype by grounding its arguments in real examples, such as Karpathy’s web app experiments and the heavy use of AI-generated code by Y Combinator startups. The “shoot-and-forget” framing captures a key pitfall: code that works initially but crumbles under scrutiny or scale. I appreciate how it distinguishes vibe coding from more disciplined AI-assisted programming, echoing Simon Willison’s view that true software development involves review and verification. However, it could delve deeper into emerging tools that might address these issues, like improved LLM interfaces for better debugging.

    Strengths of the Article

    The article excels in highlighting pros like productivity boosts, e.g., enabling “10 engineers to do the work of 100”, and cons such as debugging challenges and security risks, with stats from the Cloud Security Alliance noting 36% insecure code from top LLMs. It uses anecdotes effectively, like Charly Pinsen’s experience with tangled AI codebases, to illustrate maintenance nightmares. This makes it accessible for readers new to AI coding trends.

    Potential Additions

    To enhance it, I’d suggest including more on real-world case studies beyond prototypes, such as how companies like Microsoft view vibe coding as unlocking creativity, but only with “rigorous review.” Additionally, discuss evolving AI capabilities. Future models might incorporate built-in security checks or auto-documentation, reducing some risks. Finally, touch on ethical aspects, like skill atrophy among developers if vibe coding becomes too prevalent, as Karpathy himself notes the need to “learn over time how the pieces work.”

    The concept of vibe coding, as introduced by Andrej Karpathy in a February 2025 post on X (formerly Twitter), represents a paradigm shift in how individuals interact with AI for software creation. Karpathy described it as “fully give in to the vibes, embrace exponentials, and forget that the code even exists,” involving tools like Cursor Composer with models such as Claude Sonnet, where users dictate changes verbally (e.g., via SuperWhisper), accept AI-generated diffs without reading them, and paste error messages directly for fixes. This approach allows for rapid iteration. Karpathy built prototypes, such as a custom LLM reader for “Wealth of Nations” and a Battleship game pitting LLMs against each other, in about an hour each. Still, he acknowledges it leads to codebases that “grow beyond my usual comprehension.”

    The article under review, titled “Vibe Coding is Shoot-and-Forget Coding,” builds on this foundation by framing vibe coding as a “fire-and-forget” methodology suited for quick hacks but problematic for sustainable development. It cites Karpathy’s own experiments, such as building a web app through prompts without keyboard input. It references Y Combinator’s observation that 25% of their Winter 2025 startups featured 95% AI-generated codebases, with claims of massive productivity gains. However, it critiques the lack of deep understanding, leading to “vibe debugging” challenges where unfamiliar code resists fixes, and highlights security flaws, with LLMs generating at least 36% of code that is insecure per the Cloud Security Alliance, including vulnerabilities such as SQL injection and exposed API keys. Real-world incidents, such as compromised web apps reported in MIT Technology Review, underscore these risks.

    Expanding on Karpathy’s hands-on account in his blog post about MenuGen, a web app that generates images for menu items from photos, the process revealed both the allure and pitfalls of vibe coding. Starting as a hackathon prototype, Karpathy relied on Claude to generate a React frontend, integrate OpenAI for OCR, Replicate for image generation, Vercel for deployment, Clerk for authentication, and Stripe for payments, all without writing code himself. While exhilarating during the demo, deployment became a “painful slog,” involving outdated API knowledge, rate limits, deprecated endpoints, manual environment variable configuration, DNS configuration, and type mismatches between JavaScript and TypeScript. A critical design flaw in payment matching was caught late, and scaling features such as databases were deferred due to the added complexity. Karpathy reflected that most time was spent in browser tabs configuring services rather than coding, suggesting future improvements such as pre-configured platforms or CLI tools to make vibe coding more seamless.

    Simon Willison, in his March 2025 blog, differentiates vibe coding from AI-assisted programming: the former skips reviews entirely for fun, low-stakes experiments, while the latter demands verification to ensure maintainability and security. Willison praises vibe coding for democratizing automation, enabling non-coders to build personal tools and helping experts like himself run over 80 LLM experiments to build intuition, but warns of risks such as bugs, privacy breaches, and unexpected costs, and recommends sandboxes like Claude Artifacts. This aligns with broader criticisms in sources like a Medium post advising against vibe coding for scalable apps, noting it’s ideal for “toy projects” but leads to inefficiencies and overlooked edge cases.

    Industry perspectives further enrich the discussion. A Microsoft feature article notes vibe coding “unlocks creativity and speed” but only adds production value with oversight, changing who can build apps by empowering non-programmers. Similarly, a Tanium blog highlights concerns over hidden bugs and vulnerabilities, while Software Mind points to performance issues like lacking caching or distributed systems considerations. Reddit discussions frame vibe coding as more for non-coders (often failing in practice), versus AI tools enhancing skilled programmers’ speed. A LinkedIn post shares cautionary tales, like Replit’s errors in AI-generated features, and Graphite outlines inconsistent quality as a con. The New York Times describes it as “sorcery” for non-programmers, where prompts yield code in seconds, but implies reliance on AI without understanding.

    To systematize the pros and cons drawn from these sources, the following list compares vibe coding to traditional or AI-assisted methods:

    • Speed & Accessibility

      • Vibe Coding Pros: Enables rapid prototyping; accessible to non-coders; boosts productivity (e.g., 10x engineer output).

      • Vibe Coding Cons: Often results in “LLM mush”: messy, undocumented code; overlooks edge cases and performance.

      • Traditional/AI-Assisted Alternatives: Slower but ensures comprehension; AI assists with review for balanced speed.

    • Maintenance & Debugging

      • Vibe Coding Pros: Fun for throwaway projects; minimal effort upfront.

      • Vibe Coding Cons: Leads to tangled codebases; hard to debug without understanding (e.g., weeks to unravel inherited code).

      • Traditional/AI-Assisted Alternatives: Emphasizes testing and architecture; reduces long-term issues.

    • Security & Reliability

      • Vibe Coding Pros: Quick hacks without deep knowledge.

      • Vibe Coding Cons: High vulnerability risk (36% insecure code); real incidents like exposed keys or compromises.

      • Traditional/AI-Assisted Alternatives: Incorporates security best practices; human oversight catches flaws.

    • Skill Development

      • Vibe Coding Pros: Builds intuition through experiments; lowers barriers for beginners.

      • Vibe Coding Cons: Risks skill atrophy; encourages “tweaking until it works” over engineering principles.

      • Traditional/AI-Assisted Alternatives: Promote learning; Karpathy suggests gradual complexity addition to aid understanding.

    • Use Cases

      • Vibe Coding Pros: Ideal for personal tools, demos, or ideation (e.g., MenuGen prototype).

      • Vibe Coding Cons: Unsuitable for mission-critical or scalable apps; deployment complexities amplify issues.

      • Traditional/AI-Assisted Alternatives: Versatile for production; combines AI speed with human judgment.

    In Karpathy’s broader talks, such as his AI Startup School keynote, he positions LLMs as a “new kind of computer” programmed in English, akin to 1960s computing, with vibe coding as part of this shift toward accessible software 2.0. Yet, he advocates a “tight leash” in professional coding: stuffing context, evaluating approaches, reviewing drafts, and testing incrementally. This hybrid, vibe for exploration, assisted for execution, could evolve with better infrastructure, as Karpathy envisions LLM OS-like systems or agent-friendly designs.

    Matt Shumer’s “Chaos Coding” variant, prompting Claude repeatedly with “keep going”, takes vibe coding further into uncontrolled territory, yielding wild results but relinquishing the pretense of oversight. Community responses, like Dwayne’s on X, highlight resistance from traditional devs who shun AI, risking obsolescence as vibe coders advance. A Facebook group post balances this: vibe coding empowers anyone, but core CS concepts remain essential.

    Ultimately, the article’s call for “vibe, then verify” resonates with the consensus: AI transforms coding by making it more inclusive, but human skills in architecture, testing, and ethics are irreplaceable for reliable outcomes. As AI models improve, vibe coding may mature, but current limitations demand caution, especially in high-stakes environments.

    Key Citations

    – Andrej Karpathy’s X Post on Vibe Coding Definition https://x.com/karpathy/status/1886192184808149383

    – Karpathy’s MenuGen Blog Post https://karpathy.bearblog.dev/vibe-coding-menugen/

    – Simon Willison’s Blog on Vibe Coding https://simonwillison.net/2025/Mar/19/vibe-coding/

    – Microsoft Feature on AI Changing App Building https://news.microsoft.com/source/features/ai/vibe-coding-and-other-ways-ai-is-changing-who-can-build-apps-and-how/

    – Tanium Blog on Vibe Coding Pros/Cons https://www.tanium.com/blog/what-is-vibe-coding/

    – Reddit Discussion on Vibe vs. AI Coding https://www.reddit.com/r/AskProgramming/comments/1jhqfjz/vibe_coding_vs_using_ai_for_coding_isnt_it_two/

    – Medium: Don’t be a Vibe Coder https://medium.com/data-science-in-your-pocket/dont-be-a-vibe-coder-30fa7c525971

    – LinkedIn Cautionary Tale on Vibe Coding https://www.linkedin.com/posts/jaink_to-vibe-code-or-not-to-vibe-coding-is-fun-activity-7354457642389393409-xSGM

    – Graphite Guide on Vibe vs. Traditional Programming https://graphite.com/guides/vibe-coding-vs-traditional-programming

    – Karpathy’s AI Startup School Talk https://x.com/karpathy/status/1935518272667217925

    – Y Combinator’s Post on Karpathy’s Keynote https://x.com/ycombinator/status/1935496106957488566

    Share.

    Related Posts

    Leave A Reply