Why Vibe Coding Won't
Replace Developers

The origin story

In February 2025, Andrej Karpathy coined the term "vibe coding" in a post on X. He described it as a new way to write software where you "fully give in to the vibes, embrace exponentials, and forget that the code even exists."

The post went viral. Within weeks, "vibe coding" had its own Wikipedia page. Thousands of developers started building apps without reading the code their AI assistants generated. Non-technical founders launched startups built entirely on AI-generated codebases. The promise was seductive: anyone can build software now.

But buried in that same original post was a caveat most people ignored: "Sometimes the LLMs can't fix a bug so I just work around it or ask for random changes until it goes away." Karpathy himself called it suitable for "throwaway weekend projects." Not production systems. Not startups. Not software that handles user data.

One year later, the data is in. And it paints a very different picture than the hype suggests.

What the data says

Let's start with the largest study of its kind. CodeRabbit analyzed 470 GitHub pull requests, comparing AI-generated code against human-written code across multiple dimensions. The results were not close.

AI-generated code creates 1.7x more issues overall than human-written code. But the breakdown matters. Logic errors (the kind that cause real production bugs) were 1.75x more frequent. Concurrency issues, which are notoriously hard to debug, were ~2x more common. Excessive I/O operations were 8x more frequent. These are not cosmetic problems. These are the bugs that wake you up at 3 AM.

2025 was the year the internet broke: Studies show increased incidents due to AI

Pull requests per author increased 20% YoY, while incidents per PR rose 23.5% and change failure rates rose around 30%.

coderabbit.aiopen_in_new

The code quality crisis

GitClear conducted the most comprehensive analysis of AI's impact on code quality, studying 211 million changed lines of code from 2020 to 2024. The trends are alarming.

The story these numbers tell is clear: developers are generating more code than ever, but understanding less of it. Refactored code (code that has been reorganized and improved) collapsed from 25% to under 10%. Meanwhile, duplicated code surged. AI tools optimize for output, not for maintainability.

As Simon Willison, creator of Datasette and a leading voice on responsible AI usage, put it:

Willison draws a critical distinction: "If an LLM wrote every line of your code, but you've reviewed, tested, and understood it all, that's not vibe coding. That's using an LLM as a typing assistant." The problem is not AI assistance. The problem is blind trust.

The security nightmare

If the quality data is concerning, the security data is terrifying. A study by SoftwareSeni found that AI-generated code contains 2.74x more security vulnerabilities than human-written code. And these are not theoretical risks.

Securing Vibe Coding Tools: Scaling Productivity Without Scaling Risk

Unit 42 presents the SHIELD framework for securing AI-generated code, covering prompt hardening, output validation, and runtime sandboxing.

unit42.paloaltonetworks.comopen_in_new

Georgia Tech's Vibe Security Radar project has been tracking CVEs directly caused by AI-generated code since May 2025. As of March 20, 2026, they have tracked 74 AI-linked CVEs, with the count accelerating: 6 in January, 15 in February, 35 in March (partial). The trend line is going in the wrong direction.

The productivity paradox

Perhaps the most surprising finding comes from METR (Model Evaluation & Threat Research), which ran a randomized controlled trial (the gold standard in research) on 16 experienced open-source developers completing 246 tasks in repositories they had an average of 5 years of experience with.

Read that again. Developers believed AI made them 20% faster. In reality, they were 19% slower. That's a 39-percentage-point perception gap. The study found that developers accepted fewer than 44% of AI generations, meaning most of the time was spent reviewing, testing, and ultimately rejecting suggestions.

The explanation is straightforward: AI excels at generating plausible-looking code for small, well-defined tasks. But experienced developers working in large, mature codebases are doing something fundamentally different. They are navigating years of architectural decisions, implicit conventions, and domain-specific logic that no LLM has seen.

Real-world failures

The statistics become more concrete when you look at the actual incidents. Here are documented cases from the past year where vibe-coded applications failed in production:

MoltbookFeb 2026

Social networking app built entirely via vibe coding. Misconfigured database exposed 1.5 million authentication tokens and 35,000 email addresses.

Towards Data Science ↗

LovableMay 2025

CVE-2025-48757: missing Row Level Security on Supabase tables exposed 170+ production applications to full database access.

CVE Database ↗

Base442025

Broken access controls let unauthorized users bypass auth and register for private applications, exposing every app on the platform.

Accorian Security ↗

EnrichleadLate 2025

Startup built entirely with Cursor. AI placed all security and payment logic client-side. Users bypassed payment via browser console within 72 hours.

DEV Community ↗

These are not edge cases. They are the predictable outcome of shipping code that nobody reviewed. And as vibe coding adoption accelerates, the incident rate is accelerating with it.

Even Karpathy agrees

Perhaps the most telling signal comes from the inventor of the term himself. When Karpathy built his latest project, Nanochat (a minimal ChatGPT-like interface), he did not vibe code it.

Inventor of Vibe Coding Admits He Hand-Coded His New Project

Even Andrej Karpathy, who coined "vibe coding," built Nanochat by hand: "It's basically entirely hand-written."

futurism.comopen_in_new

When the stakes were real (when he was building something meant to last, not a weekend prototype) he chose to write the code himself. That tells you everything about where vibe coding sits in the hierarchy of software development: it is a prototyping tool, not a replacement for engineering.

What AI is actually good at

None of this means AI coding tools are useless. Quite the opposite. The data shows clear areas where AI excels:

The pattern is clear: AI tools excel at well-defined, bounded tasks with verifiable outputs. They struggle with ambiguity, architectural decisions, cross-cutting concerns, and anything requiring understanding of business context. In other words, exactly the things that make software engineering hard.

The job market reality

If vibe coding was truly replacing developers, we would see it in the labor market. We don't.

The real concern is not that developers will be replaced, but that the junior developer pipeline is being disrupted. Entry-level tech hiring has decreased 25% year-over-year, and employment for developers aged 22 to 25 is down nearly 20% from its 2022 peak. Companies are using AI to handle tasks that used to train junior developers, without considering how the next generation of senior engineers will develop the judgment and debugging instincts that make them effective.

AI vs Gen Z: How AI has changed the career pathway for junior developers

Debugging someone else's code teaches you how systems fail. Writing boilerplate teaches structure. Reviewing PRs teaches you how others think.

stackoverflow.blogopen_in_new

The verdict

The evidence is overwhelming. Vibe coding (the practice of generating code you never read, never review, and never understand) produces software that is buggier, less secure, harder to maintain, and paradoxically slower to develop. Every major study published in the past year points in the same direction.

This does not mean AI coding tools are bad. It means they are tools, not replacements. The most effective use of AI in software development looks nothing like vibe coding. It looks like an experienced engineer using AI to generate first drafts, then reviewing every line. Testing rigorously. Understanding the architecture. Making deliberate decisions.

Simon Willison calls this "vibe engineering." Whatever you call it, it requires the one thing vibe coding explicitly throws away: understanding your code.

The developers who thrive in this era will not be the ones who outsource their thinking to an LLM. They will be the ones who use AI as a force multiplier on top of real engineering skills. If you are preparing for a career in software, the fundamentals matter more than ever: data structures, algorithms, system design, debugging, and the ability to reason about complex systems.

Vibe coding is a party trick. Software engineering is a discipline. The data says one of them has a future. It is not the party trick.

Sources

AI vs human code gen report: AI code creates 1.7x more issues

We analyzed 470 open-source GitHub pull requests, using CodeRabbit's structured issue taxonomy and found that AI generated code creates 1.7x more issues.

coderabbit.aiopen_in_new

Securing Vibe Coding Tools: Scaling Productivity Without Scaling Risk

AI-generated code looks flawless until it isn't. Unit 42 breaks down how to expose these invisible flaws before they turn into your next breach.

unit42.paloaltonetworks.comopen_in_new

Inventor of Vibe Coding Admits He Hand-Coded His New Project

Even former OpenAI exec Andrej Karpathy, who coined the term "vibe coding," has seemingly fallen out of love with his own creation.

futurism.comopen_in_new

AI vs Gen Z: How AI has changed the career pathway for junior developers

For promising Gen Z students, a career as a software developer seemed like the golden ticket to career stability and success. But in the age of AI, the promise is gone.

stackoverflow.blogopen_in_new