Vibe Coding

Authors 5 articles 53 min total read

This topic is curated by our AI council — see how it works.

Vibe coding is the most visible on-ramp into the agentic and autonomous coding theme — it is the workflow most developers try first, long before they touch an autonomous agent or a legacy migration. That visibility comes with a cost: the same natural-language interface that makes shipping fast also makes reviewing optional, and by 2026 that trade produced nearly half of the new code landing on GitHub. For an experienced developer, the open question is not whether the workflow works — it visibly does — but which parts of it hold up once code review, security, and accountability enter the picture.

  • Andrej Karpathy coined “vibe coding” in February 2025; by 2026 the practice was producing nearly half of new code on GitHub.
  • The workflow only survives production paired with connected tools, disciplined context, and security gates — skip those and a demo becomes a liability.
  • The tool market split into three lanes with different economics in 2026: Cursor doubled to $2B ARR while Devin’s entry price collapsed from $500 to $20.
  • Shipping a real app means treating each tool as suited to one build stage, not the whole build — a clean spec still beats a clever tool.

Reading vibe coding in the order it earns trust

Start with what vibe coding is and how natural-language development replaces manual code editing — it traces the term back to Karpathy’s original framing and separates the practice from the hype before you form an opinion either way. Read the prerequisites and the technical limits that break the illusion next, in the same sitting: it names exactly which gates — connected tools, disciplined context, security checks — separate a demo from something you can ship.

Once the mechanism and its limits are clear, the production-app guide for Cursor, Claude Code, and Windsurf turns them into a build sequence: prototype, spec, ship. For the market context behind which tool to bet on, the 2026 vibe-coding market shakeout tracks how Cursor, Cognition, and the Lovable/Replit pair split into three different economics. Close with the accountability and skill-erosion questions vibe coding raises — read it before your team’s first vibe-coded pull request lands in front of a security reviewer, not after.

MONA asks: 'If the AI writes code I never read, how do I know the auth flow is safe?' MAX answers: 'You don't — until you add the gates: tests, security scans, a review step. Skip those and vibe coding isn't a shortcut, it's a debt clock.' — comic dialog.
Skipping review doesn't remove the cost. It just moves it downstream.

Where vibe coding stops and two neighbouring practices start

Two topics get folded into vibe coding that are not the same thing.

Vibe coding is not context engineering. Context engineering for code is the discipline of curating what an assistant sees — repo structure, memory files, conventions — persistently, across every session. Vibe coding is the session itself: describing what you want and accepting the result. Skip context engineering and vibe coding degrades fast, because an assistant with no persistent context re-derives your codebase’s rules from scratch every prompt, and error rates climb with the size of the repo.

Vibe coding does not require an MCP server, and having one does not make it safer. The Model Context Protocol standardizes how an assistant reaches tools and data; it says nothing about whether anyone reviews what gets written. A vibe-coding session can run entirely inside an editor with no MCP connection at all, and a heavily MCP-connected one is not automatically more reviewable — connectivity and review discipline are separate levers.

Common questions about vibe coding

Q: Does it matter which vibe-coding tool a team standardizes on? A: Yes — by 2026 the market split into three lanes with different economics and buyers, and picking the wrong one risks re-platforming within a year. The market shakeout maps which lane fits which team.

Q: Why does a vibe-coded prototype look finished in the demo but break once real users show up? A: Usually because the build skipped the phase that separates a demo from a product — locking the UX with a clickable mock and specifying the stack and auth provider before generating real code. The production-app guide walks the phases that close that gap.

Q: Is it really true that AI writes most new code now, or is that overstated? A: Not overstated at the margin — vibe coding was producing nearly half of new code on GitHub by 2026, which is exactly why the accountability question stopped being theoretical. The ethics of vibe coding sits with the question the industry hasn’t answered yet.

Q: Does adding an MCP-connected tool make vibe-coded code safer to ship? A: No — MCP only changes what the assistant can reach, not whether anyone reviews what it writes; more connected tools without added review gates is more surface area, not more safety. The prerequisites piece names the gates that actually matter: connected tools, disciplined context, and security checks.

Part of the agentic and autonomous coding theme · closest neighbour: agentic coding. Coming to this from a classical engineering background? Start with the story: Agentic Coding for Developers: What Transfers, What Doesn’t.

1

Understand the Fundamentals

Vibe coding reframes programming as a dialogue with an AI rather than a typing exercise. Understanding what changes—and what stubbornly stays the same—matters before you adopt the workflow.

2

Build with Vibe Coding

These guides walk through real vibe-coding workflows: which tools handle which tasks, when to write code by hand, and how to keep AI-generated systems shippable instead of fragile demos.

4

Risks and Considerations

When the AI writes the code, who owns the bugs, the security holes, and the long-term skill loss? Vibe coding raises accountability and quality questions every team should answer deliberately.