What is Vibe Coding?

Updated

A 2025-coined term (Andrej Karpathy) for building software primarily via natural-language prompts to AI tools (Lovable, Bolt, v0, Cursor, Claude Code).

Full explanation

Vibe coding describes the workflow where the developer describes intent in plain language + the AI generates code. Strengths: speed, accessibility for non-engineers. Weaknesses: 92% of AI-generated auth code has at least one bug per April 2026 research; default config patterns leak credentials (Lakera Apr 2026 study found 33 of 428 npm packages with live .claude/ creds).

Example

A founder uses Lovable to build a SaaS in 3 weekends. Lovable's generator emits Supabase queries from plain-English specs; the founder ships without security review. Securie's role is the control plane the founder doesn't have time to build.

Related

Guide
Using Supabase anon key safely — RLS-protected access only
Guide
Leaked API keys in Next.js — NEXT_PUBLIC_ prefix + client-bundle audit

FAQ

Is vibe coding bad?

No — productivity gains are real. The right model is: AI for the bulk of the work, automated security review for the bug-class catch.