What Is Vibe Coding?
Vibe coding is a software development practice in which a practitioner uses natural language prompts to direct an AI tool to generate code, rather than writing code manually. The term was coined by Andrej Karpathy on February 2, 2025.
Vibe Coding vs. Traditional Agile
| Aspect | Vibe Coding | Traditional Agile |
|---|---|---|
| Code Authorship | AI generates code from natural language prompts | Human developers write all code manually |
| Sprint Cadence | Rapid iteration, potentially multiple deploys per day | 1-4 week sprints with planned releases |
| Quality Gates | Review-Verify-Document workflow for AI output | Code review, automated testing, CI/CD |
| Accountability | Human responsible for reviewing and approving AI code | Developer responsible for their own code |
| Security Review | Must verify packages and scan for vulnerabilities | Standard security practices and audits |
| Velocity Tracking | Story points may need recalibration for AI speed | Established velocity metrics over sprints |
| IP Ownership | Unclear ownership of AI-generated code | Clear ownership by employer/contractor |
Key Risk Categories
Security Vulnerabilities
AI-generated code has 2.74x more vulnerabilities than human-written code (Tambon et al., 2025). This makes security review an essential part of any vibe coding workflow.
Slopsquatting
AI hallucinates package names that attackers pre-register as malware (Trend Micro, 2025). Always verify package names at npmjs.com before installing.
IP & Copyright Gaps
Unclear ownership of AI-generated code (U.S. Copyright Office, 2023). Organizations must establish clear policies for AI-assisted development.