Sarah Chen
Imagine telling your computer "build me a to-do list app with pastel colors and oversized buttons" and watching it appear without writing a single line of code. That's Vibe Coding: programming by describing what you want instead of writing every instruction.
Let me break this down: it's like having a very fast junior developer who works 24/7, but sometimes makes mistakes in ways you didn't expect.
Collins Dictionary named it Word of the Year 2025. And for good reason: 92% of developers in the United States now use artificial intelligence daily to write code. The Vibe Coding tools market is worth $4.7 billion and projected to reach $12.3 billion by 2027.
But there's a catch. A rigorous study showed that in complex projects, expert developers are 19% slower when using AI. And 45% of generated code has security vulnerabilities.
So is it worth it? Yes, but you need to know how to use it right. Let's dive in.
What Is Vibe Coding (And Why Is It Called That)
The term was coined by Andrej Karpathy, OpenAI co-founder and former Tesla AI director, in an X post in February 2025:
"There's a new kind of coding I call 'vibe coding', where you fully give in to the vibes, embrace exponentials, and forget that the code even exists."
In simple terms: it's programming by "going with the flow", without reviewing every line, trusting that AI will solve the problems. The trick is that language models like Claude or GPT-4 have become so good that, for many tasks, they work on the first try.
Karpathy described his workflow like this:
- "I 'Accept All' always, I don't read the diffs anymore"
- "When I get error messages I just copy paste them in with no comment, usually that fixes it"
- "The code grows beyond my usual comprehension"
- "Sometimes the LLMs can't fix a bug so I just work around it or ask for random changes until it goes away"
Sounds chaotic, right? It is. But it works surprisingly well for rapid prototypes and personal projects. The problem comes when you try to apply it to production code.
The Numbers That Matter
Massive Adoption
| Metric | Data |
|---|---|
| US developers using AI daily | 92% |
| Global developers using AI weekly | 82% |
| Fortune 500 with Vibe Coding platforms | 87% |
| Global code generated by AI (2024) | 41% (256 billion lines) |
| 2026 projection | 55% |
The most surprising stat: in Y Combinator Winter 2025, 21% of startups had more than 91% of their code written by AI.
The Dark Side
| Problem | Data |
|---|---|
| AI code with security vulnerabilities | 45% |
| Developers deploying code they don't understand | 40%+ |
| Organizations seeing decline in fundamental skills | 44% |
The Study Nobody Wants to Hear
In July 2025, METR (Model Evaluation & Threat Research) published the most rigorous study to date on productivity with AI tools.
Methodology:
- Randomized controlled trial (the scientific gold standard)
- 16 experienced developers
- 246 real tasks in their own repositories
- Average: 5 years of experience in the repo, 22k+ GitHub stars, 1 million+ lines of code
- Tools: Cursor Pro with Claude 3.5/3.7 Sonnet
Results:
| Expectation | Reality |
|---|---|
| Devs predicted: -24% time | Actual result: +19% time |
| Post-study estimate: -20% time | AI made them slower |
What most guides won't tell you is that developers still believed AI made them faster even after seeing the data. 69% continued using Cursor after the study.
Why Did AI Slow Them Down?
- Over-optimism: They used AI even when it didn't help
- High familiarity: More negative effects in repos they already knew well
- Complex repositories: AI performs worse in mature code (10+ years)
- Low acceptance: Only 44% of suggestions were useful
- Implicit context: Devs have tacit knowledge AI doesn't have
The Main Tools
GitHub Copilot
Price: $10-39/month
The good:
- Perfect integration with VS Code and JetBrains
- Multiple models (GPT-4o, Claude, Gemini)
- Copilot Workspace for complete projects
- Most widely used (75% of developers)
The trick is it works better for autocomplete than for complex code generation.
Cursor
Price: $20/month
The good:
- Complete IDE (VS Code fork)
- Better multi-file contextual understanding
- Agent mode for complex tasks
- Supermaven ultrafast autocomplete
The bad:
- Learning curve if coming from another IDE
- In very large projects, context can get lost
Claude Code
Price: $20/month (Claude Pro plan)
The good:
- The most "agentic" of all
- Excellent for refactoring existing code
- Huge context window (200k tokens)
- Can execute commands and create files
Ideal for: Projects where you need AI to understand your entire codebase.
Windsurf
Price: $10-15/month
The good:
- Real-time "Flow" sync
- Very powerful Cascade agent
- Turbo mode for instant completions
- Best value for money
Best for: Solo developers who want power without overpaying.
Quick Comparison
| Tool | Best for | Price |
|---|---|---|
| Copilot | Autocomplete + integration | $10-39/month |
| Cursor | Multi-file projects | $20/month |
| Claude Code | Refactoring + long context | $20/month |
| Windsurf | Best value solo devs | $10-15/month |
The Security Problem
A study of 5 tools (Claude Code, Codex, Cursor, Replit, Devin) analyzed 15 Vibe Coded applications and found 69 vulnerabilities.
The most common:
- SQL injection
- Path traversal
- Hardcoded credentials
- Insecure APIs
- Poor access controls
In the SusVibes benchmark, only 10.5% of functionally correct solutions were also secure.
Real Incidents in 2025:
- CurXecute (CVE-2025-54135): Allowed arbitrary command execution in Cursor
- EscapeRoute (CVE-2025-53109): Arbitrary file read/write in Anthropic's MCP server
- Lovable: 170 of 1,645 created apps had vulnerabilities exposing personal information
How to Do Vibe Coding Right
After testing all the tools and reviewing dozens of guides, these are the best practices that actually work:
1. Structure Your Prompts Clearly
Bad:
"Make me something cool"
Good:
"Build a minimal to-do list app in soft pastels with oversized buttons. Use React and localStorage for persistence. Include add, delete and mark as complete functionality."
2. Work Incrementally
Don't ask for login + chat + database in a single prompt. Think of it like building with LEGO: one block at a time.
The trick is to test after each step. If something fails at step 3, you know exactly where to look.
3. Provide Context
- Mention relevant files (@filename.js in Cursor)
- Include complete error messages
- Use screenshots when helpful (models are multimodal)
4. Review ALL the Code
This goes against Karpathy's original philosophy, but it's essential for production:
- Run functional tests
- Check for structural issues
- Look for common vulnerabilities
5. Keep It Simple
Models like Claude 3.7 tend to do more than you ask. Add to your prompts:
- "Keep it simple"
- "Implement the simplest next step I can test"
- "Change this specific file only"
6. Document Your Prompts
Treat your prompt history as living documentation. If something works, save it in Notion or a doc for reuse.
The Impact on Juniors
There's a problem few want to discuss: 40%+ of juniors are deploying code they don't understand.
They call it "the 70% problem": a non-expert can complete 70% of the work with AI, but struggles with the remaining 30% (troubleshooting, edge cases, architecture).
Stack Overflow's concerning projection: in 2-3 years there will be more "vibe coders" who don't understand their code than experienced professionals.
My advice? If you're starting out, use Vibe Coding to accelerate, but always try to understand what the AI generates. That's the difference between learning and just copying.
Final Verdict
Vibe Coding is real, it's here to stay, and it will fundamentally change how we program. But it's not magic.
Works well for:
- Rapid prototypes
- Personal projects
- Boilerplate and repetitive code
- Learning new technologies
- API integration
Works poorly for:
- Production code without review
- Complex repositories you already know well
- Security-critical systems
- Replacing learning fundamentals
92% of developers using AI doesn't mean you should accept everything without review. It means you have one more tool in your arsenal. Use it wisely.
Frequently Asked Questions
Who invented the term Vibe Coding?
Andrej Karpathy, OpenAI co-founder and former Tesla AI director, coined the term in an X (Twitter) post in February 2025. He described a programming style where you "give in to the vibes" and trust AI without reviewing the code.
Which Vibe Coding tool is best for beginners?
GitHub Copilot is the most accessible option due to its VS Code integration and abundant documentation. Windsurf offers better value for money. Cursor is more powerful but has a steeper learning curve.
Is AI-generated code secure?
Not by default. Studies show 45% of generated code has vulnerabilities. It's essential to review code, especially for SQL injection, hardcoded credentials, and access controls before deploying to production.
Will Vibe Coding replace programmers?
Not in the near future. The METR study showed expert developers are slower with AI on complex projects. Vibe Coding is a tool that amplifies productivity, but requires human knowledge for verification, architecture, and edge cases.
How much does it cost to start with Vibe Coding?
You can start free with GitHub Copilot, Replit, or ChatGPT free tiers. Paid versions range from $10/month (Windsurf) to $39/month (Copilot Enterprise). For most individual developers, $10-20/month is sufficient.
