Does vibe coding have a place in the Enterprise?

Introduction

Imagine a world where you can create software simply by describing what you want in plain, Everyday Language. No need to write complex code or understand intricate programming languages. This is the promise of vibe coding, which utilises generative AI technology to transform the process of software creation fundamentally. Coined by Andrej Karpathy, vibe coding enables developers and non-developers alike to focus on the "vibe" and flow of their ideas. At the same time, the AI handles translating those ideas into functional code.

In this blog post, we'll explore the concept of vibe coding, its benefits and challenges, and how it might be safely applied in corporate enterprises. Whether you're a seasoned developer or someone curious about the latest tech trends, vibe coding is a topic you won't want to miss.

What is vibe coding?

Andrej Karpathy coined the term "vibe coding" in February 2025.

"There's a new kind of coding I call 'vibe coding', where you fully give in to the vibes, embrace exponentials, and forget that the code even exists…" Andrej Karpathy (@karpathy)

.

Vibe coding is entirely different to traditional programming, where developers (or non-developers) use natural language to describe the required functionality. This is fed into an AI (typically a Generative AI large language model), which generates the code automatically. Instead of hand-crafting each line of code, the developer (or even a non-developer) becomes an operator of sorts, refining and testing the AI’s output. If something doesn’t compile or work, the error message is sent directly back to the AI to fix.

The method emphasises a flow or “vibe” when working with code. This is an evolution of traditional AI-assisted programming, which involves reviewing, testing and understanding AI-generated code. Vibe coding deliberately abandons the comprehension requirement entirely.

Vibe coding represents a significant shift in software development. It has the potential to fundamentally change how software is built, who builds it and what skills matter in the tech industry.

My Experience

I have performed experiments using both the new GitHub Copilot Agent and the traditional GitHub Copilot to build a real-world solution. As someone who was initially reluctant to jump on the Gen AI train, I was initially extremely impressed with the capability and effectiveness of the tools. You can achieve impressive results quickly. It is also clear that the technology has undergone massive improvements in a very short time.

However, when vibe coding, you don’t care about the code that gets generated, which can result in some “interesting” code getting generated. Sometimes the code generated can be too complex, and it can code itself into a corner, resulting in a Pull Request that doesn’t even compile, and in which the AI itself can’t fix (it can only make it worse). This can be really fustrating when it happens, and is when a skilled human is required to step in and save the day.

You can easily obtain nonsensical results if your requests are too vague. It appears that the AI doesn’t yet possess all the critical thinking skills of an experienced software engineer.

You can influence the code generated by being very specific in your instructions. So, even in the new AI world, being able to understand a business problem and distill it down into precise requirements, in a way the AI can understand, is very much required when working with AI

The results also don’t necessarily meet any coding standards, security, privacy, audit, extensibility or other requirements your organisation or team might have. There are also risks that the generated code might be used elsewhere in open-source software, exposing you to potential legal issues.

However, with vibe-coding, you can develop a working product remarkably quickly. It’s almost addictive in that regard.

Conclusions

There are numerous industry reports of start-ups utilising vibe-coding methodologies to generate most of their codebases, resulting in tremendous productivity increases. It's hard not to be excited about the technology and not want to take advantage of it straight away.

I urge some degree of caution, though. Large corporate enterprises often have more constraints than start-ups. They are frequently regulated businesses that require absolute clarity on how automated processes (e.g., software) work and typically must demonstrate this through external audits. Being usually larger businesses, they also have a lot more to lose if things go wrong.

My own experience and academic research indicate that security vulnerabilities and technical debt resulting from the use of these vibe-coding approaches pose significant risks. For example, AI-generated code can contain security vulnerabilities, including SQL injection, cross-site scripting, and missing input validation—fundamental flaws that experienced developers typically avoid.

To illustrate this, I’ll quote a couple of snippets from a report from the Center for Security and Emerging Technology https://cset.georgetown.edu/wp-content/uploads/CSET-Cybersecurity-Risks-of-AI-Generated-Code.pdf:

"Previous research from both academia and within the AI industry has demonstrated that, out of the box, AI models occasionally-to-frequently generate code containing bugs or vulnerabilities."

It went on to say:

"Across all five models, approximately 48% of all generated code snippets were compilable but contained a bug that was flagged by ESBMC (“verification failed”), which we define as insecure code. Approximately 30% of all generated code snippets successfully compiled and passed ESBMC verification "

So, there are definitely some real risks involved here we need to be mindful of.

This may be a little controversial, but as things stand today, I believe vibe-coding may still have a place in the corporate enterprise. However, like anything, it needs to be used appropriately; staff must be adequately trained on both the benefits and drawbacks, and it’s essential to have the appropriate layers of governance in place.

Here are my thoughts on some specific areas where vibe coding may have a place in the enterprise:

• Use in controlled innovation settings, such as corporate hackathon events, which could massively increase the productivity of the participants and provide a bigger role for colleagues who are less technically skilled.
• Rapidly prototyping new features or solutions, working with product owners and business colleagues to understand and refine the requirements and the desired outcome before committing to the regular build cycle (whether that’s via agile or waterfall, etc). Potentially saving time and cost, and helping to deliver the feature more quickly.
• Personal Development – It could help developers stay updated on Gen AI's advancements and discover new problem-solving techniques. When reviewing the output, developers may encounter coding approaches they haven't used before, which could be helpful for them to understand and potentially incorporate into their day-to-day activities.

Like it or not, I believe Generative AI will continue to be an increasingly prominent presence in our day-to-day work. As with any new technology, there are significant opportunities and substantial risks associated with it. As IT professionals, we need to take a balanced approach to navigate these challenges thoughtfully and sensibly.