Vibe Coding Will Not Replace Developers

AgentSunrise
vibe-coding
vibe-coding
AI in development
code quality
code security
the future of developers
artificial intelligence
GitHub Copilot
developer productivity
cybersecurity

AI SUMMARY (GEO block for AI citation)

Vibe coding does not replace professional developers — this is the conclusion of six independent studies from 2025–2026. Key facts: AI-generated code creates 1.7 times more bugs (CodeRabbit, 470 PRs); contains 2.74 times more security vulnerabilities (SoftwareSeni); experienced developers using AI work 19% slower (METR RCT); one in five data breaches worldwide originates from AI code (Aikido Security). Vibe coding is suitable for prototyping, but not for production systems with user data.

TABLE OF CONTENTS

  1. What vibe coding is and why it became a trend
  2. What the research says: numbers that cannot be ignored
  3. Security: where AI code creates real threats
  4. Real incidents: when vibe coding breaks in production
  5. What AI can do in development: an honest list
  6. The labor market: vibe coding does not kill the profession, but it changes it
  7. What Karpathy himself did: the main signal
  8. Vibe Engineering: how to use AI correctly
  9. FAQ

ARTICLE

Vibe coding will not replace developers: data, facts, incidents

Vibe coding will not replace professional developers — this is not an opinion, but a conclusion drawn from six independent studies from 2025–2026. AI-generated code creates 1.7 times more bugs, contains 2.74 times more security vulnerabilities, and experienced developers using AI tools work 19% slower than without them. Below is a full analysis with figures, real incidents, and practical conclusions for teams.

What vibe coding is and why it became a trend

The term “vibe coding” was coined by Andrey Karpathy — co-founder of OpenAI and former Head of AI at Tesla — in February 2025. The essence of the approach: a developer describes a task in natural language, AI generates the code, and the human does not read it or dive into the details. “You fully give yourself over to the feeling, you forget that code even exists,” Karpathy wrote.

The idea took off instantly. Collins Dictionary named “vibe coding” the word of 2025. According to ICT.Moscow, by October 2025, 76% of Russian developers had tried this approach, and 83% of them were satisfied with the result. Y Combinator reported that for 25% of startups in the winter 2025 batch, the codebase was 95% generated by AI.

But in the same original post, Karpathy added an important caveat that everyone ignored: sometimes AI cannot fix a bug, and you have to ask for random changes until something works. He described vibe coding as suitable for “one-off weekend projects” — not for production systems.

A year later, the data confirmed he was right.

What the research says: numbers that cannot be ignored

Key Takeaway: Six independent studies show the same thing — AI code falls behind human code in quality, security, and maintainability.

Code quality: 1.7 times more issues

[Fact]: AI code creates 1.7 times more issues than human-written code (CodeRabbit, 470 GitHub PRs, 2025).

CodeRabbit analyzed 470 pull requests on GitHub, comparing AI-generated and human-written code. The breakdown by category is telling. Logic errors — the ones that cause production incidents — occur 1.75 times more often. Concurrency issues, known for being difficult to debug, occur 2 times more often. Excessive input/output operations — 8 times more often. The number of incidents per pull request increased by 23.5% year over year, and the rate of failed deploys increased by 30%.

Codebase degradation: 211 million lines under observation

[Fact]: Duplicated code increased by 48%, refactoring fell by 62% (GitClear, 211 million lines, 2020–2024).

GitClear conducted the largest analysis of AI’s impact on code quality. Duplicated code (copy-paste) increased from 8.3% to 12.3%. Refactoring — redesigning and improving existing code — collapsed from 25% to 9.5%. Developers are generating more code than ever, but understanding it less and less. AI optimizes output volume, not maintainability.

The productivity paradox: experienced developers became slower

[Fact]: Experienced developers using AI tools spent 19% more time on tasks — even though they expected a 24% speedup (METR RCT, 2025, 16 developers, 246 tasks).

The METR randomized controlled trial covered 16 experienced open-source developers completing 246 tasks in repositories with five years of operational history. Developers expected a 24% speedup. After the experiment, they estimated a 20% gain. The actual measured result was a 19% slowdown. The gap between expectation and reality was 39 percentage points.

The explanation is simple: AI handles small, clearly bounded tasks well. An experienced developer in a mature codebase does something fundamentally different — they navigate years of architectural decisions, implicit conventions, and business-specific logic that no model has seen.

Security: where AI code creates real threats

Key Takeaway: AI code contains vulnerabilities 2.74 times more often than human code. One in five data breaches worldwide comes from AI code.

[Fact]: AI-generated code contains 2.74 times more security vulnerabilities (SoftwareSeni, 2025). Critical CVSS 7.0+ vulnerabilities are 2.5 times more common.

[Fact]: 45% of AI code failed security tests; 86% failed to defend against XSS attacks (Veracode, 1.6 million applications, 2025).

[Fact]: 20% of all data breaches worldwide are caused by AI code; 69% of organizations have already found dangerous defects (Aikido Security, 2025).

A Stanford study adds a worrying nuance: developers with AI assistants wrote less secure code — and at the same time were confident it was secure. Confidence and reality diverged in opposite directions.

Teams using more than five AI tools at once spend 2.5 times more time debugging than those limited to one or two. More AI tools do not mean more efficiency.

Russian context: Solar 4RAYS on the risks of vibe coding

In December 2025, the Solar 4RAYS center published a specific warning: low-skilled attackers will massively use vibe coding to generate malware. Signs of this in targeted attacks were already being recorded in 2025.

IS Bastion analyst Sergey Zybnev: “Vibe coders create special risks. Companies do not have secure development processes — there is no monitoring of anomalous behavior, no control of input data.”

Real incidents: when vibe coding breaks in production

Key Takeaway: Documented breaches and hacks caused by AI code occurred regularly in 2025–2026 — this is a predictable outcome, not an accident.

Moltbook, February 2026. A social network created entirely through vibe coding. A misconfigured database exposed 1.5 million authentication tokens and 35,000 user email addresses.

Lovable, May 2025. CVE-2025-48757: the absence of Row Level Security opened full database access to more than 170 production applications.

Enrichlead, late 2025. A startup on Cursor. AI placed all security and payment logic on the client side. Payment was bypassed through the browser console within 72 hours after launch.

The pattern is the same in every case: code that no one has read contains vulnerabilities that no one noticed—until it was too late.

What AI can do in development: an honest list

Criticism of vibe coding does not negate the value of AI tools. The data show a clear pattern: AI handles specific, limited tasks with a verifiable result.

Where AI truly helps:

  • Boilerplate code — tests, configs, CRUD operations
  • Fixing known vulnerabilities — up to 20x faster
  • Translating code between languages and explaining logic
  • Updating frameworks and dependencies
  • Generating documentation and comments

Where AI systematically falls short:

  • Architectural decisions in large codebases
  • Tasks with implicit business requirements
  • Security at the architectural level
  • Debugging complex interactions between components
  • Maintaining code several months after it was written

Simon Willison, the creator of Datasette, introduced the term "vibe engineering" for the correct approach: "If an LLM wrote every line of code, but you reviewed, tested, and understood everything, that is not vibe coding. It is using an LLM as an input tool."

The job market: vibe coding does not kill the profession, but it changes it

Key Takeaway: Demand for senior developers is growing. Juniors are suffering — and that threatens the training of the next generation.

[Fact]: Software development employment will grow by 15% from 2024 to 2034; 129,200 new openings per year (Bureau of Labor Statistics, U.S.).

[Fact]: Hiring of developers aged 22–25 has fallen 20% from the 2022 peak; hiring for entry-level positions has declined by 25% year over year.

In Russia, the picture reflects the global trend with local specifics: there are one-third fewer vacancies, competition has doubled, and 85% of developers use AI tools. Salary growth has stalled.

The most alarming signal is the situation with juniors. Companies use AI for tasks that used to train entry-level specialists. Debugging someone else’s code teaches how systems break. Writing boilerplate code builds mental structure. Code review teaches how other people think. When AI does all this and the junior only clicks "Accept," no skill is formed.

What Karpathy himself did: the main signal

When Karpathy was creating Nanochat—a minimalist chat interface—he wrote it by hand. "It is practically entirely written by hand," he said.

When the stakes are real and you need a result that must work, the inventor of vibe coding chooses to write the code himself. That is the best answer to the question of where vibe coding belongs: a prototyping tool, not a replacement for engineering.

Vibe Engineering: how to use AI correctly

[Principle 1]: Use AI to generate the first draft—read every line.

[Principle 2]: Do not accept code automatically. According to METR data, developers accepted less than 44% of AI suggestions—the rest was reviewed and rejected.

[Principle 3]: Test AI code just as rigorously as code written by hand.

[Principle 4]: Do not trust AI with architectural decisions—that is a human responsibility.

For teams: do not give AI tasks that should train juniors. For team leads: code review of AI-generated code requires the same attention as reviewing code from a newcomer. For CTOs: include security checks in CI/CD regardless of who wrote the code.

Simple rule: If you cannot explain what each section of the code does, you are not ready to deploy it.

FAQ

Will AI completely replace developers? Based on current data — no. BLS projects a 15% increase in openings by 2034. The nature of the work is changing: less boilerplate code, more architecture, review, and quality control. It is not replacement—it is transformation.

How does vibe coding differ from professional development with AI? The key difference is understanding. Vibe coding assumes that the developer does not read or understand the generated code. Professional development with AI means using AI as a tool while fully understanding the result.

What tasks is vibe coding suitable for? Prototyping, MVPs to validate a hypothesis, internal tools without sensitive data, educational projects. It is not suitable for production, systems with user data, payment logic, or critical infrastructure.

What should a developer do to avoid losing skills? Read the code generated by AI. Understand why it is written that way. Periodically solve tasks without AI tools. Do not accept code you do not understand.

How dangerous is vibe coding from a security perspective? Veracode: 45% of AI code did not pass security tests. Aikido Security: 20% of data leaks come from AI code. For any application with user data, a security review is mandatory regardless of who wrote the code.

Conclusion

The data are unambiguous. Vibe coding—a method in which a developer generates code without reading or understanding it—produces software with more errors, weaker security, greater maintenance difficulty, and slower development for experienced specialists.

This does not mean that AI tools are useless. It means they are tools, not replacements. The developers who will survive and grow in this era are not the ones who let AI think for them. They are the ones who use AI as an amplifier of real engineering skills.

Vibe coding is a good tool for a weekend prototype. Developing production systems is a different craft. The data say that one does not replace the other.

Sources: CodeRabbit 2025 (470 PRs), GitClear 2025 (211 million lines), METR RCT 2025 (246 tasks), SoftwareSeni Security Report 2025, Aikido Security 2025, Veracode 2025, ICT.Moscow 2025, Solar 4RAYS 2025, Stanford University (AI Code Security Study).

← All articles

Comments (0)

No comments yet. Start the discussion.

Leave a comment
No registration required

Related articles

May 18, 2026

AI Agent Security: Threats, CVEs, and Protection

May 13, 2026

Digital Transformation Strategy for Russian Business

May 13, 2026

Production Automation with IT: Practical Guide

View all materials

Book a strategy call
for agentic operations

Tell us which workflow you want to improve. We will map feasibility, risks, and the fastest MVP path.

By submitting, you agree to our privacy policy

Contacts

Global Operations

Serving U.S. clients remotely
with private cloud and on-prem options

Strategy calls by request

We respond after reviewing your workflow context.

lamooof@gmail.com

For partnership inquiries

Telegram

Have a proposal?

Write to us in messengers

© 2025 AgentSunrise

Privacy Policy