A few months ago, I wanted to create a small interactive quiz to accompany a session I was running. Something people could use live to test their understanding of different AI models.

In the olden days (by which I mean 2024), this would have meant a developer, a specification document, a few rounds of feedback, several weeks, and a bill that would have been wildly disproportionate to the task.

In February 2026, I built it in 15 minutes, and only because I did it the hard way:

First, I asked Perplexity to help me write a detailed prompt. I pasted that prompt into Claude. Claude generated the code. I hit a wall getting it to run locally (Claude and Perplexity were both gaslighting me, insisting my HTML file wasn’t an HTML file). So I abandoned both of them and pasted the prompt into Base44, a vibe coding platform. By the time I’d finished creating an account, the app was sitting there waiting for me. I pressed publish (you can check it out here). Done.

That is vibe coding. You describe what you want in plain language. AI writes the code. You get a working thing.

It is genuinely impressive. And it is genuinely dangerous. Both of those statements are true at the same time, and most of what you’re reading about vibe coding only picks one.

What actually is vibe coding?

The term was coined by Andrej Karpathy, co-founder of OpenAI and former head of AI at Tesla, in February 2025. He described it as giving in to the vibes, forgetting the code even exists, and just accepting the output produced by the AI. Then Collins Dictionary named it Word of the Year for 2025.

And if you’re just getting into vibe coding now, you’re too late. Because in February 2026, exactly one year later, Karpathy declared vibe coding passé. He proposed (by which I mean said and then everyone took notes so now it is) a new term: agentic engineering. His argument was that the practice had matured beyond casual experimentation into something more structured, with human oversight and architectural thinking at the centre.

The man who invented the concept moved on from it within twelve months. That should tell you something about the speed of this space.

How big is vibe coding, really?

Among developers: it’s big.

85% of developers regularly use AI tools for coding and software design. 41% of all code written globally is now AI-generated or AI-assisted (JetBrains). Google says over 30% of its new code is AI-generated.

But developers do not trust AI to write their code. Only 29% of developers trust the accuracy of AI-generated code. 46% actively distrust it. And positive sentiment towards AI tools has dropped from over 70% to 60% in a single year. And 72% of professional developers say vibe coding is not part of their professional workflow. Developers use AI to assist them. They do not hand it the keys.

Among non-developers: it’s also big but different

Among non-developers, the picture is very different. 75% of Replit’s users have apparently never written code. They describe what they want and the platform builds it. Lovable went from launch to $206 million in annual recurring revenue in under a year. Base44 grew to 250,000 users in six months before being acquired by Wix for $80 million.

These are the stats that should concern us as leaders. The people building software with AI at speed are overwhelmingly not the people who understand its limitations. Developers use these tools cautiously and check the output. Non-developers use them confidently and ship.

Can you actually make money from vibe coding?

Yes. Some people are.

A former Pinterest account manager called Paulius Masalskas, who is not a developer, vibe coded a creator search tool on his commute. He made $30,000 and left his job. A 22-year-old college dropout called Evan built an AI illustration generator with 8,000 users and $1,700 a month in recurring revenue. A wedding venue owner built a planning app with her daughter over a single afternoon, and it is already helping her business.

But look at what these stories have in common. None of these people succeeded because they could suddenly write code. They succeeded because they already understood their market, their audience, or their problem deeply. The vibe coding removed one barrier to execution. It did not remove the need for business sense. It did not remove the need to understand your customer. It did not replace strategy.

The pattern is consistent. The people making vibe coding work are the ones who already knew what to build and who to build it for. The AI handled the how. The human handled everything else.

If you’re finding this useful, tap the ❤️ so I know it’s landing.

So what is going wrong with vibe coding?

A lot.

Moltbook, the social network for AI agents that launched in February 2026, was supposedly built without a human writing a single line of code. Impossible to verify, but it caused a huge publicity spike. Elon Musk praised it. Then security researchers at Wiz found that the database storing users' login credentials and email addresses had no access controls at all. 1.5 million sets of login credentials and 35,000 email addresses were visible to anyone who looked. Nobody hacked it. The door was simply never locked.

Remember Base44, the platform I used for my quiz? Wiz also found a critical authentication vulnerability in Base44 that allowed anyone to bypass all security controls and access private enterprise applications built on the platform. The vulnerability was, they said, remarkably simple to exploit.

Lovable, another popular vibe coding platform, has been used by cybercriminals to create tens of thousands of phishing sites, crypto scams, and malware distribution pages. Security firm Proofpoint has been tracking the abuse since early 2025.

And then there is the vibe-coded ransomware. A ransomware strain called Sicarii appeared in early 2026, built using AI coding tools by someone who clearly did not understand what they were building. The decryption process does not work. Even if a victim pays, their data stays locked. The attacker cannot fix it because they do not understand the code they generated.

These are the predictable result of treating “it works” as the finish line.

Does vibe coding actually make people faster?

This is where it gets really interesting for us as leaders.

In mid-2025, a nonprofit research organisation called METR ran a rigorous randomised controlled trial. They took 16 experienced open-source developers, gave them 246 real tasks from their own repositories (projects they had worked on for an average of five years), and randomly assigned each task to allow or disallow AI tools.

Before the study, the developers predicted AI would make them 24% faster.

After the study, the developers believed AI had made them 20% faster.

What actually happened: they were 19% slower.

Experienced developers, using frontier AI tools, on codebases they knew intimately, were measurably slower with AI. And they did not notice. They came away from the experience genuinely believing they had been more productive.

The researchers found that the more familiar a developer was with their codebase, the less AI helped. Screen recordings showed more idle time during AI-assisted work. Developers spent significant time reviewing and cleaning up generated code. And they kept reaching for AI even when it was slowing them down, because they believed it was helping.

This is a self-awareness problem. And it applies far beyond developers.

What should leaders actually do about this?

Vibe coding has made it dramatically easier to build something. It has not made it any easier to build the right thing. And it has not made it any safer.

The technical barrier to creating software has been lowered significantly. But it was never the only barrier. Knowing what to build, whether to build it, who it is for, whether it is secure, whether it solves a real problem: those are leadership questions. They always were. And vibe coding has not touched any of them.

Here is what I would recommend.

1. Find out if it is already happening in your business. It probably is. Any employee with access to an AI tool can now build a functioning internal application in an afternoon. Are they doing so? On what infrastructure? With whose data? With what security review? Shadow AI is not a theoretical risk. It is a governance gap that is growing by the week.

2. Stop treating “it works” as the finish line. Every major vibe coding disaster has happened in the gap between a working prototype and a production-ready tool. If your business is using vibe-coded tools, even for internal purposes, someone who knows what they are doing needs to be reviewing security, data handling, and access control. AI-generated code optimises for functionality. It does not optimise for safety.

3. Understand this yourself. Not because you need to become a developer. Because you need the judgement to evaluate what your team is building, what your competitors are doing with it, and whether the software you are paying for could be replaced or needs to be protected. That judgement does not come from reading about vibe coding. It comes from developing genuine AI fluency (you can do this by signing up for my new CPD-certified course: AI Fluency for Leaders. 3 hours, delivered monthly).

Vibe coding winners and losers

Vibe coding is real. The opportunity is real. The risks are equally real.

The people succeeding with it are the ones who already had domain expertise, business sense, and a clear understanding of their market. The AI gave them a new way to execute. It did not give them strategy.

The people getting burned are the ones who assumed that because it was easy to build, it was safe to ship. That assumption has already cost millions of records, millions of dollars, and a growing number of reputations.

And the most revealing finding of all is that even professional developers cannot accurately tell whether AI is making them faster or slower. If experts in their own field are that susceptible to misjudging AI’s impact, the rest of us need to be even more deliberate about how we evaluate it.

The technical barrier to building software has dropped. The judgement required to build it well has not dropped at all. If anything, it has gone up.

That is a leadership problem. And it is yours to solve.

One of the pillars of AI fluency is keeping up with this sort of stuff - what’s going on in the wider world of AI: capital flows, investment, major wins, mortifying fails. I run a monthly session called the Insider’s AI Briefing. 30 minutes covering the top 30 AI stories from the last 30 days. Live. Free. Book to attend the next session here.