![\"Crazy](\"https:\/\/ceblog.s3.amazonaws.com\/wp-content\/uploads\/2026\/04\/29125112\/Dangers-of-Vibe-Coding_Image-1.png\")
<\/figure>\n\n\n\nTo better understand the risks, I interviewed three experts. I asked them about the underlying technology, what\u2019s at stake, and, crucially, how smaller businesses can protect themselves. <\/p>\n\n\n\n
What Is Vibe Coding? <\/h2>\n\n\n\n
The phrase \u201cvibe coding” comes from Andrej Karpathy, a highly regarded AI researcher and one of the co-founders of Anthropic (he\u2019s since left the company). He first used it in an X post<\/a>, where he described it as \u201cnot really coding.\u201d<\/p>\n\n\n\n Vibe coding works in much the same way as other forms of generative AI. The user enters a prompt into their chatbot of choice. The LLM then draws on its vast corpus of training material to generate a new codebase or modify an existing one. <\/p>\n\n\n\n Popular platforms like Claude Code (Anthropic) and Codex (OpenAI) package their genAI engines in a suite of developer and agentic tools. This allows them to do things like access files in a local environment, execute multi-stage workflows, and interact with third-party platforms like GitHub. <\/p>\n\n\n\n Here\u2019s a quick overview of how easily I (a non-developer) can create a website in minutes<\/em>. I simply open up Visual Studio, install the Claude Code extension, configure a CLAUDE.md file with my instructions, and ask for a website.<\/p>\n\n\n\n I can then check the output in my local environment, make changes as needed (Claude will modify the code directly), and upload the files to my chosen host. <\/p>\n\n\n\n There are more use cases than you can count. Personal websites, content management systems, data management systems, full-blown customer-facing apps\u2014the list goes on.<\/p>\n\n\n\n Short answer? A lot <\/em>of people are doing it. There\u2019s no sign of the trend slowing, either. <\/p>\n\n\n\n Jellyfish reported in AI Engineering Trends<\/em><\/a> that 67% of software engineers are using AI tools in some way. They also found that 14% of pull requests (proposed changes to existing codebases) were generated autonomously by AI agents. <\/p>\n\n\n\n In early 2025, Silicon Valley startup accelerator Y Combinator said that a quarter of apps in its winter cohort had codebases that were 95% AI-generated<\/a>. We\u2019re also seeing the emergence of a new role: the so-called vibe code cleanup specialist<\/a>.<\/p>\n\n\n\n What is especially interesting, however, is uptake among non-technological and low-dev-expertise businesses.<\/p>\n\n\n\n According to the2025 Empowering Small Business<\/em><\/a> report by the U.S. Chamber of Commerce, one in five small businesses use genAI coding tools. In addition, a survey by Pax8<\/a> found that 62% of SMB leaders believe AI adoption is essential for remaining competitive. <\/p>\n\n\n\n Small and medium businesses are using coding tools to ship features for in-house and external apps. Even more worryingly, this is happening in a context of hypercompetition and ongoing pressure to increase speed to deployment. <\/p>\n\n\n\n All of this makes it unsurprising that a smorgasbord of vulnerabilities has started to appear. In late 2025, Escape surveyed 5,600 publicly available apps<\/a> built with vibe-coding platforms. They uncovered over 2,000 vulnerabilities. In certain cases, highly sensitive data like medical records were exposed.<\/p>\n\n\n\n I took these concerns to three experts who work with advanced software on a daily basis. I asked them how much of a risk these tools present and what SMBs in particular need to do to avoid potentially serious problems. <\/p>\n\n\n\n Amy Gottler is an e-learning consultant who works on complex education systems. She is the founder of eLearning Academy<\/a> and holds a PhD in Technology Enhanced Learning. <\/p>\n\n\n\n When I spoke to Amy, she was keen to point out that she\u2019s not anti-AI. \u201cThey\u2019re absolutely amazing tools,\u201d she said. \u201cThe issue I\u2019ve observed, especially working with small teams, is that a lot of people don’t know what they don’t know.\u201d<\/p>\n\n\n\n She explained that serious risks emerge when small businesses start collecting data,<\/strong> especially if they\u2019ve gained confidence from using AI to help with tasks where there\u2019s limited scope for things to go wrong. <\/p>\n\n\n\n \u201cIf you’re a small business and you want to create a one-page website, you could do that in less than ten minutes. In this case, the risk is quite low. You put it in a prompt, and you’ve got your website.\u201d<\/p>\n\n\n\n Amy used the example of a hairdressing salon to illustrate the dangers that arise when somebody starts collecting and integrating data. \u201cThe next step for the business owner is to say, \u2018I used that brilliant AI tool to create a website so quickly. I’m not going to pay for an application to take bookings or reservations. I’ll just try to create one myself.\u2019\u201d<\/p>\n\n\n\n The hairdresser now builds a database. They can capture users’ names, email addresses, and potentially credit card information when they’re booking an appointment. \u201cIf you don’t know how programming works, you could, for example, be creating a database where passwords are stored in plain text<\/strong> without encryption, which means that hackers have a nice open door to all your customers’ data.\u201d<\/p>\n\n\n\n I also asked Amy about her direct experience working on learning management systems (LMS) through her consultancy business<\/a>. It\u2019s an interesting case because the in-house professionals responsible for managing these systems often have some <\/em>programming experience but lack highly specialized expertise. <\/p>\n\n\n\n \u201cI’m seeing that people will often have some familiarity with HTML, CSS, and JavaScript. They use AI tools to take their outputs to what they see as the next level, but they don\u2019t know how to run full tests. So they launch a new feature, and it causes issues. Over time, other things on the system stop working. This isn\u2019t as much of a risk as a direct data exploit, but it’s an annoyance because it means you have to troubleshoot what’s going on and find the rogue code.\u201d<\/p>\n\n\n\n The problem here is tech debt. A feature appears<\/em> to work when it\u2019s first implemented. But whoever is responsible for implementing it doesn\u2019t understand the broader context of the system. Because the new features aren’t fully supported, a simple update is enough to break existing dependencies or introduce a string of small security vulnerabilities. This creates a time and cost drain at a later stage when the problem needs to be fixed. <\/p>\n\n\n\n \u201cIn larger organizations, you have what I call semi-developers. These people are more involved in building frontend functionality, and they\u2019re the ones who are more likely to be a little bit more adventurous with vibe-coding tools. In attempting to make the system go further, they can unknowingly introduce security vulnerabilities, cross-stack compatibility issues, and hidden dependencies.\u201d<\/p>\n\n\n\n We finished by talking about another worrying trend that Amy has seen in her work: companies reducing tech budgets and replacing developers with AI. She argues that this impulse on the part of budget-strapped businesses needs to be treated with a great deal of caution. <\/p>\n\n\n\n \u201cI see some companies starting to say. \u2018We’re going to replace people with AI.\u2019 And with tight budgets, I can understand that line of thinking. But it\u2019s where mistakes start to happen. If companies are adopting these tools, there needs to be proper governance behind it. Not only do you need to vet the tools that are being used to make sure that they’re appropriate, they need to be set up properly,” she explained. \u201cSo if you’re giving your employees licenses to use them, it\u2019s important to ask if those licenses have been set up so there\u2019s no data sharing.\u201d <\/p>\n\n\n\n She finished by making the case for employee education, an area that is often deprioritized. \u201cI think there\u2019s also a user education element,\u201d she said. \u201cYou shouldn\u2019t blindly use these tools. I think this is everything in IT. Security training should be provided and enforced.\u201d<\/p>\n\n\n\n David Mytton is the CEO of Arcjet<\/a>, a security platform that provides real-time guardrails for AI apps. He is also conducting PhD research on sustainable computing at the University of Oxford. Console<\/a>, his weekly digest for experienced developers, goes out to more than 30K subscribers. <\/p>\n\n\n\n David began by describing how he thinks AI coding tools have altered the traditional development workflow. In his view, this change has led to greater speed and lower costs but has also created genuine security risks. <\/p>\n\n\n\n \u201cThere used to be three phases of development,\u201d he told me. \u201cThere was upfront planning, which happens before you write any code. There’s the middle implementation phase where you write the code. Finally, there’s the end phase for testing and making sure everything works before deployment. These three phases still exist, but the middle phase is no longer run by humans, or at least it won’t be in a very short period of time.\u201d<\/p>\n\n\n\n He explained how, in this new model, developers add value by reviewing the initial roadmap, coming up with ideas, refining the application with the coding agent, and then, at the end, verifying everything actually works. \u201cThe middle bit, the code bit, is where all the value was,\u201d David said. \u201cNow, instead of the human writing the code, AI is taking over. This delivers speed. It also makes code cheaper. You can generate lots of different ideas and throw things away that you don’t like or don’t work.\u201d<\/p>\n\n\n\n What\u2019s not to like? Fewer costs, less time to deployment, and plenty of space to try new prototypes. It all sounds perfect, at least until you acknowledge the lingering issue that you can’t fully trust AI. \u201cWhile AI is very good at coming up with coverage of all the different use cases and edge cases that you might have,\u201d he said, \u201cit’s going to make decisions that can open up security holes, either because things have been implemented in an insecure way or because known security issues aren\u2019t addressed.\u201d<\/p>\n\n\n\n This has added a new element, the testing of AI edge cases, to the final phase described above. And it\u2019s where an experienced developer is non-negotiable. \u201cThe problem is you don’t know about edge cases unless you’ve experienced them in the past or you have knowledge of this field<\/strong>. AI is going to introduce potential security vulnerabilities without anyone understanding.\u201d<\/p>\n\n\n\n David was careful to draw a distinction between vibe coding and true agentic engineering: \u201cAgentic engineering involves running the three phases of planning, implementation, and deployment after proper validation. Vibe coding is different in that you’re just prompting the AI to do things and, often, deploying to production without rigorous testing or any testing at all.\u201d<\/p>\n\n\n\n \u201cI think there’s more vibe coding than agentic engineering right now,” he went on to say, \u201cand I think that’s because of the kind of developers who are adopting these tools first. The more experienced engineers are skeptical. They’re adding AI to existing workflows, which maintains the three traditional phases. The less experienced engineers are going as fast as they possibly can, releasing things without thinking about it. That can<\/em> be an advantage in certain circumstances, but it has a lot of inherent risk. The fact that Anthropic and OpenAI have both recently released built-in security tools for their coding agents proves that this is a real problem.\u201d <\/p>\n\n\n\n One of the recurring themes of our conversation was the speed at which new code is being deployed. David has seen first-hand how velocity has increased. And it\u2019s something he suspects has spread to the enterprise sector, in significant part because of competitive tensions. Interestingly, he said that he has heard of developers being given a remit to work on projects using AI outside of organization guardrails. These so-called \u201ctiger teams\u201d have mandates to ship features as quickly as possible. <\/p>\n\n\n\n Why can\u2019t AI tools simply run their own security checks? I posed this question to David. He explained that there are three interlocking factors at play:<\/p>\n\n\n\n \u201cIf you think about all the code that exists, we already have security vulnerabilities,\u201d he explained. \u201cHumans haven\u2019t created perfect code. AI is trained on that imperfect body of work, which means it’s going to reimplement existing patterns of insecure code.\u201d<\/strong><\/p>\n\n\n\n The issue is further compounded by the fact that many of these security flaws aren\u2019t obvious. \u201cThere are lots of subtleties in how these protocols work. Basic issues are quite rare because it’s more the case that there are small flaws in the way something is implemented. This can result in a chain of multiple vulnerabilities that can be exploited to access a system. It’s very rare that there’s going to be one single issue like failing to implement authentication correctly. And you need to draw on different, nuanced approaches to identify subtle bugs. These are what AI struggles with.\u201d<\/p>\n\n\n\n David argues that the solution is a mix of expert human review and strict, automated guardrails, both of which are lacking in the industry. \u201cIt’s just no longer possible for humans to review every single line of code. Certain code will need review by humans in the most sensitive areas, things like payment flows, authentication, and other really critical parts of the application. But we also need to provide safe rails for people to implement common functionality.\u201d<\/p>\n\n\n\n This is the underlying philosophy of Arcjet. His company provides a series of building blocks that allow developers to bring common security functionality into their application without having to re-implement it from scratch. \u201cA simple example,” David says, \u201cis that we have bot detection that identifies automated scrapers and prevents issues like spam sign-ups and automated abuse of your application. We maintain multiple threat feeds with real-time data coming from multiple providers and visibility across thousands of applications deployed on the product. We have all sorts of heuristics that go into the detection of not just known threats but emerging threats that happen over very short periods of time.\u201d<\/p>\n\n\n\n This approach highlights the very real shortcomings of asking the tools themselves to take care of security. \u201cWe have to do an array of things behind the scenes to maintain a product. If you ask ChatGPT to stop bot signups, it will implement some very basic protections. But it’s not going to have the sophistication that we’re able to bring to the problem. And that’s just one area. There are many others like:<\/p>\n\n\n\n \u201cVibe-coders using AI to account for these risks will see a lot of incorrect and insecure implementations.\u201d<\/p>\n\n\n\n![\"Andrej](\"https:\/\/ceblog.s3.amazonaws.com\/wp-content\/uploads\/2026\/05\/29125225\/Dangers-of-Vibe-Coding_Andrej-Karpathy.png\")
<\/figure>\n\n\n\n![\"Claude](\"https:\/\/ceblog.s3.amazonaws.com\/wp-content\/uploads\/2026\/05\/29125259\/Dangers-of-Vibe-Coding_Claude.png\")
<\/figure>\n\n\n\n![\"Daniel](\"https:\/\/ceblog.s3.amazonaws.com\/wp-content\/uploads\/2026\/05\/29125337\/Dangers-of-Vibe-Coding_Daniel-Mowinski.png\")
<\/figure>\n\n\n\nHow Widespread Is Vibe Coding? <\/h2>\n\n\n\n
![\"LinkedIn](\"https:\/\/ceblog.s3.amazonaws.com\/wp-content\/uploads\/2026\/05\/29125509\/Dangers-of-Vibe-Coding_LinkedIn.png\")
<\/figure>\n\n\n\nAmy Gottler, PhD: Communication Is Essential for Filling Knowledge Gaps<\/h2>\n\n\n\n
![\"Amy](\"https:\/\/ceblog.s3.amazonaws.com\/wp-content\/uploads\/2026\/05\/29125602\/Dangers-of-Vibe-Coding_Image-2.png\")
<\/figure>\n\n\n\nData exploits are a real risk for small businesses<\/h3>\n\n\n\n
Why vibe coding creates unnecessary tech debt<\/h3>\n\n\n\n
Businesses need to be cautious about cutting budgets<\/h3>\n\n\n\n
David Mytton: Don\u2019t Confuse Vibe Coding With Serious Agentic Engineering <\/h2>\n\n\n\n
![\"David](\"https:\/\/ceblog.s3.amazonaws.com\/wp-content\/uploads\/2026\/05\/29125644\/Dangers-of-Vibe-Coding_Image-3.png\")
<\/figure>\n\n\n\nHow AI coding is consuming the middle \u201cimplementation phase\u201d<\/h3>\n\n\n\n
The difference between vibe coding and agentic engineering<\/h3>\n\n\n\n
AI tools can\u2019t build secure apps on their own<\/h3>\n\n\n\n
\n
\n
Matthew Rockwell: Vibe Coders Can\u2019t Find Subtle Vulnerabilities<\/h2>\n\n\n\n
![\"Matthew](\"https:\/\/ceblog.s3.amazonaws.com\/wp-content\/uploads\/2026\/05\/29125727\/Dangers-of-Vibe-Coding_Image-4.png\")
<\/figure>\n\n\n\n