We all cognize coder are usingAI toolsto supplement their work , but there ’s a new tendency in town taking things to the next level . The terminal figure “ vibration secret writing ” was coined by OpenAI co - founder Andrej Karpathy just last month , but what get down as a randomX posthas cursorily spiral into a whole unexampled community of interests .
What Karpathy describes in his post is creating package without spell any codification — all he does is direct command prompt describing what he wants to his AI tool and take all of the output it generates . He even use adictation toolto avoid using his keyboard . Sounds crazy , right ? That ’s because it is .
What exactly is vibe coding?
MostAI razz toolsright now do three thing :
They ’re design to avail people who know how to encipher — with some also focusing on discipline and Education Department . Even Cursor , one of the chief tools people are using to vibe code decently now , is really designed for developers . It ’s meant to speed up dim-witted processes for hoi polloi who would have been coding whether the prick exist or not .
Take this random feature article explanation from the Cursor website , for example : “ Cursor lets you write code using instructions . Update integral classes or functions with a simple prompt . ” surely , the purpose of the feature is to salve you from write code manually — but you still want to know what things like classes and functions are to make good use of it .
Vibe coding ( or what vibe tantalise is quickly becoming ) is a trend where multitude take these tool and seek to make something with as little as zero software package development knowledge — simply delineate in rude linguistic communication the results they desire to see as an end user .
Why is vibe coding problematic for your users?
When a completely non - technical somebody open up up Cursor and starts vibe ride , the result will be moderately different from when someone like Andrej Karpathy vibration code . Where Karpathy might ask Cursor to “ sire some code that hash and salts countersign for substance abuser authentication , ” a non - technical vibration software engineer might say “ Hey Cursor , make a secure database to store my passwords . ”
sure as shooting , they used the word “ secure ” — but that ’s exactly the kind of detail an LLM might randomly ignore . Alternatively , its approximation of “ secure ” might not be up to commercial-grade software measure , or it might contribute surety measures in some places and not others . There ’s another problem with this phrasing , too — the “ store my passwords ” part . It ’s fairly normal to think of passwords as being “ stored ” somewhere but if you know what password salt and hashing are , you bed that users ’ passwords technically are n’t stored anywhere .
Instead , the salt and the hash value of the concatenate table salt and password are stored — and despite all of the screwball terms in that time , it ’s not an overly complex construct . However , it is something you ’d never know unless you purposefully went out and learned about it . And if you do n’t cognize it , you ca n’t ask for it .
So , instead , you ’ve requested a inviolable database — but which version of the LLM genie will you get ? The one that take your prompt literally and store the passwords as is in a random little database ? Or the one that consider what you actually want to reach and comes up with a right authentication process for you ?
I think the most exact reply is that sometimes you ’ll get the base - spirited genie , sometimes you ’ll get the kind one , and a lot of the clip , you ’ll get something in between — with no real rime or ground to it . It could do 100 % of the job , it could do 90 % , it could do 5 % . With a prompting that dim , anything could occur , and the job is — a non - technological vibe programmer has no manner of understanding the event or make up one’s mind how adept it is .
You ca n’t even save proper tests to find out what ’s going on if you do n’t know what security measures you necessitate , what you ended up with , what they should achieve , or what success and unsuccessful person might look like .
After all , take speculative , broken , or zero security measures go through in your software wo n’t make it give way . It could still appear like it ’s doing everything correctly on the user end — but behind closed doors , your users ’ sensitive info ( personal data , payment information , usage history ) will be completely unprotected and quick for bad player to slip . And that ’s bad for you as well as your client — security rift do nothing but stress , scandal , and financial exit for product owners .
When Karpathy distinguish his vibration rag experiment he said the code he and Cursor produce “ mostly operate , ” and I ’m not here to claim that “ mostly work ” is unaccepted . There are always quick fixes , hacky resolution , bugs , and all sorts of problems hidden in every computer code base for every ware . With the sizing and complexness of computer software these days , it ’s plainly ineluctable .
But if you desire to release your project to the populace and saddle people money to use it — you have a obligation to make it as dependable as you’re able to . Leaving sore information unprotected is n’t okay — and assuming it ’s protected without properly confirming is n’t okay either .
If you need a substantial - life warning tale — @leojr94on X has everything you need . Here is his story distill into three X posts :
Why is vibe coding problematic for you?
Software is expensive . Even if you cut all of the development costs through vibe coding , you still have to pay to store your datum , send it around between you and your exploiter , and interact with other service through APIs .
The services you use for this , such as AWS , are usually pay - as - you - go , meaning you only pay for exactly what you postulate . That ’s great , right ? Sure . But when you ’re not in control of the software you ’re developing , you ’re not in control of the datum usage either . Your code , generated in random chunks and spliced together , is likely to be extremely inefficient . Just a few naughtily designed lines could farm 3x , 5x , or even 10x more data than you actually need — and station that unnecessary data back and forth between you and your users will cost you band of excess money . The most explosive way this can go wrong is in reality when matter go right .
Imagine you have a few users , you have some bills coming in , growth is irksome but regular , and you could handle with it . But one day you arouse up and your social media cognitive content has gone viral , driving K of the great unwashed to your software system merchandise . This would be great , except for the fact that your AWS bill is now huge and you notice that your electronic internet traffic cost per user are in reality higher than the subscription cost they ’re paying you .
What’s the solution?
At this point , some people would commence suggesting more products . political program designed for vibration coders and “ non - techies ” that provide users with extra support for security , servers , and other backend stuff and nonsense . Some people might also say that with a few tweaks , vibe coding could be just the thing software growth needs to become democratized and block being exclusionary .
I have a different sentiment — it ’s already democratize and it ’s already inclusionary ( though I do n’t recollect that ’s a word ) . Anyone anywhere can discover about electronic computer science , coding , computer programming , or computer software maturation as long as they have a computer and an internet connectedness — and that ’s precisely what people do . immense numbers of coder are self - teach and they probably always will be . You have everything you need , which conduct me to the “ harsh true statement ” of the place : if you desire to make software , then tough luck — you need to learn how to do it .
If you have an idea , you either put in the effort to learn how to build up it or you put in the cause to incur partners and investor who can serve bring it to life story . There ’s no grifty , zero - endeavor option where you magically finish up with a working intersection in a negligible amount of time and have no mate you need to share the gain with . That ’s not how the world works , and it ’s not how it should work , either .
If you want to speak another speech , you need to read it . If you want to act guitar , you need to learn how . And if you want to make software package — you ask to see how to make software package . If the DIY path vocalise unspoiled to you , then groovy news — anyone with the means to sit and vibe code using free or pay software also has the means to sit and study programming using free or yield courseware . Maybe you could even use AI tools to hie things up .
And I ’m not kidding when I say anyone can do it — computer programing is actually so heavy on inclusion that there ’s even a “ type of programing ” available for just about everyone . for certain , not every person will become a software architect at a top society — but some hoi polloi will learn enough to make games in C++ , others will learn enough to make apps with Python , and even if you resolve that cod is n’t really your affair , you ’ll probably still be able to make websites with HTML . Whether you ’re a professional sketch bug or you ’ve never take in your life , and whether you ’re a math champion or you ’re terrible with routine — you will be able to make something .
How long will vibe coding stick around?
Now , it ’s impossible to lie with what Karpathy intended to achieve by running this fiddling experiment or carry it online . To me , the X post reads like this : “ Man , this AI stuff is get crazy . I can make tons of intentionally high-risk decisiveness , postulate for intentionally dumb things , and somehow I terminate up with something that still kind of works . ”
Other people seem to have interpreted it more like “ Wow , you could make software even if you do n’t interpret how to cipher . ” Nope . Big nope . You ca n’t do that . You might think the barrier between you and the app you want to make is that cryptical bunk software engineer sit down and type all day — that you ca n’t make anything because you do n’t know how to typecode .
But that ’s not it . you may start to empathise all that stuff after just a smattering of hour study it . It ’s just terminology , just the method acting of communication between you and the information processing system , and it chum up in grandness liken to the actual data you need to pass on . If your goal in life is to have a abstruse and soundly expert conversation with a Spanish data-based physicist in their native language — you wo n’t achieve it just by learning Spanish .
design software , understanding algorithmic program , do datum , meeting protection standards , building for musical scale , optimizing , and debug — these are the skills that build up software package . So it does n’t matter if Cursor lets you avoid typing code , you still ca n’t make a right app if you do n’t know anything about apps .
I do n’t really recognise how big vibe cryptography will get or how long it will last , but I definitely do n’t intend it ’s worth it for a non - technical mortal to seek and vibe code a product . I also do n’t think trying a vibe - cipher product is deserving the peril for consumers — there ’s no way to fuck if your passwords and payment information are safe . If you see a new severally developed product you ’re interested in — view bump out who made it and how it was made before you give them money .
