T
traeai
Sign in
返回首页
Martin Fowler

Bliki: Vibe Coding

8.2Score

TL;DR · AI Summary

Vibe coding builds software applications by completely ignoring the code generated by LLMs, only developing through prompts and feedback, but poses risks in maintainability, correctness, and security. This technique suits non-programmers creating disposable applications but is unsuitable for production environments.

Key Takeaways

  • Vibe coding refers to building software by prompting LLMs without viewing the ge
  • The technique was proposed by Andrej Karpathy in February 2025, suitable for dis
  • It carries risks including security vulnerabilities, poor code quality, and non-

Outline

Jump quickly between sections.

  1. §Vibe Coding Definition

    Vibe coding is a technique of building software applications by prompting LLMs without viewing the generated code, suitable for non-programmers but with maintainability issues.

  2. ·Concept Origin

    Andrej Karpathy first introduced vibe coding concept in February 2025, describing development approach that completely relies on LLMs while ignoring code existence.

  3. ·Difference from Agentic Programming

    Vibe coding differs from agentic programming as the former completely ignores code while the latter still reviews and pays attention to code structure.

  4. ·Use Cases

    Vibe coding suits non-programmers building applications for personal use or experienced programmers rapidly developing disposable software prototypes.

  5. ·Security Risks

    Vibe coding produced software has serious security risks, potentially exposing sensitive information and credentials, threatening organizational systems.

  6. ·Quality Limitations

    Due to lack of code attention, vibe coding produces large amounts of low-quality code that is difficult to modify and enhance.

Mindmap

See how the topics connect at a glance.

查看大纲文本(无障碍 / 无 JS 友好)
  • Vibe Coding
    • 定义与特征
      • 不查看代码
      • 依赖LLM提示
    • 风险与限制
      • 安全漏洞
      • 代码质量差
      • 非确定性错误
    • 应用场景
      • 一次性项目
      • 原型开发

Highlights

Key sentences worth saving and sharing.

  • Vibe coding is building a software application by prompting an LLM, telling it what to build, trying it out, prompting for changes - but without looking at any of the code that the LLM generates.
    ⬇︎ 下载 PNG𝕏 分享到 X
  • The key point about vibe coding is 'forget that the code even exists'. This is what gives it much of its usefulness, but also its limitations.
    ⬇︎ 下载 PNG𝕏 分享到 X
  • Perhaps the most serious risk is that of security. LLMs are inherently vulnerable as they provide a large attack surface for predators.
    ⬇︎ 下载 PNG𝕏 分享到 X
  • LLMs are famous for habit of hallucinating incorrect facts and presenting these with great confidence. This habit also leads them to create software that behaves incorrectly.
    ⬇︎ 下载 PNG𝕏 分享到 X
#Vibe Coding#LLM#Software Development#Security
Open original article

Vibe coding is building a software application by prompting an LLM, telling it what to build, trying it out, prompting for changes - but without looking at any of the code that the LLM generates. This technique can be used by people without any knowledge of programming. However the resulting software often shows problems with maintainability, correctness, and security - so is best used for disposable software written for a limited audience.

The term was coined in February 2025 by Andrej Karpathy, an experienced programmer, in a post on X:

There's a new kind of coding I call “vibe coding”, where you fully give in to the vibes, embrace exponentials, and forget that the code even exists. It's possible because the LLMs (e.g. Cursor Composer w Sonnet) are getting too good. Also I just talk to Composer with SuperWhisper so I barely even touch the keyboard. I ask for the dumbest things like “decrease the padding on the sidebar by half” because I'm too lazy to find it. I “Accept All” always, I don't read the diffs anymore. When I get error messages I just copy paste them in with no comment, usually that fixes it. The code grows beyond my usual comprehension, I'd have to really read through it for a while. Sometimes the LLMs can't fix a bug so I just work around it or ask for random changes until it goes away. It's not too bad for throwaway weekend projects, but still quite amusing. I'm building a project or webapp, but it's not really coding - I just see stuff, say stuff, run stuff, and copy paste stuff, and it mostly works.

-- Andrej Karpathy

The key point about vibe coding is “forget that the code even exists”. This is what gives it much of its usefulness, but also its limitations.

Since the November Inflection many programmers are getting LLMs to write all their code, commenting that they may never write a line of code directly again. However they do care about this code, reviewing it, paying attention to its internal structure. In that case, they aren't forgetting the code exists, so it's really a different thing that I call Agentic Programming. Sadly the term “vibe coding” really caught on, so many people use it to mean agentic programming. However I feel that despite this rapid Semantic Diffusion, it's worth trying to keep the concepts of vibe coding and agentic programming separate, as they are both different to use and different in their consequences.

Because a vibe coder doesn't look at the code, they don't need programming skills, so it's perfect for someone with no programming knowledge to build applications for their own use. Experienced programmers may also find it handy for rapid development of disposable software or prototypes.

Vibe coding is still new, so we are exploring its limitations, and those limitations change as the sophistication of models and their harnesses change. These limitations do introduce considerable risks, particularly if the vibed software is used widely or has access to sensitive information.

Perhaps the most serious risk is that of security. LLMs are inherently vulnerable as they provide a large attack surface for predators. Vibe coded applications can often expose sensitive information or worse, credentials to attack deeper into an organization's systems. Even non-programmers need to be aware of the Lethal Trifecta.

With little attention to the code, vibed software can rapidly produce many lines of code of a very low quality. Such code makes it difficult, even for an LLM, to modify and enhance the software in the future. While it's possible that growing LLM capabilities will allow it to work with even the largest bowls of spaghetti software, thus far it seems clear that well-structured software makes life easier for LLMs too.

LLMs are famous for habit of hallucinating incorrect facts and presenting these with great confidence. This habit also leads them to create software that behaves incorrectly - and those errors may not be manifest to the user. Furthermore the non-determinism of LLMs means that it's likely that asking an LLM to enhance some software could easily lead it to introduce errors, even in parts of the code that shouldn't change due to the new request. We should thus treat LLM-generated software with skepticism, it can still be useful, but we need to be aware of the risks.

On the whole vibe coding software is best used for disposable software that's only used by its author or a close group of collaborators who understand and accept the risks involved. Code that is more complex, more widely-used, and with more consequences to its risks should not be forgotten about.

AI may generate inaccurate information. Please verify important content.