Ever since OpenAI cofounder Andrej Karpathy posted on X about vibe coding, the topic has sparked many discussions about whether letting AI take over coding is a good idea. It certainly has potential, but is vibe coding ready for the enterprise?
Before we can unpack its feasibility for the enterprise, let’s first understand vibe coding. It uses AI to generate code based on the user’s desired application as opposed to manual coding. Essentially, tell AI what you want the app to do and voila, it’s ready in seconds.
In some ways, it’s like conversational coding or having a coding concierge that attends to an individual’s needs. You can imagine the benefits of allowing business users to whip up forms or a quick app without having to go through IT. Or a developer using it for rapid prototyping. While some may believe vibe coding is a fad, others point to its long-term viability based on the increasing popularity of LLM-powered coding tools such as Cursor, Windsurf and Replit.
It is natural to assume that with vibe coding, the code would be reviewed to avoid any mistakes or unleash potential issues. True vibe coders argue that rigorous review goes against the idea of using AI to generate code. This explains why so many have already relegated vibe coding to low-risk projects. There is a need for traditional AI-assisted coding and an emerging opportunity for vibe coding to coexist.
Risks of Vibe Coding
When AI is infused into coding, there are always risks of quality and reliability. True vibe coders that come across bugs in the code say you can just keep telling AI to fix it until it’s right. This is risky, especially when a business user is doing the vibe coding to build a quick fix app that has the potential to touch critical systems. They may not know what they don’t know about unleashing faulty AI-driven code into the enterprise, exposing critical business data to attacks.
For instance, an AI tool might recommend a deceptively legitimate but harmful third-party package like “xyz” – a practice known as slopsquatting, which poses security risks to systems and data. When the AI requests this xyz package, it gets automatically installed. Because vibe coding operates differently from AI-assisted development, such malicious packages bypass security checks and could cause significant damage within the organization.
Vibe coding and its feasibility for the enterprise
In the Karpathy vibe coding tweet that launched a thousand discussions, he also wrote that, “It’s not too bad for throwaway weekend projects, but still quite amusing. I’m building a project or webapp, but it’s not really coding – I just see stuff, say stuff, run stuff, and copy-paste stuff, and it mostly works.”
But what if vibe coding can go beyond the throwaway project and make its way into the enterprise? There is potential for business users to apply the principle of vibe coding to quickly stand up low-risk apps that streamline or replace outdated processes.
For example, on a construction job site, a site supervisor could create an app via natural language to replace paper sign-in forms. They could tell the AI-powered vibe coding tool to check a worker’s identification with certifications to ensure everybody on the job site complies. Part of the instructions can include sending an alert to the project manager if a worker’s certification is going to expire in a few months. This allows the project team to document that safety standards are being met and get ahead of any potential project delays or compliance fines.
For this to be effective requires strong AI governance on an AI-powered operations platform that centralizes critical project information. When a company has data such as worker information, compliance requirements, and certifications located in a variety of formats and apps managed by various lines of business, it creates information silos.
As a result, the process of gathering data for a big picture view of the project’s status can take an inordinate amount of time. A recent productivity survey by Quickbase found that 59% workers were spending 11 hours a week or more chasing information from different people and systems. Along with taking up more than one full week per month, the number of workers impacted is up from 48% in 2024. This wasted time, a.k.a. Gray Work, has consistently been a drain on the enterprise as more silos are created throughout the company.
Vibe coding has the potential to boost productivity for business users, but only if the information is centralized and supported by the proper governance tools. This lowers the risk of slopsquatting and many other security issues while improving the quality of the generated solution.
