What to check when someone’s vibe coding

“Vibe coding” refers to a software-development approach that requires no coding expertise—just an idea for an end product, an AI-powered chat platform, and some natural-language prompts. In theory, the code produced from those prompts results in an application, even if it’s an app that has the occasional unexpected database change.

While that sounds like a quick and easy way for virtually anyone to spin up an app or service, there’s one big reason not to try vibe coding in the enterprise, thinks Simon Ritter, deputy CTO at Azul Systems.

It can be embodied by the following phrase:

The chicken is ready to eat.

Is the aforementioned bird hungry, or is it ready to be eaten? To Ritter, the ambiguity demonstrates how well-meaning prompts can be misunderstood and lead to unsatisfactory LLM outputs.

The verb “to run” alone, he adds, has 645 meanings. That’s a problem when you want to prompt a model to run something exact.

“If you’re trying to describe in a precise way what you want the application to do, it can be very, very difficult,” Ritter told IT Brew. “And that’s the whole reason that we have programming languages, because we’ve tried to raise the level of abstraction away from the machine into something which is more human-readable but still unambiguous.”

Even if Ritter is out on vibe coding, many are in. While Ritter said vibe coding hasn’t reached production platforms, pros like Steve Bennett, director of cloud-native applications at Soliant Consulting, have used the method regularly. He and Ritter shared strategies, such as familiar code-review processes, to limit the bad vibes for IT pros trying to use AI to code.

Bolt of inspiration. Bennett and his team have been employing StackBlitz’s Bolt.new tool—a browser-based utility that uses natural-language prompts to build web apps.

A Bolt-developed application, as is, does not go right to a production environment, Bennett said.

The Soliant director employs the vibe-based output as a prototype for customer-portal and back-end business applications, which his team can then code-review and sample.

An example prompt, he said, might be, “I’m looking to build an inventory application”; he’ll specify three or four features, the desired language (maybe React TypeScript), and core libraries. Bennett said he adds functionality through multiple, concise prompts, once the app is up and running.

“It really reduces that feedback life cycle to be able to get something back in front of our clients faces quickly,” Bennett told us.

The vibe options. Ritter sees AI coding as a spectrum; there are prompt-to-full app capabilities (via tools like Bolt.new and Lovable), and there are “lower end of the spectrum” functions like code-autocomplete capabilities, which can make educated guesses at entire lines of code via the programmer’s integrated developer environment (IDE). In the middle of the spectrum, he sees prompt-based tools helpfully creating specific components rather than entire apps.

“It’s almost along the same lines as [how] we always use libraries, because we don’t want to reinvent the wheel,” Ritter said.

Vibe check. Recent reports revealed vibe coding has led to “rogue” database deletions, admissions from the LLM of “catastrophic” failure, and perhaps an emerging profession: the vibe-code fixer.

When Bennett builds an app, he looks for:

• Bloat. If an app is 400 lines long, perhaps he’ll prompt to optimize the code and make components into sub-components.
• Bad packages. Popular npm packages totaling “more than 2 billion downloads per week”, for example, had malicious code, according to a September reports.
• Secrets. If using a third-party API, make sure the key isn’t placed in the code, Bennett recommended.
• Data sanitization. Ensure there are validators—Bennett uses Zod—for any form inputs.
• Mobile readiness. Bennett said he has had to nudge the LLM with an additional prompt to change formats like tables into phone-ready “cards.”
• Code review. A human team member inspects any code before it’s merged.

Stack Overflow’s annual survey, released in July and based on data from more than 49,000 respondents, revealed that just 12% are vibe coding—72% said “no,” and 5% said, “no, emphatically.” Almost half (46%) of software developers distrust AI-tool accuracy either somewhat or highly, more than the one-third who trust it.

Bennett sees linguistic ambiguity as a minor hurdle; if the code doesn’t look right to him, he reiterates his original prompt. (“It’s much easier to send a correction to a vibe-coding agent than it is to a design team and wait on that feedback life cycle,” he said.)

Ritter sees Bennett’s approach working, as long as each iteration is done quickly, “But how many iterations you have to go through before you actually get the result that you want?”

Let’s hope the number’s not something like 645.