Software development is undergoing a seismic shift as vibe coding turns plain English into functional applications in seconds.<\/p>\n
The era of painstakingly translating business requirements into rigid syntax is giving way to a more conversational approach. Coined by AI researcher Andrej Karpathy in early 2025, the term \u201cvibe coding\u201d describes a workflow where the developer\u2019s primary role shifts from writing line-by-line code to guiding autonomous AI agents.\u00a0<\/p>\n
As Karpathy famously shared on X<\/a>, it is a process where you \u201cfully give in to the vibes, embrace exponentials, and forget that the code even exists.\u201d<\/p>\n Vibe coding operates through a tight, conversational feedback loop. Rather than starting with a technical specification, a creator begins with a high-level intent<\/a>.<\/p>\n A user describes a goal, and the AI interprets the request and produces initial code. The user then executes the code, observes the result, and provides feedback to fix errors or add features. This code-first, refine-later mindset allows for rapid prototyping, as it aligns with agile principles and cyclical feedback loops.<\/p>\n There are different vibe coding techniques, including:<\/p>\n Pure vibe coding: <\/strong>Fully trusting the AI\u2019s output and moving fast without reading diffs. Best for throwaway weekend projects, rapid ideation, and quick prototypes where speed beats perfection.<\/p>\n Responsible AI-assisted development:<\/strong> AI acts as a pair programmer. You guide, the AI writes, but you review, test, and understand every chunk before shipping. The professional standard for production work.<\/p>\n Vibe coding is not a single prompt and done. It\u2019s a repeating cycle. Master this loop, and you master the workflow.<\/p>\n Describe:<\/strong> What you want, in plain language<\/p>\n Generate: <\/strong>AI drafts the code<\/p>\n Run:<\/strong> Execute it, see what happens<\/p>\n Refine:<\/strong> Feed back errors, add instructions<\/p>\n Repeat: <\/strong>Until it works the way you want<\/p>\n Code-level workflow<\/strong>App lifecycle<\/strong>Describe the goal<\/strong><\/p>\n Plain language. \u201cCreate a Python function that reads a CSV file and returns all email addresses.\u201dIdeation<\/strong><\/p>\n Describe your entire app concept in a single high-level prompt. Tools like Firebase Studio or AI Studio generate a full starting skeleton.AI generates code<\/strong><\/p>\n The assistant produces a first draft. Treat it as a starting point, not a finished product.Generation<\/strong><\/p>\n AI produces the initial app: UI, backend logic, file structure, the whole thing at once.Execute and observe<\/strong><\/p>\n Run it in a real environment. Do not proceed until it actually runs without immediately crashing.Iterative refinement<\/strong><\/p>\n Test, add features, and change things with follow-up prompts. \u201cMake the background dark gray and the button neon green.\u201dProvide feedback<\/strong><\/p>\n \u201cThat works, but add error handling for when the file is not found.\u201d Paste the exact error message back in.Expert review<\/strong><\/p>\n A human (or AI code reviewer) checks for security gaps, logic errors, missing edge cases, and bad dependencies.Repeat until done<\/strong><\/p>\n Ship when all three parties are happy: you, the AI, and your code reviewer (human or AI).Deploy<\/strong><\/p>\n One click or one prompt ships to a live environment. \u201cVibe deploying\u201d removes the DevOps bottleneck entirely.<\/p>\n A prompt is not a wish. It\u2019s a spec. The more specific, constrained, and example-rich it is, the better the output will be. Vague goals lead to generic, incorrect, or incomplete code.<\/p>\n Layer 1 (Technical context):<\/strong> State the language, framework, version, and coding standards upfront. \u201cUse Python 3.11 with FastAPI. Follow PEP 8 standards. No external libraries unless absolutely necessary.\u201d<\/p>\n Layer 2 (Functional requirements): <\/strong>Describe what the user should be able to do, in bullet form. \u201cAllow CRUD on to-do items. Each item has a title, description, and due date. Validate all inputs.\u201d<\/p>\n Layer 3 (Edge cases and integrations):<\/strong> Name external services and ask \u201cwhat could go wrong?\u201d explicitly. \u201cHandle network failures gracefully. What if the file doesn\u2019t exist? What if the API returns a 500?\u201d<\/p>\n Be specific<\/strong> about languages and frameworks.<\/strong> \u201cJavaScript with React\u201d beats \u201cJavaScript.\u201d<\/p>\n Supply example<\/strong> inputs and outputs.<\/strong> Show the AI what your data looks like before asking it to process it.<\/p>\n Break large tasks into smaller steps<\/strong>. One task per prompt beats one giant prompt per app.<\/p>\n Give agents one task at a time.<\/strong> AI context windows are finite; don\u2019t overflow them.<\/p>\n Ask for explanations.<\/strong> Request a plain-language summary of how the generated code works.<\/p>\n Define a persona. <\/strong>\u201cAct as a senior Python engineer and follow best practices.\u201d<\/p>\n Ask for self-review.<\/strong> \u201cIdentify any potential bugs or security issues before I run this.\u201d<\/p>\n Use checkpoints. <\/strong>Save stable versions regularly so you can roll back without crying.<\/p>\n Tools fall into two categories: vibe coding apps that handle everything end-to-end (hosting, database, deployment), and AI coding agents<\/a> that give you more control but expect you to manage infrastructure. Start with apps. Graduate to agents when you need power.<\/p>\n Tools<\/strong>Description<\/strong>Replit<\/strong><\/a>The most complete all-in-one: editor, database, hosting, deployment, and collaboration. 50+ languages. Browser-native, install nothing. Considered the #1 vibe coding platform by many.Lovable<\/strong>Visual editing: Click on any element to modify it. Native Supabase integration. Multiple building modes. Best for non-technical founders who want something that looks and feels great, fast.Base44<\/strong>Now owned by Wix. Fastest path from description to working app with the fewest steps possible. Known for clean UI, strong data persistence, and secure workflows.v0 by Vercel<\/strong>Made by the team behind Next.js. High-quality code output, Git integration with branching and PRs. Ideal for hosting that scales from prototype to production.Bolt.new<\/strong>Full dev environment in the browser. Full-stack app generation with Figma import. Speed and transparency, you can look under the hood whenever you want.Figma Make<\/strong>Turns Figma designs into working apps. Lives inside Figma. Designers go from mockup to functional prototype without leaving their tool.<\/p>\n Tools<\/strong>Description<\/strong>Claude Code<\/strong><\/a>Terminal-based agent with a 1M token context window. Exceptional reasoning and code quality. The current gold standard for complex, multi-file projects.Cursor<\/strong><\/a>AI-first IDE that excels at complex, codebase-wide changes. Deep integration with your existing project. Best for developers who want precise control.GitHub Copilot<\/strong><\/a>The original AI coding assistant. Deepest GitHub integration. Free tier. Agent Mode for autonomous tasks. Easiest entry point for developers already in the GitHub ecosystem.<\/p>\n Vibe coding and traditional coding are not competing philosophies; they\u2019re complementary tools. Use vibe coding to build fast and explore; use traditional practices to harden, optimize, and maintain what\u2019s worth keeping.<\/p>\n Aspect<\/strong>Traditional Coding<\/strong>Vibe Coding<\/strong>Primary input<\/strong>Precise code, syntax, punctuationNatural language prompts and feedbackDeveloper role<\/strong>Architect, implementer, debuggerPrompter, guide, tester, refinerCoding expertise<\/strong>High \u2014 knowledge of languages requiredLower \u2014 focus on desired functionalitySpeed<\/strong>Slower, methodical, deliberateFast, especially for prototypingError handling<\/strong>Manual debugging via code comprehensionConversational feedback and iterationCode maintainability<\/strong>High if built well; relies on developer\u2019s skillDepends heavily on AI output quality and reviewPlanning style<\/strong>Requirements defined upfront; architecture firstRequirements emerge during coding; plan in markdownHow they combine<\/strong>Applied after vibe coding to harden and scaleUsed to quickly bootstrap and test ideasBest use<\/strong>Production systems, complex architecturesPrototyping, exploration, early-stage builds<\/p>\n Prototyping:<\/strong> Validate an idea before investing in architecture or optimization.<\/p>\n Throwaway weekend projects<\/strong>: Speed over structure, get something working fast.<\/p>\n Learning new frameworks:<\/strong> Ask the AI to generate examples, explain patterns, and compare approaches.<\/p>\n Boilerplate generation:<\/strong> Scaffolding, config files, and repetitive components.<\/p>\n Small automation scripts:<\/strong> One-off data processing or workflow helpers.<\/p>\n Documentation writing:<\/strong> Feed working code back to the AI; ask it to write the README.<\/p>\n Solo projects: <\/strong>Where you own the whole context and can stay on top of the code.<\/p>\n Large, interconnected codebases:<\/strong> Context windows fill up. Changes in File A silently break File Z.<\/p>\n Complex stateful systems:<\/strong> Long-lived interactions and multi-path data flows confuse the AI.<\/p>\n Security-critical applications:<\/strong> Payment processors, medical databases, auth systems always need expert review.<\/p>\n Performance-sensitive work:<\/strong> AI prioritizes readability over raw hardware optimization.<\/p>\n Team-based development:<\/strong> Multiple people vibe coding without shared standards creates chaos.<\/p>\n Production infrastructure: <\/strong>DevOps, Kubernetes configs, network security do not vibe code this.<\/p>\n You hit a bug. The AI says it fixed it. It\u2019s not fixed. You try again. Same result. You\u2019ve entered the doom loop where the agent keeps breaking things trying to fix things. This is how projects die.<\/p>\n Unclear requirements:<\/strong> You weren\u2019t specific about what you wanted. The AI made assumptions. You changed your mind. The code now reflects all those twists.<\/p>\n Layer mismatch:<\/strong> Software has several layers: Data, Controller, and View. The AI updated one but forgot to update the others. They\u2019re now out of sync.<\/p>\n Context rot:<\/strong> Long conversations degrade the quality of AI output. The agent is following patterns from old, stale parts of the conversation.<\/p>\n Before writing a line of code, iterate on a plan in markdown. Work through the details in plain text, not in code. Use a second plan-reviewer AI to check for blind spots, then fix the plan before implementing anything.<\/p>\n Start new conversations often, avoid context rot<\/p>\n Ask a second agent to research common mistakes first<\/p>\n Question every suggestion; ask the AI to justify choices<\/p>\n Once code is written, don\u2019t just test it yourself. Have an AI code reviewer independently scan the output. It looks for bugs, duplicate code, security gaps, missing tests, and over-engineering.<\/p>\n The reviewer reports; it does not fix<\/p>\n You decide what to act on, then fix with the coding agent<\/p>\n Only ship when all three parties agree: you, agent, reviewer<\/p>\n When you\u2019re already in the Doom Loop, stop letting the agent keep trying. Start a fresh conversation. Describe the bug specifically and ask it to evaluate and report back, but don\u2019t fix it yet. Only when you\u2019ve confirmed that the bug has been discovered should you allow the vibe coding to write your code.<\/p>\n Do these things<\/strong>Never do these things<\/strong>Run the code yourself every time. Don\u2019t trust it just because it looks right.Blind copy-paste of fixes. AI suggestions can be incomplete, outdated, or mismatched to your environment.Paste the exact error message back into the AI, including the full stack trace.Letting the agent keep re-trying the same bug. That\u2019s the doom loop. Stop. Reset. Diagnose fresh.Ask for an explanation before a fix. \u201cExplain what\u2019s causing this error in plain language,\u201d before \u201cnow fix it.\u201dMoving on before the base code runs. If it crashes immediately, fix it before building on top of it.Use logs and print statements. Understand what the program is actually doing, not what you think it\u2019s doing.Accepting \u201cit might be an edge case.\u201d AI often skips edge cases: blank forms, no internet, negative numbers, and missing files.Treat every fix as a hypothesis. Apply it, test it, confirm it solves the root cause.<\/p>\n The democratization of coding has come with a high cost to privacy. A recent investigation<\/a> by cybersecurity firm Red Access found that roughly 380,000 publicly accessible assets were created using vibe coding tools, and approximately 5,000 of those apps leaked sensitive information.<\/p>\n The exposed data included medical records, financial documents, and internal business schedules. Red Access CEO Dor Zvi warned that many non-technical users are publishing internal tools without realizing they are accessible to the entire internet.<\/p>\n This shadow AI problem highlights a critical gap: while AI can write code, it often forgets to hash passwords, manage role-based access, or sanitize inputs. Industry experts now emphasize that human oversight remains non-negotiable.\u00a0<\/p>\n \u2610 Never hardcode secrets in code. Use .env files and environment variables.<\/p>\n \u2610 Validate and sanitize all user inputs, and enforce type checking.<\/p>\n \u2610 Use secure authentication: OAuth2, JWT. Never roll your own.<\/p>\n \u2610 Configure CORS and HTTPS correctly before going live.<\/p>\n \u2610 Run static and dynamic security scans before deploying.<\/p>\n \u2610 Audit dependencies, pin versions, and avoid untrusted packages.<\/p>\n \u2610 Configure access controls. Assume your app will be public-facing.<\/p>\n \u2610 Human code review on every significant chunk. Treat AI output like a third-party contribution.<\/p>\n Before you start any vibe coding session<\/strong><\/p>\n \u2610 Write a plan in markdown. Iterate the plan before you touch code.<\/p>\n \u2610 Start a fresh conversation. Reset the context window.<\/p>\n \u2610 Break your first goal into the smallest possible chunk.<\/p>\n \u2610 Define your tech stack upfront in every prompt.<\/p>\n Before you ship anything<\/strong><\/p>\n \u2610 Run the code yourself and verify output against expected behavior.<\/p>\n \u2610 Have an AI code reviewer scan independently for security and bugs.<\/p>\n \u2610 Check: are any secrets hardcoded? Are inputs validated?<\/p>\n \u2610 Make sure the app isn\u2019t accidentally public if it shouldn\u2019t be.<\/p>\n Always remember<\/strong><\/p>\n \u2610 AI-generated code can look correct and still be logically wrong.<\/p>\n \u2610 Testing is non-negotiable. Every single time.<\/p>\n \u2610Context windows fill up. Organize your files. Start fresh often.<\/p>\n \u2610 The faster you go without planning, the slower you\u2019ll go later.<\/p>\n Also read: Our <\/strong>prompt engineering cheat sheet<\/strong><\/a> explains practical frameworks for writing clearer, more useful AI prompts.\u00a0<\/strong><\/p>\n The post Vibe Coding Cheat Sheet: Tools, Prompts, Security Tips, and More<\/a> appeared first on eWEEK<\/a>.<\/p>","protected":false},"excerpt":{"rendered":" Software development is undergoing a seismic shift as vibe coding turns plain English into functional applications in seconds. The era of painstakingly translating business requirements into rigid syntax is giving way to a more conversational approach. Coined by AI researcher Andrej Karpathy in early 2025, the term \u201cvibe coding\u201d describes a workflow where the developer\u2019s […]<\/p>\n","protected":false},"author":0,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2],"tags":[],"class_list":["post-8073","post","type-post","status-publish","format-standard","hentry","category-news"],"_links":{"self":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts\/8073"}],"collection":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"replies":[{"embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=8073"}],"version-history":[{"count":0,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts\/8073\/revisions"}],"wp:attachment":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=8073"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=8073"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=8073"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}The core loop<\/h2>\n
Writing prompts that work<\/h2>\n
The 3-layer prompt structure<\/h3>\n
Vibe coding prompt best practices<\/h3>\n
The tools landscape<\/h2>\n
Best vibe coding apps (All-in-one)<\/h2>\n
AI coding agents (More control)<\/h2>\n
Vibe coding vs. traditional coding<\/h2>\n
When it works and when it breaks<\/h2>\n
Vibe coding works well for:<\/h3>\n
Vibe coding breaks down for:<\/h3>\n
Avoiding the doom loop<\/h2>\n
Why it happens<\/h3>\n
The two cycles that prevent it<\/h3>\n
Plan > review > fix<\/h4>\n
Implement > review > fix<\/h4>\n
Debugging like a pro<\/h2>\n
Security and ethical risks<\/h2>\n
Security checklist for AI-generated code<\/h2>\n
Quick reference checklist<\/h2>\n