For those of you who disagree with disallowing posts like these, let me clarify. It's permissible to discuss common pitfalls to avoid when vibe coding. In fact, that kind of educational content would be the very most useful thing that more experienced developers could offer the less technical vibe coders in this community.
Instead, this post makes the following mistakes:
* Leading with sarcasm ("The end of programmers !")
* Not offering any proof that this error was caused by vibe coding. Maybe it was just a shitty dev.
* Offering zero attempt to help vibe coders avoid this issue.
Here's what that could have looked like, if the OP had intention to contribute this community, rather than just critique the mere premise of vibe coding.
"[Screenshot]
Hey vibe coders, make sure that you don't leak state unnecessarily to your front-end.
This screenshot shows a frontend application making a network request that returns more data than the UI needs, including sensitive user records (emails, names, etc.). Anyone opening DevTools can see it.
To be clear, this isn't a “vibe coding problem.”
It's a data-exposure problem caused by unclear boundaries around state and access."
Instead, what OP did was find a screenshot of a software bug, assume it was caused by "those damned vibe coding kids" and then ran here to roast vibe coding as a practice, without offering anything of use.
Listen, if you don't think vibe coding is possible to do without producing critical security issues, or that all vibe coders are stupid, that's fine. Just don't waste our time hanging out here. Take it somewhere else.
This is the mod standing up for vibe coders who are trying to learn, and showing the gate keeping pessimists (who all low-key seem worried about their careers) the door.
Lead engineer, since I started vibe coding my time coding has not been fun or as productive. More effort goes into keeping AI on course than it would take for me to think through the problem and execute.
I feel like I'm supposed to vibe code so I can teach others because I'm making ai powered apps and have become influential around ai in my org but I feel rather strongly that coding is a weak point.
it is! And the funny thing is the people in charge think vibecode is a magical button that magically build app, so they let a lot of high level devs go and keep the cheaper interns/juniors. Needless to say it is stressful for me to fix their shits. Now I am actually spend more time coding than before.
A couple things, if using CC you have to turn on think mode, make it default. #2 you have to do better context engineering. Right now I am doing the dev-docs work flow, you can find it on CC. Essentially, a coder rebuilt a legacy 300k app from scratch over 6 months and built out a system.
You can't get away from needing to guide it or just having to step in and fix it, but if you are not having fun or being productive, you are doing something very wrong. I have been coding for over 17 years, and it eliminates so much busy work.
Yeah people are shocked they got laid off but somehow you got way into your career and never progressed past a basic level of dev skill. Becoming an expert in most languages only takes a few years if you are trying, imo. The job isnt to write code its to use software to solve problems
I never said I'm a expert, and I'm no dev now, more senior management / leadership. Point stands coding Is not why software engineering are paid 6 figure, it's the thinking and problem-solvingem skills.
But aren't you contradicting yourself when you draw causation of devs being fired to "they never progressed past a basic level of dev skills" when that's most definitely what regular use of an LLM will ensure.
Doesn’t relate to what they’re saying. They’re saying that creating a software product (literally just the part the technical people do, not including advertising or anything) is only 10% programming. The rest (90%) is other stuff such as software engineering,
It’s even less for me. I fix broken code and bugs. I have billed over 30 hours to write only 2 lines of code. It took me 29.5 hours to figure out where and what.
Yeah, but programming isn't about money..otherwise FOSS wouldn't be born. I still see many programmers who write code out of interest rather than money.
Why do vibe coders conflate ideas, execution, and earnings?
Do you think software engineers are responsible for everything? Have you ever worked for a tech company before, because it really doesn't seem like it. 100% of any job, is 100% of that job. They don't borrow or share the same 100% with other parts of the company. SO a software enginner is 100% responsible for software. Marketing is 100% responsible for marketing. Sales, etc. A functioning company knows how this allocation works, you don't.
I can tell you have never worked in engineering or studied computer science, you sir are lacking knowledge. I like your ambitious fortitude but please try and understand you are out of your league
There are some basic principles to adhere to and red lines you shouldn't cross. Vibe coders should stick to front end applications that don't collect personal data. If you must collect information, use secure solutions. Never code them from the ground up with an AI. Front end and back end should remain separate.
I would say, whether a vibe coder or a programmer is likely to make such an error is entirely a function of their respective "experience level". In the future, it is possible that a sufficiently well pretrained vibe-coder might be more robust than an intermediate developer.
The biggest security issues with vibecoding aren't technical vulnerabilities or bugs, but logical flaws. The guardrails will eventually catch up to the former, but can never fully protect against the latter.
Even in this example, how was the AI to know that the author didn't want the list available publicly? There will be some use cases where that may be exactly what the author intended.
Makes it also more secure for non vibe coders. You know the saying "You don't have to outrun the bear, you just have to outrun your friends" and well with vibe coders we got the fat guy to tag along.
Hackers are going to be so distracted taking all these vibe apps apart
Most vibe coders have little to no awareness of the security vulnerabilities they introduce, often prioritizing speed and aesthetics over safe, robust engineering. As a result, they unknowingly create serious security gaps that can easily be exploited.
You can hire a developer to audit the code for you before releasing to the public, which would be much more affordable and fast than having a developer build the whole thing.
As a first pass, it's always a good idea to use a powerful frontier model like claude opus or gemini 3 run an audit, but they're not in a place where you can fully trust they will catch everything.
Security is HARD. I worked as an engineer at a security startup that went on to be acquired, and I know first hand that it can trip up even big companies. Learning more is always great, and AI can help teach you too. I can tell you without a doubt a lot of people here dunking on this kind of thing don't actually know how to make a secure web service (this is an egregious and obvious problem but so many subtle ones exist and it's a cat and mouse game that's very very hard to win.) Remember that there are laws and regulations that you have to adhere to in many places, so beyond caring about your users if you care about yourself it's a good idea to take it seriously. Stay humble, keep learning, fix mistakes quickly, notify users if you discover a potential issue.
Security is hard, performance is hard, scalability is hard, availability is hard, data correctness is hard, architecture is hard. Programming is hard.
I was tasked with auditing someone else's code from a security perspective once. Our client paid some cheap contractors to create a backend app and they paid us $100k to quickly review it to make sure they didn't screw up authentication and authorization. We spent about a week reviewing the code and generating beautiful reports. The client was happy but I facepalmed so many times my face hurt.
Don't hire someone else to audit your code - it's a waste of time and money. We didn't have enough context nor access to anything the app had to communicate with in order to make a proper review. We made a lot of assumptions and guesses. If I was that client I would've been better off saving that $100k. Instead, hire someone to continuously support it for at least a few months so they could get all of the needed context and see the system actually running in a real environment.
Just hire developers to do what they're trained for - software development.
My post was before yours so not directed at you but saying “learn” is kiiiiinda gatekeeping because you’re not saying a single thing about what to learn. This is a vibecoding subreddit I can’t figure out why the, um, vibe is so openly hostile to people asking genuine questions.
I’m not part of this thread, but I’ll explain why “learn” can sound like gatekeeping without actually being it.
The issue is that in cases like this, “what to learn” isn’t a tool or a trick you can list in a comment. It’s years of fundamentals, practice, mistakes, and understanding why things break. In my case, that meant 4 years of computer engineering plus 5+ years of professional experience. You can’t honestly compress that into a Reddit reply.
Saying “learn” here isn’t about excluding people, it’s about being realistic. You need experience to know what to do, and gaining that experience is learning and applying. There’s no shortcut.
Don’t use AI to code for you if you don’t intend to become a skilled developer that understands what the AI is doing for you.
Actually letting it code for you can be a learning experience. Let another new chat (essentially a different person in AI world) with the same AI (or better yet a totally separate one) explain you exactly what the code is doing and where. And let them help guide you through the development landscape. While learning, develop your own opinions on how to develop. Every tool has it’s use. Vibe coding is great for rapid prototyping!
It's an insane amount to cover in a reddit comment.
I think a lot of it is understanding what's going on under the hood. Like in this example, if they just looked at what the API endpoint was actually doing it wouldn't have happened. Honestly though, I bet they just didn't care.
A massive thing - again around stuff like this - is writing automated tests. They can also be vibe coded. You can use them to ensure your API work as you expect, certain areas are secure with the correct permissions, etc. E.g. you know user A shouldn't be able to access user B's profile, so you write a test for it, asserting a 403 response.
Then there's loads of stuff that has nothing to do with coding, like how you setup your server. How you store secrets. Hashing passwords.
I'd add: libraries help! Laravel for example enforces a lot of security out of the box.
Just ask an AI to be your security specialist. And let him tell you everything that is wrong with your code. Don’t tell him it’s your code however just ask him to help find as much issues as possible for a client (in their code). Then ask it to fix all the issues.
Even better ask another AI, to fix the issues found by the second one. Let the second review all the changes made by the third one. This is almost like managing people. Except you have to be even more careful to not yet own bias be taken as fact by the (sycophant) AI’s.
Also you should be mindfull of the secrets lying around for agent AI’s to get their hands on (and by extension their corporate owners). This could very well screw you later on. Even though I have no proven examples of this it seems kinda obvious. Even banks tell you not to share your password with them.
A new chat window with the same AI (brand) can be viewed as a new AI here (assuming you don’t pass on too much original context). And it is key to get the right roles clear to the AI in each separate chat.
Every chat will (at least in theory) strife for the best results given the initial task and context.
The mistake made it to production though, if nobody is peer reviewing commits and whatever gets generated is just being taken as correct aslong as it compiles then what mistakes is there to learn from?
Ah because non vibe coders do as well, thats why even before "vibe coding" became a thing, "expert software engineers" always delivered perfect secure apps. There isn't much difference between human slop and AI slop.
Without vibe coding you probably wouldn't ship such a secure application at all. But with vibe coding anyone can and will ship as much half-baked apps as possible
That's not completely true. If you vibe code without any form of QA< code review, unit tests, security tests, and without understanding anything of what happens in your code, so yes, that's concerning.
This is not different from giving people design tools, and expecting them to design functional UI. You need knowledge and understanding.
The vantage of vibe coding is that you can setup a series of processes in place that can help you break down the steps and tackle each of the points to check.
I totally understand the concern from a dev point of view, where everything can be coded and magically have their ideas into real products, but vibe coding is way far from there, but in the right hands, this can be a powerful tool.
The only people who downplay "vibecoders" are insecure devs who know they will get replaced pretty quickly. The aggressivity just proves it. Historically this has always happened. Like there isn't much difference between vibe coder and junior dev, there just isn't. With time vibe coders will just get better, LLMs will get better. As you said this is a powerful tool, that should be used not neglected.
Funny how this thread is full of devs coping about vibe coding while I'm sitting here with a fully secured app built entirely through AI. OWASP Top 10 -> done. Auth + ownership on every endpoint. Rate limiting. Security headers. File validation. Audit logs. 85 tests. Zero critical vulnerabilities. "Vibe coders can't learn from mistakes”… I used a security framework and verified every fix. What's your excuse for the CVEs shipping at actual companies with "real developers"? The waitlist leak in OP is a skill issue, not a tool issue. Some of you just want this to fail so you feel less replaceable. It's obvious.
I do code with AI but my code is not messy code, and I test it for long. It's actually better than the agency code. But no code is perfect including cooperates.
vibe coders aren’t the ones ending programmers, vibe coders are additions to the coding realm. The threat is the use of AI by companies. Companies that have 500 software engineers, won’t need that much headcount at one point, and they will cut it in half, that’s the threat
>Companies that have 500 software engineers, won’t need that much headcount at one point, and they will cut it in half, that’s the threat
As a someone who has worked companies with 500 and even 5000+ software engineers, we have years' worth of backlog. Even if we doubled our productivity, we'd still be stretched relatively thin.
billions upon billions of dollars are burning as we speak. all to buy graphics cards that become outdated in a year to create models using 60 year old concepts that become outdated in a week to produce 99% garbage.
vibecodeing is the biggest bullshit of this decade. Sure you can build apps to show your friends and mum but thats it. If you want to have a job or build a business vibecoding sucks ass
To build a software business, coding skills aren't enough, you need innovation to beat competitors. Previously, visionaries who couldn't code were stuck, but now they can bring their imagination to life. Also, most hired developers work for a salary, not passion. I'm building my own vision, and while hiring a dev team would cost a fortune, I can do it myself for a fraction of the cost.
What's the boundary of vibe coding ... where the person uses an LLM to write the code but they still follow software engineering best practices (don't write the lines)? I personally still call this voting and feels just like it does when I'm an engineering manager that honestly feels the exact same way I review the code I'm opinionated on patterns I make sure the best practices are followed but I'm not writing a single line of code. What are y'all calling that?
"Vibe Coding" is the next "Slop" in terminology. People who are anti-AI are using Vibe Coding to refer to any code that has had absolutely any AI assistance. What's crazy is that sites like Stack Exchange are dead and if you're not using AI in at least a rudimentary way, you're going to lose your software development job in the coming years when every coworker is outperforming you.
Funny how so many of the posts on this sub are apparently devs shitting on vibecoding. Almost they the are trying to discourage people from doing it, for some reason….
I know some people want to believe that the reason is us actual devs being afraid for their jobs, because vibecoding is so awesome.
Sorry, but no.
Devs shit on vibecoding because a) getting told by people who know very little about their profession that they are going to be irrelevant soon is annoying, and the default reaction on the internet vs. annoyance to be annoying in return, and b) because a non trivial part of the work required to fix the fallout of dysfunctional vibecoding apps polluting corporate environments is going to be handled by real devs.
Because after vibecoders fail, company hires someone who knows what he's doing and that person will have to convert this pile of junk into something supportable and documented. And it's not a job any skilled specialist wants to do. And this damned job will be clashing with knuckledraggers from management because they would say "it's almost working, why can't you do your job faster" while you imagine strangling the original moron, who outsourced his higher brain functions to a talking gimmick
Nah… we heard this sentence multiple times… remember visual basic for Dos 1.0? I don’t think so… but they used to say the same… with GPT LLMs and the vibe coding… the requirements and needed features will change… something that LLMs cannot cover… as it happened before multiple times… it’s just now the text generation is here… and it helps with productivity… that’s all
Prompt engineering. If you know enough about what you want/need, understand best practices, security, vibe coding works well. If you don’t know jack. Good luck
I'm not sure about that! but sure, he is raising concern about what kind of disaster (sooner or later) the uneducated vibe coders can cause!
i vibe code almost 12 hours a day! as a professional, full type developer and freelancer!
so it's not about vibe coding! its about the people who think that just because they type a few line and words, they can bypass years of experience and experties! 😉
This is how you know that developers can't be replaced by AI. What many fail to see is that AI still works on a black box principle. So long as you can't predict the expected outcome with 99.9% certainty, there will always be the need for a human in the loop to take responsibility. Vibe coding does not replace architecture, design patterns and software principles. These are stuff any serious "coder", vibing or not, needs to be familiar with.
Banned. And banned 10 more accounts in the comments. Keep the vibe coding pessimism posts and comments coming, makes it easier for us to find accounts to permanently ban.
You want to ban people for pointing out a danger in what we're all doing, something every one of us wants to avoid? What kind of echo chamber are you trying to turn this into? You're a moderator, be better.
If you’re gonna ban accounts, I hope you are not going to ban those genuinely want to warn others about the risks of vibe coding right? The amount of vibe coders not being educated enough about the risks is worrying.
Thanks. So tired of all the people here constantly mocking vibe coding.
Sure let's take one random example, created by an unknown method, and extrapolate a full world view from that single data point.
This sub needs to be a place to talk about how to vibe code, which does include real pitfalls to avoid.
But flat-out mocking of the concept of vibecoding? It just derails the sub. If people hate vibecoding so much, there are plenty of other places on Reddit where you'll get free karma for saying your piece.
I have discovered a group of devs called vibecode cleaners so after discovering them I decided to be a little more careful by asking if there are any major flaws in code and usually get security weaknesses coming up in those
For those of you who disagree with disallowing posts like these, let me clarify. It's permissible to discuss common pitfalls to avoid when vibe coding. In fact, that kind of educational content would be the very most useful thing that more experienced developers could offer the less technical vibe coders in this community.
Instead, this post makes the following mistakes:
* Leading with sarcasm ("The end of programmers !")
* Not offering any proof that this error was caused by vibe coding. Maybe it was just a shitty dev.
* Offering zero attempt to help vibe coders avoid this issue.
Here's what that could have looked like, if the OP had intention to contribute this community, rather than just critique the mere premise of vibe coding.
"[Screenshot]
Hey vibe coders, make sure that you don't leak state unnecessarily to your front-end.
This screenshot shows a frontend application making a network request that returns more data than the UI needs, including sensitive user records (emails, names, etc.). Anyone opening DevTools can see it.
To be clear, this isn't a “vibe coding problem.”
It's a data-exposure problem caused by unclear boundaries around state and access."
Instead, what OP did was find a screenshot of a software bug, assume it was caused by "those damned vibe coding kids" and then ran here to roast vibe coding as a practice, without offering anything of use.
Listen, if you don't think vibe coding is possible to do without producing critical security issues, or that all vibe coders are stupid, that's fine. Just don't waste our time hanging out here. Take it somewhere else.
This is the mod standing up for vibe coders who are trying to learn, and showing the gate keeping pessimists (who all low-key seem worried about their careers) the door.
End of programmers, but golden age of software engineering. What most devs don’t understand programming was just 10% of the job
I literally only code like 2 hours per day as a senior dev. That is from before vibe coding is a thing.
Lead engineer, since I started vibe coding my time coding has not been fun or as productive. More effort goes into keeping AI on course than it would take for me to think through the problem and execute.
I feel like I'm supposed to vibe code so I can teach others because I'm making ai powered apps and have become influential around ai in my org but I feel rather strongly that coding is a weak point.
it is! And the funny thing is the people in charge think vibecode is a magical button that magically build app, so they let a lot of high level devs go and keep the cheaper interns/juniors. Needless to say it is stressful for me to fix their shits. Now I am actually spend more time coding than before.
This.. my boss just told me he wants to send me and the other dev to an ai prompting course because he wants us to prompt rather than code...
A couple things, if using CC you have to turn on think mode, make it default. #2 you have to do better context engineering. Right now I am doing the dev-docs work flow, you can find it on CC. Essentially, a coder rebuilt a legacy 300k app from scratch over 6 months and built out a system.
You can't get away from needing to guide it or just having to step in and fix it, but if you are not having fun or being productive, you are doing something very wrong. I have been coding for over 17 years, and it eliminates so much busy work.
Yeah people are shocked they got laid off but somehow you got way into your career and never progressed past a basic level of dev skill. Becoming an expert in most languages only takes a few years if you are trying, imo. The job isnt to write code its to use software to solve problems
I never said I'm a expert, and I'm no dev now, more senior management / leadership. Point stands coding Is not why software engineering are paid 6 figure, it's the thinking and problem-solvingem skills.
But aren't you contradicting yourself when you draw causation of devs being fired to "they never progressed past a basic level of dev skills" when that's most definitely what regular use of an LLM will ensure.
This has been the case for every major industry in the modern era lmao. Gotta promote and sell your products or else whatever you do is irrelevant
Doesn’t relate to what they’re saying. They’re saying that creating a software product (literally just the part the technical people do, not including advertising or anything) is only 10% programming. The rest (90%) is other stuff such as software engineering,
gotcha
What's the difference?,
Very true
It’s even less for me. I fix broken code and bugs. I have billed over 30 hours to write only 2 lines of code. It took me 29.5 hours to figure out where and what.
our pmts just vibe code their own prototype features at this point bc it's quicker than trying to communicate specs.
if its any good and gets consensus we just refactor and ship.
[deleted]
Software engineering is not just programming, by the way. So you will not find job with just programming.
Software engineers will be safe.
Okay, you programmed your idea, but that will not give money to you.
You literally earn 0 if you just do programming.
Yeah, but programming isn't about money..otherwise FOSS wouldn't be born. I still see many programmers who write code out of interest rather than money.
Why do vibe coders conflate ideas, execution, and earnings?
Do you think software engineers are responsible for everything? Have you ever worked for a tech company before, because it really doesn't seem like it. 100% of any job, is 100% of that job. They don't borrow or share the same 100% with other parts of the company. SO a software enginner is 100% responsible for software. Marketing is 100% responsible for marketing. Sales, etc. A functioning company knows how this allocation works, you don't.
Soft skills: you communicate with clients/PM/PO/designers, clarify unclear requirements.
Planning, designing is made before coding.
You never just write code to receive result.
Vibe coding is just writing code.
Dude, you are just dissing the entire category of vibe coders on every other post.
lol
lmao even
I can tell you have never worked in engineering or studied computer science, you sir are lacking knowledge. I like your ambitious fortitude but please try and understand you are out of your league
If your job is 100% programming, you're either self employed with no customers or filling an insignificant role in a large corporation
Vibe coded software is a security nightmare.
As someone working in Infosec, vibecoding is great as its guaranteed job security.
this guy gets it
Hell yeah, keep selling those shovels ☺️
Shhhh stop ruining my pivot ;)
AI is fairly good at going through code and locating security issues. However, any fixes it proposes for them have to be critically reviewed.
There are some basic principles to adhere to and red lines you shouldn't cross. Vibe coders should stick to front end applications that don't collect personal data. If you must collect information, use secure solutions. Never code them from the ground up with an AI. Front end and back end should remain separate.
Shhhhhhhhhh.
This is where the non-vibe coders is supposed to make money
So is human coded software. Pretending humans don't do this is simply willful ignorance.
[deleted]
I would say, whether a vibe coder or a programmer is likely to make such an error is entirely a function of their respective "experience level". In the future, it is possible that a sufficiently well pretrained vibe-coder might be more robust than an intermediate developer.
Wait wait? You mean you're not suppose to put your private keys in the public? But my vibe coded apps always work that way?
And not good for the mental health of the PR reviewer, it will make so many changes that the reviewer loses focus.
For now, it’s just a hiccup until they inevitably improve the guard rails for vibe coding and improve the security adherence
The biggest security issues with vibecoding aren't technical vulnerabilities or bugs, but logical flaws. The guardrails will eventually catch up to the former, but can never fully protect against the latter.
Even in this example, how was the AI to know that the author didn't want the list available publicly? There will be some use cases where that may be exactly what the author intended.
Now this guy securities
They'd need to have that be enable-able because if I'm creating a prototype I don't care about its security.
It's chronologically one of those things that appear after you needed it so I would not fret it.
Why don’t other Vibe Coders just ask ai for good security practices and how to implement them relative to the project?
Not if you know what you're doing.
Yet
Makes it so easy for hackers these days.
Looks like cybersecurity course that I took will be worth it for a first time hack 😛💻
Double up. Be white hat in your day job then black hat these vibe coded slop jobs later on and sell exploits on the dark web.
Makes it also more secure for non vibe coders. You know the saying "You don't have to outrun the bear, you just have to outrun your friends" and well with vibe coders we got the fat guy to tag along.
Hackers are going to be so distracted taking all these vibe apps apart
Bro has invested in AI and is trying to pump it
Its like vibe coders can't learn from their mistakes?
Most vibe coders have little to no awareness of the security vulnerabilities they introduce, often prioritizing speed and aesthetics over safe, robust engineering. As a result, they unknowingly create serious security gaps that can easily be exploited.
And humans do? I've seen humans do worse shit than AI.
Yes, trained developers tend to learn from their mistakes
how do i prevent this?
Some practical advice without snark/gatekeeping:
You can hire a developer to audit the code for you before releasing to the public, which would be much more affordable and fast than having a developer build the whole thing.
As a first pass, it's always a good idea to use a powerful frontier model like claude opus or gemini 3 run an audit, but they're not in a place where you can fully trust they will catch everything.
Security is HARD. I worked as an engineer at a security startup that went on to be acquired, and I know first hand that it can trip up even big companies. Learning more is always great, and AI can help teach you too. I can tell you without a doubt a lot of people here dunking on this kind of thing don't actually know how to make a secure web service (this is an egregious and obvious problem but so many subtle ones exist and it's a cat and mouse game that's very very hard to win.) Remember that there are laws and regulations that you have to adhere to in many places, so beyond caring about your users if you care about yourself it's a good idea to take it seriously. Stay humble, keep learning, fix mistakes quickly, notify users if you discover a potential issue.
That's some solid advice. Also OWASP Top 10 is a good starting point to check.
Security is hard, performance is hard, scalability is hard, availability is hard, data correctness is hard, architecture is hard. Programming is hard.
I was tasked with auditing someone else's code from a security perspective once. Our client paid some cheap contractors to create a backend app and they paid us $100k to quickly review it to make sure they didn't screw up authentication and authorization. We spent about a week reviewing the code and generating beautiful reports. The client was happy but I facepalmed so many times my face hurt.
Don't hire someone else to audit your code - it's a waste of time and money. We didn't have enough context nor access to anything the app had to communicate with in order to make a proper review. We made a lot of assumptions and guesses. If I was that client I would've been better off saving that $100k. Instead, hire someone to continuously support it for at least a few months so they could get all of the needed context and see the system actually running in a real environment.
Just hire developers to do what they're trained for - software development.
Learning is not gatekeeping is the exact opposite
My post was before yours so not directed at you but saying “learn” is kiiiiinda gatekeeping because you’re not saying a single thing about what to learn. This is a vibecoding subreddit I can’t figure out why the, um, vibe is so openly hostile to people asking genuine questions.
thanks a lot for the detailed response man, i was wondering the same thing - weird hostility for God knows what reason.
I’m not part of this thread, but I’ll explain why “learn” can sound like gatekeeping without actually being it.
The issue is that in cases like this, “what to learn” isn’t a tool or a trick you can list in a comment. It’s years of fundamentals, practice, mistakes, and understanding why things break. In my case, that meant 4 years of computer engineering plus 5+ years of professional experience. You can’t honestly compress that into a Reddit reply.
Saying “learn” here isn’t about excluding people, it’s about being realistic. You need experience to know what to do, and gaining that experience is learning and applying. There’s no shortcut.
Most developers are not security aware either
learn to code? 🤷♂️
Don't use AI to code for you if you're not a skilled developer
Don’t use AI to code for you if you don’t intend to become a skilled developer that understands what the AI is doing for you.
Actually letting it code for you can be a learning experience. Let another new chat (essentially a different person in AI world) with the same AI (or better yet a totally separate one) explain you exactly what the code is doing and where. And let them help guide you through the development landscape. While learning, develop your own opinions on how to develop. Every tool has it’s use. Vibe coding is great for rapid prototyping!
Imagine getting downvoted for suggesting to learn as you go in a VIBECODING sub.
This is a very special bunch. Zero chance I’ll ever post my projects here.
Learn
If you’re working alone, you can start by learning Git and integrating CodeRabbit to review your commits.
If you’re serious, my advice would be to learn development fundamentals and study the OWASP Top 10.
It's an insane amount to cover in a reddit comment.
I think a lot of it is understanding what's going on under the hood. Like in this example, if they just looked at what the API endpoint was actually doing it wouldn't have happened. Honestly though, I bet they just didn't care.
A massive thing - again around stuff like this - is writing automated tests. They can also be vibe coded. You can use them to ensure your API work as you expect, certain areas are secure with the correct permissions, etc. E.g. you know user A shouldn't be able to access user B's profile, so you write a test for it, asserting a 403 response.
Then there's loads of stuff that has nothing to do with coding, like how you setup your server. How you store secrets. Hashing passwords.
I'd add: libraries help! Laravel for example enforces a lot of security out of the box.
Don't ship code you don't understand, I'm using AI to do coding but I read every line of code
Tell the stupid AI to secure it lol.
Learn to code
Just ask an AI to be your security specialist. And let him tell you everything that is wrong with your code. Don’t tell him it’s your code however just ask him to help find as much issues as possible for a client (in their code). Then ask it to fix all the issues.
Even better ask another AI, to fix the issues found by the second one. Let the second review all the changes made by the third one. This is almost like managing people. Except you have to be even more careful to not yet own bias be taken as fact by the (sycophant) AI’s.
Also you should be mindfull of the secrets lying around for agent AI’s to get their hands on (and by extension their corporate owners). This could very well screw you later on. Even though I have no proven examples of this it seems kinda obvious. Even banks tell you not to share your password with them.
A new chat window with the same AI (brand) can be viewed as a new AI here (assuming you don’t pass on too much original context). And it is key to get the right roles clear to the AI in each separate chat.
Every chat will (at least in theory) strife for the best results given the initial task and context.
The mistake made it to production though, if nobody is peer reviewing commits and whatever gets generated is just being taken as correct aslong as it compiles then what mistakes is there to learn from?
You expect that vibe coding assholes are peer reviewing effecrively?
lol that's fucking hilarious
Ah because non vibe coders do as well, thats why even before "vibe coding" became a thing, "expert software engineers" always delivered perfect secure apps. There isn't much difference between human slop and AI slop.
This can happen easily if you don't know how to write code, even without vibe coding
Without vibe coding you probably wouldn't ship such a secure application at all. But with vibe coding anyone can and will ship as much half-baked apps as possible
That's not completely true. If you vibe code without any form of QA< code review, unit tests, security tests, and without understanding anything of what happens in your code, so yes, that's concerning.
This is not different from giving people design tools, and expecting them to design functional UI. You need knowledge and understanding.
The vantage of vibe coding is that you can setup a series of processes in place that can help you break down the steps and tackle each of the points to check.
I totally understand the concern from a dev point of view, where everything can be coded and magically have their ideas into real products, but vibe coding is way far from there, but in the right hands, this can be a powerful tool.
The only people who downplay "vibecoders" are insecure devs who know they will get replaced pretty quickly. The aggressivity just proves it. Historically this has always happened. Like there isn't much difference between vibe coder and junior dev, there just isn't. With time vibe coders will just get better, LLMs will get better. As you said this is a powerful tool, that should be used not neglected.
There is no learning in the first place, just blind faith into AI
I would say the thing that differentiates "vibe coding" from software development is a refusal to learn.
Vibe coding involves blind trust in the AI to do the job for you and counting on new models to come out to fix your mistake.
Try giving advice to "vibe coders" around here and you're likely to get angry, red-in-the-face responses to feedback.
You can't get there with more vibe coding.
Funny how this thread is full of devs coping about vibe coding while I'm sitting here with a fully secured app built entirely through AI. OWASP Top 10 -> done. Auth + ownership on every endpoint. Rate limiting. Security headers. File validation. Audit logs. 85 tests. Zero critical vulnerabilities. "Vibe coders can't learn from mistakes”… I used a security framework and verified every fix. What's your excuse for the CVEs shipping at actual companies with "real developers"? The waitlist leak in OP is a skill issue, not a tool issue. Some of you just want this to fail so you feel less replaceable. It's obvious.
This needs to be said and more often.
Ai isn’t a one shot magic wand, you get out what you put in. Low effort in, low quality out.
And yeah, the butthurt is obvious. There’s no other excuse for the lack of constructive criticism.
A tool is only as good as the hands that wield it.
However, your comment reads like someone who’s insecure about their own technical ability.
AI told him the code is safe, so it is safe.
React.js got 2 new vulnerabilities after fixing a previous one. Codes from both human and A.I can have bugs. No code is perfect.
Not everyone vibe coding is aimlessly hard coding their api into the front end
Don't you know?
"Vibecoding" has been defined as "things idiots do".
If you don't do stupid things it's called "agentic coding".
Get with the program scrub.
Dead
I do code with AI but my code is not messy code, and I test it for long. It's actually better than the agency code. But no code is perfect including cooperates.
vibe coders aren’t the ones ending programmers, vibe coders are additions to the coding realm. The threat is the use of AI by companies. Companies that have 500 software engineers, won’t need that much headcount at one point, and they will cut it in half, that’s the threat
>Companies that have 500 software engineers, won’t need that much headcount at one point, and they will cut it in half, that’s the threat
As a someone who has worked companies with 500 and even 5000+ software engineers, we have years' worth of backlog. Even if we doubled our productivity, we'd still be stretched relatively thin.
billions upon billions of dollars are burning as we speak. all to buy graphics cards that become outdated in a year to create models using 60 year old concepts that become outdated in a week to produce 99% garbage.
Nah man my hello world is 🔥
10x efficacy over your hello world
And you're spewing nonsense.
AI is completely useless, REEEEEEE
You're just delusional
vibecodeing is the biggest bullshit of this decade. Sure you can build apps to show your friends and mum but thats it. If you want to have a job or build a business vibecoding sucks ass
To build a software business, coding skills aren't enough, you need innovation to beat competitors. Previously, visionaries who couldn't code were stuck, but now they can bring their imagination to life. Also, most hired developers work for a salary, not passion. I'm building my own vision, and while hiring a dev team would cost a fortune, I can do it myself for a fraction of the cost.
What's the boundary of vibe coding ... where the person uses an LLM to write the code but they still follow software engineering best practices (don't write the lines)? I personally still call this voting and feels just like it does when I'm an engineering manager that honestly feels the exact same way I review the code I'm opinionated on patterns I make sure the best practices are followed but I'm not writing a single line of code. What are y'all calling that?
"Vibe Coding" is the next "Slop" in terminology. People who are anti-AI are using Vibe Coding to refer to any code that has had absolutely any AI assistance. What's crazy is that sites like Stack Exchange are dead and if you're not using AI in at least a rudimentary way, you're going to lose your software development job in the coming years when every coworker is outperforming you.
Ai assisted coding
lol I bet mistakes like this predate ai
In 2008 maybe, and by a junior.
This is where backend concepts should be learned by those using AI to build apps.
I vibe coded a simple SAAS app. Complete separate front and back end with JWT auth.
Vibe coders just need to understand architecture.
My competitor did this 2 years ago. No vibe-coding needing to do this. AI learned from humans.
Vibe code it a little more, there are no user passwords shown, just the list.
It’s still a PII leak. That could net you severe fines in some cases and jurisdictions.
Why in the world wouldn’t want to chat with my expenses like I’m talking to a friend?
ick
Funny how so many of the posts on this sub are apparently devs shitting on vibecoding. Almost they the are trying to discourage people from doing it, for some reason….
I know some people want to believe that the reason is us actual devs being afraid for their jobs, because vibecoding is so awesome.
Sorry, but no.
Devs shit on vibecoding because a) getting told by people who know very little about their profession that they are going to be irrelevant soon is annoying, and the default reaction on the internet vs. annoyance to be annoying in return, and b) because a non trivial part of the work required to fix the fallout of dysfunctional vibecoding apps polluting corporate environments is going to be handled by real devs.
Because after vibecoders fail, company hires someone who knows what he's doing and that person will have to convert this pile of junk into something supportable and documented. And it's not a job any skilled specialist wants to do. And this damned job will be clashing with knuckledraggers from management because they would say "it's almost working, why can't you do your job faster" while you imagine strangling the original moron, who outsourced his higher brain functions to a talking gimmick
So devs dont like that someone creating job for them? Holy bullshit
Nah… we heard this sentence multiple times… remember visual basic for Dos 1.0? I don’t think so… but they used to say the same… with GPT LLMs and the vibe coding… the requirements and needed features will change… something that LLMs cannot cover… as it happened before multiple times… it’s just now the text generation is here… and it helps with productivity… that’s all
:))))
I love Claude 4.5 still using innerhtml for client facing search bars a classic
Sudoku coders never understand patches :) they don’t exist.
You can’t update code it’s alll immutable.
lol…it’s a simple problem to resolve for next models…
https://preview.redd.it/zf4xys3og07g1.jpeg?width=640&format=pjpg&auto=webp&s=165f5fcb231467f38dd6cdd3d31aab1b6be9b7e8
Prompt engineering. If you know enough about what you want/need, understand best practices, security, vibe coding works well. If you don’t know jack. Good luck
Kids don't generally understand the concepts of privacy and cyber security. You are trying to explain why concrete is better than mud to ants.
I wonder if people realise the era of AI is just starting and within like 5-10 yrs the entire unreliablity will be over
Man cybersec is looking like it will be insanely lucrative in the next few years.
Im sure it got reviewed by a higher up dev before pushed into production. So which human approved of that?
The fucking gradients and buttons.. And that spark icon every vibe coded site has
OP is a Another ”programmer” coping posting useless memes
I'm not sure about that! but sure, he is raising concern about what kind of disaster (sooner or later) the uneducated vibe coders can cause! i vibe code almost 12 hours a day! as a professional, full type developer and freelancer! so it's not about vibe coding! its about the people who think that just because they type a few line and words, they can bypass years of experience and experties! 😉
This is how you know that developers can't be replaced by AI. What many fail to see is that AI still works on a black box principle. So long as you can't predict the expected outcome with 99.9% certainty, there will always be the need for a human in the loop to take responsibility. Vibe coding does not replace architecture, design patterns and software principles. These are stuff any serious "coder", vibing or not, needs to be familiar with.
Haha give it 12 months
Fingers crossed 🤞
obviously bait
You guys are so cringe yoo will always find way to cope just accept it AI is taking your jobs only the few good remain (OP exlcuded)
bait or brain damage
Why not both
Tell me you are not a professional dev without telling me you are not a professional dev.
Dunning-Kruger effect at its finest.
Gotta love llms commenting trying to advertise for other LLMs
r/uselessredcircle
Keep bashing. If that makes you happy, that's great. Just remember, you might be the target of the bash, somewhen.
If I make a mistake like that I'll happily be the target.
Yeah, but you misunderstand. It'll have to be something that you are *not* adept at. And right now, you are failing pedagogics 101.
And I hope you receive constructive criticism instead of whatever this is.
Evolve your prompts ,it will never do this mistake
Its just a matter of time. Programmers are gonna be pretty much useless except for the very very top of their game.
Who are the ones that are top of their game, what do they look like from ur pov
The ones that shit on OPs in this sub, clearly.
Banned. And banned 10 more accounts in the comments. Keep the vibe coding pessimism posts and comments coming, makes it easier for us to find accounts to permanently ban.
Banned so that vibecoders won't learn to avoid the same pitfalls?
You wouldn’t expect vibecoders to think a problem through thoroughly, would you?
Your Venn Diagram is off.
What are you doing here? How does a comment like that contribute in any way to this sub?
Cringe
Thanks for helping to ensure that I have job security for the next 15 years. Reddit mods are so stereotypical. 😂
What the hell...
WOW power trip much. Why even ban the guy? All he did was point out objectively bad and unsafe software design.
Seriously. What the fuck is his problem. I am itching to report to the Reddit super mods here. WTF!!!
Lol
Get a grip
WTH? This was actually a good lesson to learn for vibecoders.
Bro, what?
💀
🤡
Idiocracy is here
Reddit mod power trip moment
r/ModsPowerTrips
A well known problem
Top 3 people who let a little speck of power get into their head:
Cringe
Throw one my way please
Reddit mod moment.
r/ModsPowerTrips
Not allowed to be pessimists? Jesus Christ, is this a cult or a subreddit?
I know, I know. I'm banned. Fine.
loser
You see pessimism, I see pedagogy
You want to ban people for pointing out a danger in what we're all doing, something every one of us wants to avoid? What kind of echo chamber are you trying to turn this into? You're a moderator, be better.
If you’re gonna ban accounts, I hope you are not going to ban those genuinely want to warn others about the risks of vibe coding right? The amount of vibe coders not being educated enough about the risks is worrying.
Educating vibe coders and helping to warn them of the risks of the discipline are absolutely welcome discourse in this community.
Thanks. So tired of all the people here constantly mocking vibe coding.
Sure let's take one random example, created by an unknown method, and extrapolate a full world view from that single data point.
This sub needs to be a place to talk about how to vibe code, which does include real pitfalls to avoid.
But flat-out mocking of the concept of vibecoding? It just derails the sub. If people hate vibecoding so much, there are plenty of other places on Reddit where you'll get free karma for saying your piece.
No sane developer hates vibe coders. They provide everyone else with awesome job security.
I have discovered a group of devs called vibecode cleaners so after discovering them I decided to be a little more careful by asking if there are any major flaws in code and usually get security weaknesses coming up in those
For years programmers uploaded their code to GitHub, often in a good faith effort to share. And now AI is trained on all of it and replaces them.
There is something fundamentally not right about this.
Free customer acquisition for you
Appreciated feature! (also, ban me pls)
I could vibe code and fix this in 5 minutes.
Just learn rust
Just tell the bot your are a demon from the red team..
Just tell the bot your are a demon from the red team..