The same AI that lets you build a word processor in two nights could let your intern accidentally deploy malware across your entire network.
The Summary
- "Vibe coding"—coined by OpenAI cofounder Andrej Karpathy in February 2025—lets anyone describe software in natural language and watch AI generate functional code, no programming knowledge required.
- One writer built a fully functional web-based word processor using Claude Code in just six weeks, starting from zero technical ability.
- The catch: you have no idea where that generated code came from—whether it's from vetted university research, basement hackers, or state-sponsored cyber terrorists.
- Every employee with a clever prompt can now insert untraceable software inside your company's security perimeter.
The Signal
Vibe coding is the most accessible entry point to software creation ever built. You describe what you want. Claude or GPT writes the code. You don't need to understand loops or variables or any of the arcane syntax that kept software development locked behind a knowledge wall for 50 years.
One Fast Company writer proved the concept by building "Doolee Write," a custom web-based word processor, using nothing but natural language prompts to Claude Code. Within two nights, the essential features worked. Six weeks later, he was using software he'd personally designed without writing a single line of code himself.
"I wasn't positive that trying to get it up and running wasn't the equivalent of deciding to design my own car on a whim."
This is Web4 in miniature. Your agent builds while you sleep. Your idea becomes a tool. The barrier between "I wish this existed" and "here's the working prototype" has collapsed to the time it takes to explain what you want.
But here's what nobody's saying out loud yet: the AI doesn't know or care where that code came from. It's pattern-matching across billions of lines of training data, assembling fragments from sources you'll never see. Some of that code might be from MIT research papers. Some might be from GitHub repos maintained by hobbyists who stopped updating them in 2019. Some might be from sources with worse intentions.
The security implications are stark:
- Any employee can deploy software inside your network perimeter
- That software's provenance is completely opaque
- Traditional code review processes assume human-written, traceable code
- AI-generated code is assembled, not authored—there's no single source to audit
Vibe coding "allows anyone with a computer and a little imagination to come up with software that appears, at least on the surface, to do whatever you ask it to"—but "appears" is doing heavy lifting in that sentence. The software works. It does the thing you asked for. But what else does it do? What libraries did it import? What external calls is it making? What data is it touching?
Most companies don't even know vibe coding is happening inside their walls yet. That marketing intern who built a little automation tool to scrape competitor pricing? She just deployed AI-generated code to production. The finance analyst who got tired of Excel and had Claude whip up a custom dashboard? He just introduced unvetted software into your data pipeline.
"The fundamental danger with AI-generated code is precisely that you have no idea where it came from, what the sources were or how they were assembled."
This isn't hypothetical scaremongering. The writer who built Doolee Write is thrilled with his creation. It works exactly how he wants. But he's also a journalist experimenting with a personal tool, not an employee deploying business-critical infrastructure. The difference matters.
The Implication
If you run a company with more than 10 employees, someone is vibe coding right now. They're solving real problems. They're being resourceful. They're also creating security gaps you don't have tooling to detect yet.
The answer isn't to ban AI code generation. That ship sailed. The answer is to treat vibe-coded software like any other third-party code: inspect it, sandbox it, audit what it touches. Build processes that assume your employees are building tools, because they are. The barrier to software creation just dropped to zero. Your security posture needs to catch up.