Vibe coding may very well be the phrase of the year. It’s not only the center of developer conversations, but making its way to the forefront for the aspiring entrepreneur’s mind as well.
In fact, early 2025 stats show that 25% of Y Combinator startups had over 95% AI-generated code.
Founder and CEO of Endor Labs.
These stats should stop anyone in their tracks. Vibe coding is breaking down barriers to innovation and turning the inception of an idea to a customer-facing product at a pace that is only possible with AI.
Lower costs to build and iterate mean that entrepreneurs can bootstrap more easily, extend their runway and don’t need as much upfront capital. As a result, they test out more ideas with a lot less risk in the prototyping stage, a luxury that entrepreneurs never had until now.
However, like with any transformative technology, it also deserves a critical eye.
Vibe coding reality check
It should be noted that these upsides are not exaggerated. It’s remarkable to witness the power of AI-assisted coding and the potential it’s been able to unlock thus far. However, code dependencies are an inevitable part of vibe coding and a lack of security guardrails can introduce vulnerabilities that fly under the radar.
Without an understanding of this lesser-known reality of coding innovation, this can take entrepreneurs from an overnight success to an overnight headline - and not in a good way. That is why industry experts have a responsibility to create a realistic narrative around the topic.
Entrepreneurs need to understand there is a critical difference between relying on vibe coding to ideate on or test a product vs. launching and scaling it.
Putting humans back in the equation
An important first step to ensuring vibe coding risks and considerations are understood is by taking a look at how it's being approached by the mass majority today. While it has exploded in popularity over recent years, it was not intended to be used the way we so commonly see it being used today.
The most concerning narrative is around using it as a tool to remove humans from the equation. For entrepreneurs, removing experts from the practice of coding comes with steep risks.
Unlike more established companies, these individuals don’t have the resources to weigh in on critical vulnerabilities and potential issues that can arise when trying to scale their product.
Ultimately, these issues can lead to technical debt and a lack of fundamental understanding of the product and its security layers. While it may seem paradoxical, what created vibe coding’s popularity - its use amongst non technical professionals - is what makes it a massive risk without the proper precautions in place.
Security can’t be an afterthought
Entrepreneurs that use vibe coding have to understand how these agents are trained. The large language models (LLMs) these agents are built from are pre-trained on open source datasets that include publicly available source code from platforms like GitHub.
Not all this data is good, and agents being trained on bad code is a reality that comes with the nature of AI-assisted coding. Not only that, but bad actors have actually learned how to leverage these agents through what’s known as a remote code execution (RCE) attack.
The recent npm attack is a perfect example of this scenario, and this is a trend that’s only expected to grow - making vibe coding even more precarious.
Considering that 80% of AI-suggested dependencies contain risks. , every entrepreneur should be re-thinking their AI-assisted strategy before trying to scale their product. This is why developers acknowledge that we’re at a turning point when it comes to AI-generated code.
While manual detection is ideal to catch all of these vulnerabilities, even trained professionals can no longer keep pace. It becomes a scary realization to think that most vibe coders just don’t know any better - they trust these outputs and build insecure apps without even knowing it.
The entrepreneurial dilemma
As bad actors grow more sophisticated and find new ways to achieve RCE, the stakes are going to grow for amateur vibe coders. Without financial resources to bounce back from a breach and technical staff to provide guidance, basing products entirely off AI-generated code is risky.
Early-stage startups will learn the hard way that security cannot be an afterthought. Relying too heavily on vibe coding from the onset also means that products will not successfully scale beyond demos, technical debt may skyrocket if these apps scale fast, and also run the risk of falling apart.
Embrace security protocols
While some entrepreneurs may be tempted to push straight to production, investing early on in security guardrails has to be non-negotiable. This doesn’t mean that you need to hire a team of developers, startups can still vibe code but the key is being aware of the risks and the guardrails that must first be put into place.
Even if these innovators are knowledgeable enough to monitor for vulnerabilities, they are likely wasting a lot of time trying to pinpoint these risks and formulate the right course of action.
On the other hand, when AI coding agents are equipped with security tools, the proportion of safe dependency recommendations jumps from roughly 20% to 57%.
It’s understandable that strapped startups may not be able to invest in outside help early on, but the cost of a data breach will far outweigh the cost of doing security right. Financials are also only the tip of the iceberg; breaches break down trust amongst customers- something that is especially critical for companies just starting out.
Even the most established companies don’t typically get a second chance after a major breach. Startups and innovators must consider seeking expert counsel if they want to create a truly safe and sustainable product and, more importantly, should do so before they release it to the public.
Vibe coding presents many benefits for entrepreneurs, from less upfront capital, the ability to try out more ideas and overall help them bootstrap more easily.
This doesn’t come without a downside; while code generated by AI may work well for prototyping, it likely won’t be able to scale without severely compromising security and performance. To capitalize on the power of AI-coding assistants, entrepreneurs need to invest in security early on or else suffer the consequences later down the road.
We've featured the best encryption software.
This article was produced as part of TechRadarPro's Expert Insights channel where we feature the best and brightest minds in the technology industry today. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro
You must confirm your public display name before commenting
Please logout and then login again, you will then be prompted to enter your display name.