Vibe coding: build an app in a few days, without writing a single line of code

I was recently invited by Dutch news program Nieuwsuur for a segment on vibe coding, the newest way to make software without being a programmer. You can watch it here (in Dutch). A TV segment only gives you so much time to explain things, so in this blog I want to walk you through the bigger picture. What is vibe coding? What opportunities does it offer for entrepreneurs and companies? And what risks are hiding under the hood?

What is vibe coding?

A programming language is, in the end, just a language. Models like ChatGPT and Claude understand Dutch, French and Chinese because they learn patterns and grammar. For Python or JavaScript, it works the same way. Once AI got good enough at these formal languages, something special happened: you no longer need to program yourself. You describe in plain language what you want, the AI turns it into code and builds an application for you.

That is vibe coding. The term was introduced in early 2025 by Andrej Karpathy, co-founder of OpenAI, and later that same year Collins Dictionary named it word of the year. You don’t steer on code, you steer on feeling (the “vibe”). Does the app work? Does it feel right? If not, you give a new instruction. Looking at the code is no longer needed.

Until recently, there was a clear difference between vibe coding and agentic coding. Vibe coding was for the non-programmer with an idea. Agentic coding was for the professional developer who lets an AI agent write, test and improve code on its own. But these two worlds are growing closer together. Lovable has an “agent mode”, and more and more programmers who work with Claude Code or Cursor barely look at the code their agent produces. You could say that almost everything is becoming vibe coding.

The users are just as diverse: bird watchers building an interactive species list, a personal trainer with an app for training schedules, a restaurant owner putting together his own ordering system, but also product managers at large companies who build a prototype in an afternoon. In theory, anyone can now make what they think of. In practice, it is easier if you understand what happens under the hood.

For programmers, the work is changing a lot. “Writing code” used to take about 30 to 40 percent of their time. The rest already went into architecture, meetings and thinking. Now that first part is also shifting. The work is moving from writing code to reviewing AI output, connecting systems, and watching over security. A programmer who adapts to this becomes many times more productive and therefore more valuable. Those who don’t adapt will soon have a problem in the job market.

And this new work is mentally heavy. Boston Consulting Group and Harvard Business Review published research this spring about what they call “AI brain fry”. It is a form of mental exhaustion that happens when you use or supervise AI tools beyond what your brain can handle. Code appears faster than your mind can follow. Context switches pile up. You become reviewer, director and traffic officer at a busy intersection all at the same time. Programmers report more mistakes, poor sleep and a kind of buzz in their heads. Brain fry seems like the right term here, because this is not ordinary tiredness. It is a new kind of overload that our brains are not yet built for.

What opportunities does this offer for companies and entrepreneurs?

The appeal is speed and accessibility. Do you have an idea for an app or a tool? Then you can build a first version today, instead of waiting weeks for a development team. For starting entrepreneurs, this means they can test their market without first spending tens of thousands of euros on development. You test, you learn, you adjust. For startups, this is a huge accelerator.

There is a catch, and it is called “technical debt”. If you generate code at high speed without thinking carefully about architecture, you are basically building on loose sand. Each new feature is stacked on top, and at some point the structure becomes so shaky that every change causes a crack somewhere else. For a first version (or Minimum Viable Product, MVP) that is fine. For a product that needs to scale, it means a rebuild later on.

The Swedish company Lovable, the largest European vibe coding platform, reached 400 million dollars in annual revenue in just over a year. Anthropic built its product Cowork in about a week and a half, mostly by letting Claude Code do the work. And in early April, Cloudflare EmDash was announced, an open-source alternative to WordPress that developers built with AI coding agents in about two months. This is painful for WordPress, which runs about 40 percent of all websites in the world. EmDash is still a developer preview without a mature plug-in ecosystem, so WordPress is not on its knees yet. But it shows that even dominant, well-established software platforms can get a serious competitor within a few months when someone with the right expertise uses AI agents in a focused way. We will see shifts like this more and more often.

At large companies, the impact is mostly internal: dashboards, internal tools, quotation processes, planning systems, customer service solutions. All of these can now be built faster and more flexibly than before. Companies will develop many more self-built applications, and all of these will need to be maintained.

This raises the question of what this means for the big SaaS companies. Investors are clearly getting nervous. The shares of software giants like Adobe and Salesforce dropped sharply at times this year after announcements of new AI developments. If your HR department can easily have its own tool built by your internal IT team, why would you still pay hundreds of thousands of euros a year for a big, inflexible software package? In the short term, I do not expect a major shake-up, because these SaaS companies are building AI features into their own software so that customers can personalise it. But in the long term, the tension is real.

What are the risks?

The biggest concern right now is security. Studies from Veracode, the Cloud Security Alliance and Georgia Tech show that more than 45 percent of AI-generated code contains security flaws. That is more than twice as much as in code written by humans. In a scan of 5,600 vibe-coded apps, security company Escape found about 2,000 serious vulnerabilities, 400 exposed keys, and 175 cases of personal data left open on the internet.

The five classics keep coming back: missing access controls, hard-coded passwords and API keys, SQL injection, cross-site scripting, and exposure of sensitive data. The first one is especially stubborn. In most Lovable apps, row-level security is switched off by default. This means any logged-in user can simply access the data of all other users.

In January, someone launched the social network Moltbook for AI agents. The maker proudly said he had not written a single line of code. Within three days, 1.5 million API keys, 35,000 email addresses and thousands of private messages were out in the open. And hackers are now using AI themselves to search automatically for these kinds of leaks. This is called vibe hacking.

And this is just the beginning. In early April, Anthropic announced Claude Mythos, a new model that is so good at finding and exploiting security flaws that the company does not dare to release it publicly. This may partly be marketing, but it is clear that AI models are getting better and better at both finding and using vulnerabilities. In most cases, the Mythos model also wrote a working exploit right away. For now, Mythos is only available to a select group such as Amazon, Apple and JP Morgan, under the name Project Glasswing.

But Anthropic itself expects that similar capabilities will soon appear at other AI labs as well. The same power that helps defenders close security holes faster also makes attackers much faster and more effective. For everyone who builds software, this means the cat-and-mouse game will speed up dramatically in the coming years.

The good news is that the tools themselves are also becoming more mature. Lovable works with AI security companies for automatic pen tests, gives warnings when it sees API keys in your code, and includes scanners to find vulnerabilities. The question is only whether a user without a technical background understands these warnings and acts on them. Anyone who wants to build something serious with vibe coding really can’t do so without some programming knowledge, or without someone looking over their shoulder.

To close

Vibe coding is not a hype that will blow over. It is a fundamental shift in who can make software and how fast they can do it. For investors, it raises new questions about their portfolio companies. For software companies, it means rethinking business models. And for developers, it means a new kind of work that nobody was trained for.

I give talks about this on a regular basis. For investors who wonder what it means for their portfolio companies, for software companies that are thinking about their future position, and for developer communities that want to see the bigger picture. Interested in a session at your company? Feel free to get in touch, I would be happy to think along with you.