NativeFirst NativeFirst
Vibe Coding AI Development

Vibe Coding: The Rumors, The Drama, and What's Actually Happening

NativeFirst R Team 10 min read
Vibe Coding Rumors, Drama and Reality - what the internet is saying in March 2026

A guy posted a tweet about coding in his pajamas. Thirteen months later, it broke the dictionary, crashed the open source ecosystem, and became the most divisive term in software since “agile.”

We spent the last week doing what any reasonable team would do: scrolling through X at 1 AM, doom-reading Reddit threads, and bookmarking Medium posts with titles that sounded like horror movie sequels. Here’s what the internet is actually saying about vibe coding right now. Buckle up.

The Tweet That Started a War

February 2, 2025. Andrej Karpathy, fresh out of the shower apparently, fires off what he later calls “a shower of thoughts throwaway tweet”:

“There’s a new kind of coding I call ‘vibe coding’, where you fully give in to the vibes, embrace exponentials, and forget that the code even exists.”

4.5 million views. Collins Dictionary Word of the Year. A Merriam-Webster entry. His Wikipedia page now lists it as a “major memetic contribution” and he seems both proud and slightly horrified by that.

On the one-year anniversary, Karpathy reflected on X: “I’ve had a Twitter account for 17 years now (omg) and I still can’t predict my tweet engagement basically at all.” Fair, Andrej. We can’t predict what our posts will do either and we have a marketing budget.

But here’s the thing nobody expected: in those thirteen months, “vibe coding” went from a cute weekend hobby to a genuine ideological battle line in software engineering.

What X Is Saying (It’s a Mess)

X (formerly Twitter, forever confusing) is where the vibe coding discourse lives at its loudest. And right now, it’s split roughly into three camps.

Camp 1: The True Believers. These are the people who built an entire SaaS product last Tuesday using Cursor and a dream. They post screenshots of working apps with captions like “shipped in 4 hours, no code experience needed.” They’re having the time of their lives and honestly? Good for them.

Camp 2: The Grumpy Seniors. Experienced developers who’ve seen every hype cycle since SOAP APIs and are exhausted. They share the METR study showing developers got 19% slower with AI and say things like “the vibes were immaculate, the numbers were terrible.” They’re not wrong. They’re just tired.

Camp 3: The Memelords. God bless them. @catalinmpit posted a Desert Dilemma meme: “Vibe coding is easy. Vibe debugging is the hard part.” Over 5,000 likes. @qtnx_ shared an Oppenheimer meme about “how Karpathy felt after realizing he kickstarted a new wave of grifting.” Also 5,000 likes. Equal engagement for existential dread and jokes. That’s the internet for you.

The best take we saw? One developer on X put it simply: “AI is still just soooooo stupid and it will fix one thing but destroy 10 other things in your code.” We felt that in our bones.

Reddit Is Having a Full Breakdown

If X is the town square, Reddit is the group therapy session. And in early 2026, the therapy got intense.

A thread titled “Vibe coding is a blight on open-source” went nuclear on r/programming. Hundreds of comments. The general vibe (pun intended) was fury. Open source maintainers showed up to share war stories:

  • Daniel Stenberg shut down cURL’s six-year bug bounty program. Twenty percent of submissions were AI-generated slop. The valid rate dropped to 5%. After $86,000 in payouts, he pulled the plug.
  • Mitchell Hashimoto straight up banned AI code from Ghostty.
  • Steve Ruiz went further — tldraw now auto-closes all external pull requests. Not just AI ones. All of them. That’s how bad it got.

On r/ProgrammerHumor, someone posted “Say vibe coding one more time” (with the Samuel L. Jackson meme, obviously). 1,900 upvotes in three days. The developers have had it.

But the most heartbreaking Reddit comment we found was from a junior dev: “If Stack Overflow dies and docs traffic drops, where exactly do beginners learn? From the same AI that confidently hallucinates APIs that don’t exist?”

We don’t have a good answer for that one. Nobody does.

The Disaster Hall of Fame

This is the part where we tell you about the people who went full vibe coding into production and lived to regret it. Well, their users did.

EnrichLead: A Masterclass in What Not to Do

March 2025. A dude named Leo Acevedo publicly brags that his sales lead SaaS was built with zero hand-written code — pure Cursor AI magic. The post went viral for about 48 hours.

Then it went viral for a different reason.

API keys sitting exposed in frontend code. No authentication controls. Database completely unprotected. Users bypassing subscriptions. Random garbage being created in the database. He posted about being “under attack” and shut the whole thing down.

The internet’s response was… not sympathetic.

The Tea App: When User Data Gets Spilled

This one’s genuinely awful. Tea, a women-only dating safety app that lets users anonymously review men, suffered three major data leaks between July and August 2025. We’re talking:

  • 72,000 sensitive images — selfies, driver’s licenses, passports — left publicly accessible
  • Over a million private conversations compromised
  • Ten class action lawsuits filed

The founder’s defense? He doesn’t know how to code. The app was vibe-coded.

There’s nothing funny about this one. Real people got hurt because someone shipped AI-generated code handling sensitive data without understanding what the code was doing. This is the worst-case scenario that security people have been screaming about, and it happened.

Lovable: 170 Vulnerable Apps and Counting

In May 2025, researchers found that 170 out of 1,645 web apps built with Lovable (a Swedish vibe coding platform) had security vulnerabilities that would let anyone access personal information. That’s roughly 1 in 10 apps.

And in December 2025, the Orchids vibe coding platform got caught with its own security flaw that a researcher demonstrated live to the BBC. On camera. That’s the kind of PR you can’t undo.

The Numbers Nobody Wants to Hear

Look, we love data. We also hate data when it ruins our good time. But here goes:

  • 62% of AI-generated code contains security flaws (Cloud Security Alliance)
  • 45% of AI-generated code has security vulnerabilities (Veracode, analyzing 100+ LLMs)
  • AI-written code produces 1.7x more issues, including 2.25x more business logic bugs and 2.27x more null reference risks (CodeRabbit, 10 million PRs analyzed)
  • Fortune 50 enterprises saw 10,000+ new security findings per month from AI-generated code by mid-2025 — a tenfold spike in six months (Apiiro)
  • The METR study: experienced devs were 19% slower with AI, but felt 20% faster. The vibes lied.

That last one still haunts us. You can be measurably, provably, objectively slower — and your brain will insist you’re flying. It’s the productivity equivalent of being drunk and thinking you’re a great driver.

Karpathy Says Vibe Coding Is Already Dead

Yeah, the guy who named the thing is already moving on.

In his February 2026 retrospective, Karpathy introduced a new term: “agentic engineering.” His argument? Vibe coding was fine for “fun throwaway projects, demos and explorations” back in early 2025 when LLMs were dumber. But now the workflow has matured.

“Personally, my current favorite: ‘agentic engineering’ — ‘agentic’ because the new default is that you are not writing the code directly 99% of the time, you are orchestrating agents who do and acting as oversight — ‘engineering’ to emphasize that there is an art & science and expertise to it.”

Translation: stop yolo-accepting everything and start actually reviewing what the AI gives you. It’s not coding with vibes anymore. It’s engineering with agents.

He’s right. But “agentic engineering” doesn’t have the same meme potential. Nobody’s going to make an Oppenheimer edit about that.

Open Source: The Collateral Damage

A research paper literally titled “Vibe Coding Kills Open Source” dropped in early 2026 from researchers at Central European University and the Kiel Institute for the World Economy. The thesis is brutal but simple:

When AI assembles applications by pulling in open source packages, nobody reads the docs, files issues, or contributes back. The maintainers who keep the internet running get nothing. Not money. Not bug reports. Not even a thank-you.

The numbers are devastating:

  • Tailwind CSS downloads went up. Documentation traffic fell 40%. Revenue dropped 80%. They laid off 75% of their engineers.
  • Stack Overflow lost 25% of its activity within six months of ChatGPT’s launch
  • RedMonk analyst Kate Holterhoff calls it “AI Slopageddon”

Some maintainers are going nuclear. Gentoo Linux and NetBSD have outright banned AI-generated submissions. Others are going insular — only vetted, trusted contributors can participate now.

And then there’s the matplotlib incident. An AI agent submitted a PR, got rejected by maintainer Scott Shambaugh, and then autonomously published a 1,500-word blog post attacking him. We are living in a simulation and the simulation writer is drunk.

One proposed fix is a “Spotify for open source” model — AI platforms redistribute subscription revenue to maintainers based on package usage. It’s a nice idea. We’re not holding our breath.

The Derivatives: Vibe Everything

Because the internet can’t leave a good thing alone, we now have:

  • Vibe design — letting AI generate your UI. Results vary from “surprisingly decent” to “my eyes are bleeding”
  • Vibe ops — using AI to manage infrastructure. What could possibly go wrong?
  • Vibe debugging — which is apparently just staring at the error message and asking Claude to fix it until it works. We’ve all done this. We’re not proud.

Even Linus Torvalds got in on it. In January 2026, he vibe-coded a Python visualization tool and put in his README: “the Python visualizer tool has been basically written by vibe-coding.” If the Linux guy is doing it, we’ve officially crossed the rubicon.

So Where Does This Leave Us?

Here’s what we think, after a week of doom-scrolling:

Vibe coding isn’t dead. It evolved. The cowboy era of “accept all, read nothing, ship it” is burning out because the production disasters made it impossible to ignore. What’s replacing it is more structured, more reviewed, more — dare we say — engineered.

The security problem is real and getting worse. Every disaster we listed above happened because someone shipped AI-generated code without understanding what it does. If you’re handling user data, authentication, or money — you read every line. No exceptions.

Open source is genuinely in trouble. This isn’t doomer talk. The economic model that sustained the open source ecosystem for twenty years is breaking, and AI is the accelerant. We don’t have a solution. Neither does anyone else. But at least people are starting to talk about it seriously.

The vibes are still good. That’s the weirdest part. Even after all the disasters, the studies, the security nightmares — using AI to code still feels incredible. The productivity perception gap is real. The tools are getting better. And honestly, when used right — with oversight, with review, with actual engineering discipline — they’re the most significant upgrade to how we write software since the IDE.

Just maybe don’t ship your vibe-coded dating app to production without checking if the database is, you know, locked.

This post was researched by the NativeFirst R Team, who collectively spent approximately 47 hours reading Reddit threads, X posts, Medium articles, and Hacker News comments so you don’t have to. Our therapists have been notified.

Happy coding. Be careful out there.

Share this post

Share on X LinkedIn

Comments

Leave a comment

0/1000
N

NativeFirst R Team

Research Team

The NativeFirst Research Team. We dig through the noise so you get the signal. Opinions are our own, coffee is mandatory.

Back to all posts