What are the risks of using Vibe Coding?

Mahesh Calculating...
vibe coding risks security issues with AI code limitations of AI coding AI code generation problems vibe coding
What are the risks of using Vibe Coding?
Table of Contents
Share this article:

“Vibe coding” is writing code using AI tools and platforms, and working with AI code generation tools as your coding buddy. AI can write code for you and help you in every phase of the software development life cycle, from writing a requirement document to delivery. You can use AI to analyze and research, write detailed user and functional requirements, build user interfaces, write code, check and fix bugs, write test cases, and automate deployments. AI can save software development teams up to more than 50% of their time and build higher-quality software.

Please pay Attention: Before we get into the details, let's try to understand how AI works. AI tools like ChatGPT and Copilot are just the front face of AI large language models (LLMs). LLMs are the real resources where the code is generated. AI tools provide an input called "a prompt" and pass it to an LLM. The LLMs understand the prompt, create content, and give output to the tool, such as ChatGPT or Copilot. So the real magic happens within the LLM.

However, it has its pitfalls and comes with some minor risks. Here are some of the challenges when building software using AI: 

1. Code quality and versions

AI uses LLMs to generate code. LLMs need massive amounts of data to be trained. In code generation, they have billions of lines of code copied worldwide and trained on that code. Remember that millions of people have written this code over the decades. Every programmer and developer has their styles and standards. While LLMs can become better over time, there is a chance that the code they generate may not be of the same quality as that of an experienced developer. It may follow the coding standards and best practices as you expect it to be. In most cases, the quality of the code generated by LLMs is great, but there may still be some chances.

Most AI tools will give you this warning: 

So you might get code that:

  • Doesn’t work correctly and has bugs 
  • It is messy, hard to read, and understand
  • Doesn’t fit your project style, standards, and design patterns
  • May be obsolete since programming languages such as C#, React, or others have a new release almost every few months 
  • May be wrong API calls since third parties often change their APIs 

Solution

To fix this problem, it is highly recommended that an experienced developer still check the code for quality and ensure it follows best practices and your standards. Extensive testing and code reviews are essential.

It is possible, but it is highly recommended to rewrite the code in your own style. You can train AI agents that could become you and rewrite code in a way you train them. 

2. Security and performance issues

Developers and programmers often overlook code security. Many don't understand or pay attention to code security and performance. As I said earlier, LLMs have copied code from all over the world, including public repositories, blogs, articles, and documentation. Since this code is copied from the Internet, no one has actually checked whether the code is secure or not. Which code has good vs bad performance? While the AI can check performance, security issues are not easy to find and fix. 

AI might write code that isn’t safe. It might:

  • Have holes hackers can use 
  • Ignore security best practices
  • Be risky if the AI tool itself isn’t secure

Solution

Make sure your code reviewers understand code security and follow a standard practice of checking the code using security protocols and tools. The security tools must be modern and have up-to-date patches. I always recommend Security-First software approach where the software architecture start with code and data security. Performance is another major concern, and AI may not understand applications' scalability and performance requirements. You need to make sure to check the code for performance using industry-standard tools. 

3. Forgetting how to code 

If you use AI to write all the code without checking and understanding, you are taking quality and security risks and may also end up forgetting how to write code. If you don't know how to write code, it will be impossible to check for quality, security, and performance.  If you don't know what your code is doing, it will be impossible to fix issues, add new functionality, or find any issues if AI can't find it.

Some challenges you may run into:

  • Struggling with tough problems
  • Not really understanding how code works
  • Getting stuck with one tool if the tool can't help, you are stuck

Solution

You need to keep yourself hands-on and up to date. Remember, AI is here to help, not replace you. 

4. Who owns the code?

As I said earlier, LLMs do the real code generation by AI, and LLMs have actually copied or, should I say, have stolen many people's code from all over the world. For example, I've written over 2,000 code samples on this website, and LLMs have copied my code without my permission. While it is impossible to find who the owner of the generic code is, there may be specific code solutions that the owner may know. And AI may generate code that is IP-protected. 

There are still big questions about legal stuff, like:

  • Who owns the code AI makes?
  • Could your private info be used to train the AI?
  • Could AI mix code with licenses you’re not allowed to use?

Solution

If you work in highly regulated and protected areas, read the terms of your AI tool and talk to a legal expert if needed. Always check and, if possible, rewrite it in your language.

5. LLMs are black boxes 

Code generated by LLMs is like a black box; we don't know how it is written and where it has taken its references and copied content. That makes it hard to:

  • Fix bugs
  • Trust the code
  • Improve or optimize it

Solution

Make sure you understand the code generated by AI. Learn it and test it before it goes live.

7. Less Creativity

Humans are lazy by nature :). AI might make us lazy with problem-solving. If we always use the “easy” AI answer, we might stop coming up with new and better ways to code. Remember, before we had Google Maps. We used to remember all directions, but now we don't know. What happens if you don't have your phone with you? Something similar could happen with AI. If we 100% rely on AI to write code, we may end up losing how to code and understand how code works.

Final Thoughts

AI is an amazing helper when it comes to writing code. It can write code faster and help you build large software in hours, but it can also provide you with the skillsets you don't have. It is cheap and almost needs no breaks. AI is like having your own assistant always. However, it comes with some calculated risks. If you make sure there are code reviews done for quality, security, performance, and licenses, and continue learning, you could take full advantage of AI code generation.

Always remember, AI is a tool, not a replacement for smart, skilled human developers.

New to Vibe Coding? Read here: What is Vibe Coding? 

Mahesh

Mahesh

Vibe Coder specializing in AI-powered development and software architecture.

Related Articles