Across the industry, software is being written differently: faster, more collaboratively and increasingly through AI prompts instead of keystrokes. This shift has a name, and it’s changing the way code gets written.“Vibe coding,” the growing use of generative AI (GenAI) to write, refactor and review code, is becoming a common part of modern software development. According to Gartner, AI-assisted development is poised to account for 40% of all new business software within three years, but that is likely a conservative estimate.Vibe coding is a lot like having a tireless, egoless, eager junior engineer sitting beside you — one who responds instantly to feedback, churns out working code and never complains about repetitive tasks. But speed without scrutiny can have major consequences.Vibe coders need to understand that AI is just a productivity tool, and they — not the AI — are ultimately accountable for the code it produces for them. If they accept low-quality output, they will be accountable for the risks and vulnerabilities created.Real Experience of Vibe Coding (And Why It’s Compelling)Using tools like Claude Code or GitHub Copilot, vibe coding enables rapid iteration for developers. You can make a request, review work and complete revisions, and in minutes, you have functioning code that might otherwise have taken hours or days to write.In many ways, vibe coding is following the same trajectory open source did: It began as an experimental, developer-driven movement, then rapidly became the backbone of modern software. That shift delivered enormous productivity and innovation, but also introduced new challenges in governance, licensing and security.Open source software enables developers to use existing libraries and frameworks to write less of the final code necessary to build powerful applications, but importantly, they still remain accountable for 100% of what ends up running in their environment.Vibe coding offers a similar promise while carrying similar risks. Teams that put the right culture, guardrails and accountability in place from Day 1 will be best positioned to capture its benefits safely.Vibe Coding Doesn’t Mean Vibing Without RulesAI is fundamentally a productivity tool. As with any productivity tool, it is intended and expected to increase the quality and/or quantity of your work (ideally both), without regressing either. Ultimately, the person using the tool is accountable for the results. But used properly, that output should be higher quality and higher quantity.A culture of “secure velocity” starts with shared responsibility. For organizations, that means:Rigorous code review and testing: AI doesn’t get a free pass. Every suggestion requires human oversight.Governance and provenance: Teams need traceability to understand where code came from, how it was modified and who signed off on it.Legal and security buy-in: Collaboration between engineering, legal and security teams ensures AI-generated code isn’t introducing compliance or licensing risks.With these guardrails in place, using AI to write code can be transformative. Without them, vibe coding risks becoming an unmonitored source of vulnerabilities.Security Flipside: Vibe Hacking and Zero-Day AccelerationNaturally, the same AI tools that empower developers are in the hands of attackers. Historically, zero-days have been the “holy grail” of vulnerabilities because they give attackers a potential weapon against which their prey is defenseless. (They have had “zero days” to patch it.) Disclosed vulnerabilities also appeal to attackers because many folks (the laggards) simply aren’t applying patches. But the race is on: Can the attacker weaponize the exploit before their prey has applied the patch?Now armed with GenAI tooling, the time for an attacker to weaponize known vulnerabilities is plummeting from weeks to minutes. This fundamentally changes who they can attack, from just the laggards to everyone who hasn’t adopted modern security practices.Just as AI enables quick iterations for developers, it also allows adversaries to find, test and weaponize vulnerabilities at unprecedented speed. Even if a patch exists, delays in upstream distributions or slow adoption by end users create a dangerous window that attackers can exploit before defenders have time to react. The result: Defenders face a shrinking response window, and security teams need to assume that bad actors are coding at the speed of AI, too.Vibe Coding Is Not Going AnywhereVibe coding isn’t a fad; it’s the next evolution in how software gets built. For developers approaching it responsibly, it offers more than speed. It can elevate code quality, free up time for creative and innovative work and even foster better engineering habits. But without the right quality checks, it risks becoming a liability.Here’s the challenge for vibe coders: Don’t stop at faster code. Push yourself toward better code. Use the time you save to do that refactor you’ve been putting off, write the documentation your teammates will thank you for, expand test coverage or improve security posture. Share how vibe coding isn’t just accelerating output, but actually raising the standard of the code you deliver.Now is the moment to run your vibe check: Are you not only going faster, but also leveling up the quality of your work?The post Should Your Team Be Vibe Coding? appeared first on The New Stack.