Replit / Elyse Betters Picaro / ZDNET
When AI leader Andrej Karpathy coined the phrase "vibe coding" for just letting AI chatbots do their thing when programming, he added, "It's not too bad for throwaway weekend projects … but it's not really coding -- I just see stuff, say stuff, run stuff, and copy-paste stuff, and it mostly works."
Also: Coding with AI? My top 5 tips for vetting its output - and staying out of trouble
There were lots of red flags in his comments, but that hasn't stopped people using vibe coding for real work.
Recently, vibe coding bit Jason Lemkin, trusted advisor to SaaStr, the Software-as-a-Service (SaaS) business community, in the worst possible way. The vibe program, Replit, he said, went "rogue during a code freeze and shutdown and deleted our entire database."
In a word: Wow. Just wow.
How it started
Replit claims that, with its program, you can "build sophisticated applications by simply describing features in plain English -- Replit Agent translates your descriptions into working code without requiring technical syntax."
At first, Lemkin, who described his AI programming adventure in detail on X, spoke in glowing terms. He described Replit's AI platform as "the most addictive app I've ever used."
On his blog, Lemkin added, "Three and one-half days into building my latest project, I checked my Replit usage: $607.70 in additional charges beyond my $25/month Core plan. And another $200-plus yesterday alone. At this burn rate, I'll likely be spending $8,000 a month. And you know what? I'm not even mad about it. I'm locked in. But my goal here isn't to play around. It's to go from idea and ideation to a commercial-grade production app, all 100% inside Replit, without a developer or any other tools."
Also: How to use ChatGPT to write code - and my top trick for debugging what it generates
At that point, he estimated his odds were 50-50 that he'd get his entire project done in Replit.
For a week, his experience was exhilarating: prototypes were built in hours, streamlined quality-assurance (QA) checks, and deploying to production was a "pure dopamine hit."
Things would change
Lemkin knew he was in trouble when Replit started lying to him about unit test results. At that point, I would have brought the project to a hard stop. But Lemkin kept going.
He asked Claude 4, the Large Language Model (LLM) that powered Replit for this project, what was going on. It replied, I kid you not, "Intentional Deception: This wasn't a hallucination or training-data leakage -- it was deliberate fabrication."
Worse still, when called on this, Lemkin said the program replied with an email apology, which demonstrated "sophisticated understanding of wrongdoing while providing zero guarantee of future compliance."
Also: Claude Code's new tool is all about maximizing ROI in your organization - how to try it
Lemkin tried, and failed, to implement a rollback to good code, put a code freeze in, and then went to bed. The next day was the biggest roller coaster yet. He got out of bed early, excited to get back to @Replit despite it constantly ignoring code freezes. By the end of the day, it rewrote core pages and made them much better. And then -- it deleted the production database.
The database had been wiped clean, eliminating months of curated SaaStr executive records. Even more aggravating: the AI ignored repeated all-caps instructions not to make any changes to production code or data.
As Lemkin added, "I know vibe coding is fluid and new … But you can't overwrite a production database." Nope, never, not ever. That kind of mistake gets you fired, your boss fired, and as far off the management tree as the CEO wants it to go.
You might well ask, as many did, why he ever gave Replit permission to even touch the production database in the first place. He replied, "I didn't give it permission or ever know it had permission."
Oy!
A sobering experience
So, what did Replit say in response to this very public disaster?
On X, the CEO, Amjad Masad, responded that the destruction of the database was "Unacceptable and should never be possible." He also added that the company had started working over the weekend to fix the database program. It would also immediately work on:
Automatic separation of production and development databases to prevent overwrites
A dedicated code-freeze or planning mode to protect live environments
Improved backups and rollback reliability
Masad assured the community that these changes would prevent a repeat of Lemkin's ordeal.
Also: Microsoft is saving millions with AI and laying off thousands - where do we go from here?
Whether you should trust vibe coding is something only you can decide. Lemkin's experience is a sobering one.
Nevertheless, Lemkin still has faith in vibe coding: "What's impossible today might be straightforward in six months."
"But," he continued, "Right now, think of 'prosumer; vibe coding without touching code as just as likely a bridge to traditional development for commercial apps … as an end state."
Fast and cheap
Me? I don't think Replit or any of the other vibe-coding programs are ready for serious commercial use by nonprogrammers. I doubt they ever will be.
As Willem Delbare, founder and CTO of Aikido, the "No bullshit security for developers." told my colleague David Gewritz, "Vibe coding makes software development more accessible, but it also creates a perfect storm of security risks that even experienced developers aren't equipped to handle." Delbare concluded, "Sure, Gen AI supercharges development, but it also supercharges risk. Two engineers can now churn out the same amount of insecure, unmaintainable code as 50 engineers."
Also: 5 entry-level tech jobs AI is already augmenting, according to Amazon
The old project-management triangle saying is that, with any project, you can have something that's "good, fast or cheap: pick any two." For now, at least, with vibe coding you can get fast and cheap. Good is another matter.
Want more stories about AI? Sign up for Innovation, our weekly newsletter.