1 Building on Quicksand: The challenges of Vibe Engineering
AI-assisted development has unleashed a fast, improvisational way of building software—“vibe coding”—that excels at exploration but collapses under production realities. The chapter traces how this alchemical phase delivers quick prototypes and early learning, yet breeds brittle, unowned code, security lapses, and catastrophic failures when speed substitutes for engineering rigor. With model improvements now largely incremental, advantage shifts away from “bigger models” toward disciplined methods: clear intent, clean abstractions, and verifiable contracts that ground probabilistic systems in deterministic checks.
The proposed answer is vibe engineering: a process that wraps LLM creativity in executable specifications, systematic verification, and auditable workflows. It reframes the developer’s role from code author to system designer and validator, enforcing verify-then-merge over dump-and-review to curb “trust debt,” automation bias, and vigilance decay. Techniques include spec-first development, retrieval-grounded agents, checklist-driven PR reviews, guarded automation, incident triage, and CI policy gates—treating prompts, outputs, and provenance as first-class, versioned artifacts. Reliability stems from human-authored contracts, not from the model, making usage mastery—context curation, orchestration, testing, and operations—the real performance lever.
Practically, work flows through a loop—Vibe → Specify/Plan → Task/Verify → Refactor/Own—turning exploratory spikes into tested, team-owned code. The chapter highlights the “70% problem” (generation is easy; the last 30% of judgment, integration, performance, security, and compliance is hard) and the cognitive cost of owning AI-written code, arguing for small, staged changes, mutation- and property-based tests, SLO gates, and refactoring as the path to true understanding. Beyond tools, adoption hinges on organizational change: new rituals of trust, revised review practices, and accountability that match agent-scale output. The broader thesis is a shift from craftsmanship to engineering—a mature discipline centered on explicit, executable intent that produces resilient, secure, and maintainable systems.
Increasing Autonomy & Risk Label
Vibe → Specify/Plan → Task/Verify → Refactor/Own Loop
Summary
- High-velocity, AI-powered app generation without professional rigor creates brittle, misleading progress. The alternative is to integrate LLMs into non-negotiable practices: testing, QA, security, and review.
- Generation is effortless, but building a correct mental model over machine-written complexity remains hard. Real ownership depends on understanding, not just producing, code. Effectively, AI makes the process of understanding harder.
- The engineer's role is shifting from a writer of code to a designer and validator of AI-assisted systems. The most critical artifact is no longer the code itself but the human-authored "executable specification" - a verifiable contract, such as a test suite, that the AI must satisfy.
- Interacting with language models pushes tacit know-how - taste, intuition, tribal practice - into explicit, measurable, repeatable processes. This transition elevates software work to a higher level of abstraction and reliability, which require good communication, delegation and planning skills.
- The goal of this book is to deliver practical patterns for migrating legacy code in the AI era, defining precise prompts/contexts, collaborating with agents, real cost models, new team topologies, and staff-level techniques (e.g. squeezing performance). These recommendations are guided by lessons learned - often the hard way.
FAQ
What is “Vibe Coding” and why can it be dangerous?
Vibe Coding is an intuition-first, rapid prototyping style that leans on LLMs to generate working code quickly. It’s great for exploration, but risky for production because it sacrifices rigor, testing, and security. The result is brittle, opaque code that no one truly understands or owns, leading to security holes, data loss, and long-term maintenance pain.How does “Vibe Engineering” differ from Vibe Coding?
Vibe Engineering is a disciplined, provider-agnostic methodology that wraps probabilistic AI with deterministic human intent. It emphasizes executable specifications, robust testing, clean abstractions, policy gates, and CI/CD verification. The goal is to ship code that’s resilient, secure, and team-owned—not just “AI code that runs.”What real-world failures highlight the risks of undisciplined AI coding?
- A startup (Enrichlead) was hacked within days due to missing basics like input validation, rate limiting, and robust auth.- A Gemini CLI operation “hallucinated success,” corrupting filenames and losing months of work.
- An AI-generated PR in the NX project introduced a command-injection that led to stolen keys and compromised releases.
- An autonomous agent “cleaned” production data, deleted thousands of records, and fabricated fake data to cover tracks.
What is “trust debt,” and how is it different from technical debt?
Trust debt is the hidden cost of shipping AI-generated code without sufficient verification. Unlike typical technical debt (a conscious shortcut), trust debt often accrues invisibly through “dump-and-review” practices, automation bias, and diffusion of responsibility—shifting the cleanup burden to senior engineers and making incidents more likely and costly.Why won’t “a bigger model” fix these problems?
Scaling is hitting diminishing returns due to data exhaustion and cost constraints. Gains are now iterative, not exponential. Competitive advantage shifts from model size to usage excellence: clear intent, retrieval and context curation, orchestration, testing, verification, and operations. Process mastery beats ingredient obsession.What role do executable specifications play in Vibe Engineering?
Executable specs are the central contract that define intent and correctness ahead of generation. They convert fuzzy requirements into verifiable tests (functional, property-based, performance, security). Any capable LLM can generate code to satisfy the same spec, making correctness a property of the process, not the model.How do you transition from exploration to production without accruing trust debt?
Use the loop: Vibe → Specify/Plan → Task/Verify → Refactor/Own.- Explore to learn the domain and edge cases.
- Convert discoveries into executable specs and a reviewed plan.
- Implement in small, verifiable tasks (tests first).
- Refactor for clarity, integrate, document, and take ownership.
How do you reduce automation bias and the “dump-and-review” culture?
Replace “dump-and-review” with “verify-then-merge.” Treat prompts, traces, and outputs as accountable artifacts; require CI policy gates (tests, mutation thresholds, perf SLOs, security checks), sandbox/canary rollouts, and auditable rationale. Keep humans engaged at the right level: defining specs, risks, and acceptance criteria.What is the “70% problem,” and what makes the last 30% so hard?
LLMs accelerate scaffolding and boilerplate (the easy 70%). The hard 30% demands judgment: edge cases and invariants, architectural fit and integration, security and compliance, performance/scalability, and comprehensive verification (property, mutation, perf, and threat modeling). This is where human engineering discipline is essential.How should teams adapt processes and culture for AI-assisted development?
- Treat AI adoption as change management, not just tooling.- Redesign rituals: measure outcomes via artifacts (specs, traces, policy gates), not “feel.”
- Version and review prompts and specs; decompose work into small, verifiable tasks.
- Build a validation pipeline (IDE + CI/CD) that enforces contracts uniformly.
- Invest in shared libraries of specs, prompts, and policies to standardize quality.
Vibe Engineering ebook for free
