In February 2025, Andrej Karpathy — co-founder of OpenAI, former head of AI at Tesla and one of the architects of modern deep learning — posted something called ‘vibe coding’. The idea was simple. Let AI be the one who does the coding, and you can completely forget about the nitty-gritty of the work behind it. 

“I’m building a project or system I can barely imagine myself,” he wrote. Within months, Y Combinator’s Winter 2025 cohort was operating on the logic. 25% of its startups reported codebases that were 95% or more AI-generated. Collins Dictionary had named vibe coding its Word of the Year. 

GitClear, a code analytics firm, has spent four years tracking what actually happens inside software repositories. In early 2025 they published an analysis of 211 million lines of changed code spanning 2020 to 2024. 

During 2021, roughly 25% of all changed lines had represented refactoring— Developers going back into existing code and making it better. But, by 2024, that figure had dropped under 10%. Whilst this was taking place, code duplication had risen from 8.3% to 12.3%. 

“The data suggests that AI tools, as currently used, are producing more code that gets immediately thrown away, more duplicate logic, and far less of the structural maintenance that keeps systems alive.”

These numbers exemplify one of the biggest turning points in developer history. Their trust in AI coding tools dropped from 43% to 29% between early 2024 and late 2025. According to Stack Overflow’s annual developer survey the former’s usage had increased upto 84%.

Apiiro, a software supply chain security firm, documented a 10x increase in security findings per month in Fortune 50 enterprises between December 2024 and June 2025. Their numbers had also increased from approximately 1,000 monthly vulnerabilities to over 10,000. 

According to a 2025 survey of engineering leaders, 54% plan to hire fewer junior developers as a direct result of AI efficiency gains.

Developers who have built extensively with AI tools describe a phenomenon that has acquired a name in engineering forums: the Spaghetti Point. 

Within the first few weeks of a vibe coded project, most functions begin appearing, everything will seem to function properly. But over time, adding one or two new features will break the previous 2 features. Fixing them is close to impossible, since the developer who had originally produced it cannot read the code closely enough to understand it. 

The software you use every day — your banking app, your medical records portal, and your city’s infrastructure systems — is increasingly being built by developers who may not fully understand what they’ve built. That gap between confidence and comprehension is where vulnerabilities exist. It’s worth paying attention to.