Vibe code is legacy code

I would not default to assuming it was his competitors, that sounds like scapegoating to deflect responsibility. What most likely happened is his site was scanned by one of the increasingly sophisticated exploit crawlers (anyone who runs an internet facing site and can view traffic knows what I'm talking about). His site got flagged as vulnerable, the hacker found out it was built like swiss cheese and had fun with it.

The fact your friend is suffering no consequences and is able to just carry on is exactly what is wrong with this industry.

In a perfect world the creation of software would have been locked down like other engineering fields, with developers and companies suffering legal consequences for exposing customer information.

> Was it worth it? Yes, it is terrible, shoddy, insecure code, but he proved out a viable business with just a few hundred dollars of investment.

This feels like less of a win for the customers though. They're paying money and exposing their data insecurely, all for a product that maybe does what it's trying to do.

> Now he's hiring a developer to shore it up.

This is going to be way harder than it sounds...

I'm all for AI as a reference or productivity/learning aid, but the results without a human in the loop quickly get horrific.

Did he need it to prove a business viable if there were already players in the market? No. Do you ever need to validate that people would switch providers of a commodity product or service if presented with a cheaper option? Also no. What did he learn then, that he can create a partial solution that people might pay for initially (no data on renewals) but will ultimately have to actually hire people to build a real product which will eat at his differentiator (price). Wait until he decides he actually has to spend money on marketing.

The good news is that with each of these we get to "validate" that having an idea still isn't worth much without the ability to actually execute.

> Was it worth it? Yes, it is terrible, shoddy, insecure code, but he proved out a viable business with just a few hundred dollars of investment.

Thank god that someone, somewhere, was able to make some money out of irresponsibly releasing software into the world!

This is morally equivalent to building a house with no engineering experience and someone coming around and kicking it down. The problem isn't vibe coding per se, but lacking some key knowledge to be able to make important judgements which may (should) result in legal liability

I think you're describing fraud. Of course it's easy to start a business if you're cutting every corner with no regard for the users until you get caught.

Vibe coding is going to bring upon regulation, which is the opposite of the lower barrier to entry people want it to be.

That’s not a viable business, it’s a walking liability. Besides which, why would anyone trust your friend (as an investor or customer) ever again when they’ve shown such profound disregard for user data and their IP? If your metric of success is “I have no idea what I’m doing and still made money from it” your friend would have a better time starting a podcast.

A lot of my work early on in new projects is setting up local and CI validations and rules, practices, reviews, git usage, design patterns / code architecture, etc - skipping all of those will lead to maintenance problems in the long run, whether code is written by a developer (I'm not even going to prefix it with 'junior' because I also suck lol) or an AI. But that validating is carried by the whole company at least. Where I work now we've got unit tests, linters, automatic formatting via Biome or Prettier, visual regression tests, Sonar with all the options enabled, minimum of two code review approvals, locked down main branch, etc etc etc.

Some AI generated code does come through, but at that point it's already mostly alright. Code review is still required for things like unnecessary comments or detecting duplicate functionality (exact duplicate code is already pointed out by Sonar).

Almost managed to forget the horror of all those enterprise "web" pages that worked just as long as the user was on a Windows machine with ActiveX ...

I see that you're not alone in your position clearly, but still, this is such a strange take to me. Do people not seriously not see, nay, instinctively understand the ontological difference between the difference between using code someone no longer understands and deploying code no one ever understood?

I'm not saying the code should be up to any specific standards, just that someone should know what's going on.

Agreed with you. I've always told people all code "rusts" (not a language reference) - in multiple ways: the original author's mental model, the contributors, institutional knowledge, and the supporting ecosystem and dependencies. All code atrophies towards being legacy and debt. The more the worse. AI Vibe coding simply creates much more of it, much faster.

piggybacking on everything you said, which is all true: Code is not a science, despite what pedants would have you believe. The annoying answer to "what's correct" code is, "it depends." Code is just a tool used to achieve a goal.

> An unreadable 100K loc program backed by 50K tests, guaranteeing behavior to the client requirements

Until the next set of needed changes due to exterior requirements. And this software is one of the pillar in the business. That is when you switch vendors if you were buying the service.

That is why support is always an essential part of B2B or even serious B2C. The world will change and you need to react to it, not just have the correct software now.

This assumes software is a thing you build once and seal it off when it's finished.

What happens when you need to modify large portions of it? Fix security issues? Scale it up 20x? You can throw more tokens at it and grow it into a monstrous hulk. What if performance degrades due to its sheer weight?

I know humans aren't perfect and are capable of writing really bad unmaintainable code too, but this is just embracing that more. This feels like going further down the same route of how we ended up with 10MB websites that take many seconds to load. But yeah it will probably win over the market.

> An unreadable 100K loc program backed by 50K tests, guaranteeing behavior to the client requirements. Cost: $50K of API tokens

As my team has spent the past several months trying to explain to upper management, you can't guarantee that the program does what the client wanted just by adding more tests.

If the AIs ever become capable of reliably producing what the client wanted, they will win. But I'm not convinced they will. They might be able to produce what the client asked for, but programmers have known for decades that that's pretty much useless.

// When I wrote this code, only Copilot and I understood what I did. Now only Copilot knows.

> No sufficiently large software system that interacts with the real world is provable to be correct like a mathematical statement is.

People who work in formal verification will either vehemently disagree with you or secretly know you're right.

> guaranteeing behavior to the client requirements

> built by humans, with elegant abstractions

Frankly, I look at both of these options and think I haven't seen either in the wild...

I think the question to ask about your two scenarios: in which is it faster and cheaper to get from v1 to v2? From v2 to v3? I think, for right now, it's cheaper under scenario B. But in the future? Who knows!

> Cost: $50K of API tokens

What? It costs exactly $200

Kind of but vibe coding lets you attempt at tackling problems without bothering to do any research to understand what the solution needs to look like or how the existing codebase is structured.

Just yesterday a coworker who knows little Rust vibe coded a new feature that “worked” but is actually horribly broken (lots of synchronous I/O/locks/channels in a tokio async context). On top of everything else, they created their own bad abstractions for things that already had safe async abstractions.

If they’d had to actually do this themselves they either would have asked for help sooner so they could be guided or they would have done research in the code which already had examples on how to do things.

Yeah since when prototypes built to throwaway are a bad thing? They're arguably the most important step to build a business.

Legacy code isn't a bad thing either. The majority of code that actually generates revenue right now is probably considered "legacy" by the devs working there.

Yep. The humorous definition of legacy code is anything merged to trunk.

When you say "almost" - could you say something about the codebases you saw where this doesn't apply? I'd love to hear about the best codebase you were SWE for and what we could learn from it.

I'm still finding the right sweet spot personally. I would love to only think in architecture, features and interfaces and algorithms, and leave the class and function design fully to the LLM. At this point this almost works, but requires handholding and some retroactive cleanup. I still do it because it's necessary, but I grow increasingly tired of having to think to close to the code level, as I see it more and more as an implementation detail. (in before the code maximalists get in my case).

Do you do anything special to get it follow your preferred style?

> And a product is not the same as an MVP

Tell that to almost every company I've worked for!

The whole "make it to the next financial quarter" attitude among directors and C-suite these days leads to the kind of crap where developers build an MVP and then are made to move on to the next thing. Like you said, it's not really about vibe coding at all. To a degree, they're right; the perception of feature richness leads to the bottom line irrespective of quality because few are truly comparing products, assuming it's feasible.

Hell, are developers (which we now call engineers apparently) even empowered to prototype things these days? I'm sure it happens, but it doesn't seem all that common. Maybe it happens in the gaming industry and actual tech (not "big tech"). Most coding outfits don't provide much affordance for that. It's just MVPs all the way down. At best, vibe coding just accelerates that process while quality suffers.

> that disconnect exists because people are mixing up terminology that took engineers years to define properly.

This is one of the larger trends I've observed in about 10 years of the software industry. A lot of these terms are really the crystallization of discussions at the water cooler, expositions in books or articles, or on technical fora like these, that span months if not years and thousands upon thousands of words. A veteran utters the word and immediately all the past conversations he's had regarding this topic come to mind.

Newer cohorts come in, and, not having been privy to those discussions, latch on to the jargon in a mimetic attempt to stochastically parrot the experts, but don't have the substance underlying the word - they only have the word itself. Now it gets thrown around as an ill-defined, ill-specified buzzword that means multiple different things to multiple people, none of whom can clarify what exactly the definition of that word is, what it means to them, because they were never part of the discourse, the oral or written tradition, in the first place, and don't understand the meaning of that word in context, its usage.

"Agile." "Technical debt." "DevOps." And now, "vibe coding." There was an article here on HN [0] [1] discussing semantic drift of the term "vibe coding" and how it now means something different from what was originally intended; I will merely point out that this is par for the course in software.

For other, more technical, examples of linguistic sloppiness: see JavaScript's conflation of objects, JSON, dictionaries, and hashmaps; to the computer scientist, you have the compositional primitive from object-oriented programming, the JavaScript Object Notation for serialization, the abstract data type, and the concrete data structure, respectively. To the JavaScript programmer, you just have "objects," and the fidelity of your linguistic and conceptual space has been reduced to a single pixel instead of something with more resolution and nuance.

[0] https://simonwillison.net/2025/Mar/19/vibe-coding/

[1] https://news.ycombinator.com/item?id=43739037

> Everyone else is just building simple (and working) software on top of disposable code.

I'd argue we should better define working. Take for example a generated UI, they all look the same and are subtly wrong or broken in many ways. At a first sight it might seem "working" only to fail at the first user test. Also generated UIs already feel like obsolete, meaning they religiously follow the trend at the training moment, they spectacularly fail coming up with something new

Even thinking outside of product view point - speaking technically, I can't think of anything worse than junior dev's or PM's determining what they want technology-wise. At least once a week in my entire career I've had to shoot down awful ideas because they would be unnecessarily risky, won't possibly scale beyond minor use case, etc.

I would hazard a guess it's going to be extremely profitable being a consultant in the next few years.

In the past I always talked about other devs in different mindsets. What we see is currently a developer fatigue of code that nobody understands anymore.

Usually that was when an engineer chimed in, and made the broken part into something more useful and more maintainable.

Then an architect looked at the codebase and tried to reduce its complexity.

Now, post LLM, it seems we have 100x the code written by devs, and engineers and architects are completely left out.

And that's what we are observing.

If you figure out how to test this, whether or not with e.g. a TDD MCP server or a DDD MCP server (or whatever workflow and architecture you prefer) you have a potential for a trillion dollar startup. We need to scale the efficiency of code reviews, because currently that is utterly broken as a concept and doesn't scale well enough.

Have you seen how enterprises write code for internal use?

It's no different to vibe coding, except if you ask an LLM to harden your code base to pass a pen test, it will do something.

Enterprises just don't give a sh!t.

I had a PM at my company (with an engineering background) post AI generated slop in a ticket this week. It was very frustrating.

We asked them: "Where is xyz code". It didn't exist, it was a hallucination. We asked them: "Did you validated abc use cases?" no they did not.

So we had a PM push a narrative to executives that this feature was simple, that he could do it with AI generated code: and it didn't solve 5% of the use cases that would need to be solved in order to ship this feature.

This is the state of things right now: all talk, little results, and other non-technical people being fed the same bullshit from multiple angles.

Asking someone to maintain a "vibecoded" project isn't vibecoding anymore, by definition. I feel this whole thing is going the "AGI" way. Everyone is shouting above everyone else, using different definitions and biases, and there is 0 productive discussion going on.

Vibe coding - you don't care about the code. You don't look at the code. You just ask, test that what you received works, and go on with your life.

LLM-assisted coding - you care about the code. You will maintain that code. You take responsibility and treat it as any other software development job, with everything that's required.

Same same, but different.

I ran into an AI coded bug recently the generated code had a hard coded path that resolved another bug. My assumption is the coder was too lazy to find the root cause of the bug and asked the LLM to "make it like this". The LLM basically set a flag to true so the business logic seems to work. It shouldn't have got past the test but whatever.

In another code base, all the code was written with this pattern. Its like the new code changed what the old code did. I think that 'coder' kept a big context window and didn't know how to properly ask for something. There was 150 line function that only needed to be 3 lines, a 300 line function that could be done in 10 etc. There were several a sections where the LLM moved the values of a list to another list and then looped through the new list to make sure the values were in the new list. It did this over and over again.

I think most experienced programmers get this.

But it seems like advocates of "vibe coding" will fall into the trap of assuming "vibe code can't ever be legacy, because you can just point another LLM at it and it will pick up right where it left off"

What are you referring to with PHP dev copypasta from Stack Overflow?

> I think you are not going far enough though: All code is legacy code. So vibe coding's ability to make writing more code faster isn't special because it's code nobody understands: Your hand-rolled code is also bad.

This is "but humans also", which I believe should be a recognised fallacy at this point.

Not all code is legacy code, for one thing; some is small enough that it is absolutely live in the minds of developers.

The best practical definition of legacy code is that it is voluminous, entrenched and owned by nobody currently in the organisation. Vibe code typically meets two of those requirements the moment it is produced.

That's not what legacy means. Legacy means the people who understood it are gone and you're left with code that's hard to maintain because it's hard to understand because the people who understood it are gone.

Fair! I agree that we want as little code as we can get away with. We love pull requests with a lot of red (deleted lines).

Like you say about libraries, it is possible to have code that isn't your problem. It's all about how leaky the abstraction is. Right now LLMs write terrible abstractions, and it's unclear how long it'll take for them to get good at writing good code.

I am excited to invest more in tools to make the understanding of code easier, cheaper, and more fun. My friend Glen pointed one way in this direction: https://glench.github.io/fuzzyset.js/ui/

As Geoffrey Litt likes to say, LLMs can help with this by building us throwaway visualizers and debuggers to help us understand our code.

I'm sorry, but how is all code legacy code? Have you never written or worked on a project for which you got such a deep understanding that you could track down the likely source of a bug in your head before even fully reading the issue? Visualize how you'd add a feature before opening the editor? This is not legacy code just because it's old.

All code is a liability but all code is not legacy. I'm not OP but I agree Vibe is legacy simply because there is no longer anyone around that is qualified to maintain it or know the reasoning behind it (there never was)

My hand rolled code isn’t legacy code for at least three months. After that I need my documentation to make changes.

Vibe code is legacy from day one and with changing styles