"Trusting an AI to generate perfect code is insane!" The truth about vibe coding

Coding is now AI-assisted. It’s not about “vibe coding”, and it’s certainly not using blind faith in AI to create code. That’s not AI’s future, nor really its present – at least, not for serious developers. They are instead using AI as part of their workflow of creating, interrogating, and refining code, involved at each stage but not wholly responsible for any part.

Somewhere between 84% and 97% of developers now use AI coding tools, depending on the research you believe, with many making everyday use of these tools. A new era of productivity beckons. Or perhaps not: more AI use is correlated with slightly lower throughput, and less stability.

AI is not a “cheat code” that speeds up writing code. It is, in fact, a fundamental shift in the way that developers work, and the infrastructure that supports them needs to change too.

Shifting balances

Why can more AI use mean lower productivity? The answer lies in the way that the gains are not being shared across the whole coding cycle. Developers are pumping out changes faster than anyone can properly review and test them. The result: backlogs and wasted time.

Right now, around a third of developers are not even checking their code before shipping it. This needs to change. AI-created code needs to be treated like a first draft and carefully checked for vulnerabilities and errors. Simply trusting an AI to generate perfect code is not just irresponsible, it’s insane.

Overall, the shift is from coding, to reviewing code. If code review tests take 30 minutes, but developers write code in 30 seconds, that has to change where the focus for developers must be.

The job of developers has fundamentally shifted from “write code” to “orchestrate and validate code generation”. That is not a step down for developers, but in fact placing greater demands on them than ever.

Rather than “vibe coding”, the future is “spec coding”. The important decisions still lie with humans: writing the specifications, defining interfaces, data models, security boundaries… all the big decisions that matter and are hard to reverse. With these decisions made, AI can then “fill in the gaps”, handling the implementation within human-authored constraints and guidelines.

With spec coding, the human can be seen as a lead architect, heading up a team of AI coders. Rather than rely on a single AI tool, multiple tools can be used, and AI can review and critique code written by another AI, just as developers will review code written by others. And while we should be careful of assigning emotions to AI tools, they often seem to enjoy criticising the work of other AIs, making for useful and diligent reviews.

The right infrastructure

A mantra within the industry is that good developers will be able to use AI responsibly. But placing this trust in “good developers” to do the right thing can be severely tested when times get stressful. Deadline pressure, unfamiliar domains, junior developers who lack the experience to fully understand risks – these are all potential issues that may cause irresponsible use of AI and are not caused by being a “bad” or “lazy” developers, but a lack of safeguards that prevent misuse.

The infrastructure that developers build on needs to have systemic safeguards in place to ensure safety, without slowing developers down. There’s a host of important considerations the right infrastructure should enable for developers using AI in the right way:

• Automated security scanning on every change. This can’t be optional or through a checkbox process, it should just happen. 
• Preview environments should allow developers to see their code running in production-like conditions immediately, not after a 20-minute wait. 
• Policy-as-code should make compliance automatic with rules such as "containers don't run as root" and "log all external API calls". 
• SBOMs should be generated in CI/CD, so when the next Log4j drops any exposure can be identified within hours.

The goal is to make the fast path, the safe path. With no need for shortcuts, developers can be trusted to do what they do best: move fast. 

Being “AI-ready”

The discussion around AI coding tools needs to move forward. We’re far beyond the debate on whether they should be used, or whether they are safe or not. They are here, in use, and fundamentally changing developer roles.

Being “AI-ready” isn’t about being willing to use AI, but rather creating the infrastructure and policies for AI use to thrive, and changing the expectations of developers so they can make the best use of AI.

Being a developer is about far more than creating code. It's about designing reliable user experiences, handling edge cases, ensuring security, managing integrations, and maintaining performance. All these responsibilities fall outside of AI’s capabilities. Humans will remain a key part of development, but need to focus on these skills as AI takes on more of the repetitive “grunt work”. Both the robots and humans will need the right infrastructure and support to enable success.

Guillaume Moigneu is Field CTO at Upsun