Thought experiment here: What about the bugs that humans have wrote. (I'm not excusing or justifying to say AI Coding is better). At one point we shamed companies for producing and being sloppy with their engineering practices. All of the sudden in the last 10 years, we accepted company's excuses of "of well we don't care and we're garbage." (A lot of Amazon tone death documentation/surprise bugs/google's head scratching disconnect to the user, etc behaviors).
But I think this is a great thing to show that they're pushing to outsource coding to a bot and to shame them that their plan isn't working out so well as they're trying to force people to believe.
I think it may help if we start personalizing these trends with the people who are amplifying it. I.e. Jassyslop, Siemiatbot (Klarna CEO was bold to brag he dropped 80% of a role for AI) etc.
“Vibe coded”? I doubt that there is the documentary evidence that the code in these systems was never touched by a human. At best this is a list of code where AI tools were used in development. To be honest if you just created a list of all outages in all companies and systems you’d probably have a better list since AI tools are ubiquitous.
For CVE-2026-0755, that's a vulnerability in gemini-mcp-tool. gemini-mcp-tool's Github repo says "This is an unofficial, third-party tool and is not affiliated with, endorsed, or sponsored by Google." but this list shows the Google logo next to the vulnerability.
Also, it's not entirely obvious to me that the vulnerability was introduced by vibe coding.
In my experience over the last couple years, lists like this won’t move the needle at all. The AI zealots reject anything that calls into question the AI stuff, usually appealing to “just wait, better models/agents/guardrails imminent” and claiming that anecdotal productivity gains are worth the risk. The people concerned about AI already are concerned and just fall back to “I told you so”. Unfortunately the decision makers seem to still be following the zealots promising wondrous productivity, profit, and a future full of flying cars.
Why is the LiteLLM incident on there? The linked article for that one is a 404.
I didn't read any credible arguments suggesting that was caused by vibe coding. They had their PyPI publishing credentials stolen thanks to an attack against a CI tool they were using.
'vibe coding' is too loose a term. Everything will be generated by AI in the very near future, and it will range from 'fancy auto complete' to 'entirely autonomously generated' with many nuances and subtleties in between.
So this is a list of incidents where random people on the internet speculated about rumors that AI was to blame. The companies typically deny it. Insiders who know the details are generally unable to comment due to how large companies manage PR.
I love dunking on vibe coding as much as the next guy but is there actual evidence for most of the entries that such is the case? IMO that will make the point even stronger.
AI might have been an opportunity to take engineer hubris down a knotch. Perhaps to reassess the excesses (bad performance, bad UX, poor reliability, costly development & operations, etc) . Instead of reflection, we decided to shame AI as vibe coding .
How much abysmal code and products have we all shipped? Exploitative, clumsy , dangerous, vulnerable? What was our excuse?
I find the entire anti-vibe coding movement to be terribly tacky and judgmental.
We have an incredible tool that could 10-100x productivity. We should be using it to fix all of the terrible software we’ve made over the past 20 years. Instead there are 2-3 camps. People building stuff, people hyping AI and people shaming the first 2.
How often does software fail in production with human-written code? How many times has a production failure been avoided because an LLM didn't make a typo or mistake that a human would have?
This is pushing an agenda. It's not measuring anything meaningful.
Half this list is bad attribution. LiteLLM was a supply chain attack — stolen PyPI credentials, nothing to do with vibe coding. The Amazon outage number comes from a vendor blog pushing their own product. Nobody else reported it.
But the "where's your control group" take bugs me too. It's not that AI writes buggier code line for line. The gaps are just in different places. Devs who've shipped real apps add rate limiting, auth middleware, proper CORS — because they got burned before. AI skips all of it because nobody prompted for it.
I read through about 80 AI-generated repos a few weeks ago. Code looked decent. The missing stuff was always the same list — no auth on admin routes, API keys hardcoded in client JS, CORS wide open, debug endpoints still live in prod. Over and over.
Nothing there makes a wall of shame. Nothing's exploded yet. But it's the kind of stuff that does.
Coding with AI is kind of like obesity in modernity: having tons of resources is the goal, but once you get there, you end up in a system you're not really adapted to.
Personally, I don't care that much about org incentives (even though they obviously matter for what OP posted) but more about what it does to my thinking. For me, actually writing code is what slows my brain down, helps me understand the problem, and helps me generate new ideas. As soon as I hand off implementation to an LLM (even if I first write a spec or model it in TLA+) my understanding drops off pretty quickly.
A lot of bad software today is attributed to "vibecoding" even though these trends have been existing since before LLMs. Like, people have been complaining about Windows for decades before AI came on the scene, except these days the same issues are attributed to vibecoding.
I feel people are just lumping two things they don't like together because they are plausibly related, but without any real proven causality between them. Is this site any different?
It's just engagement farming. On Reddit's anti-LLM subreddits, lots of posts are LLM-generated slop railing against LLM-generated slop. It's LLMs all the way down now.
34 comments
[ 3.1 ms ] story [ 46.5 ms ] threadBut I think this is a great thing to show that they're pushing to outsource coding to a bot and to shame them that their plan isn't working out so well as they're trying to force people to believe.
I think it may help if we start personalizing these trends with the people who are amplifying it. I.e. Jassyslop, Siemiatbot (Klarna CEO was bold to brag he dropped 80% of a role for AI) etc.
Also, it's not entirely obvious to me that the vulnerability was introduced by vibe coding.
https://github.com/jamubc/gemini-mcp-tool
Disclosure: I work at Google, but not on anything related to this.
I didn't read any credible arguments suggesting that was caused by vibe coding. They had their PyPI publishing credentials stolen thanks to an attack against a CI tool they were using.
Plus the linked article for the Amazon outage is https://d3security.com/blog/amazon-lost-6-million-orders-vib... which appears to be some other vendor promoting their product without providing any details on what happened at Amazon.
So basically Reddit.
How much abysmal code and products have we all shipped? Exploitative, clumsy , dangerous, vulnerable? What was our excuse?
I find the entire anti-vibe coding movement to be terribly tacky and judgmental.
We have an incredible tool that could 10-100x productivity. We should be using it to fix all of the terrible software we’ve made over the past 20 years. Instead there are 2-3 camps. People building stuff, people hyping AI and people shaming the first 2.
Sad, really.
How often does software fail in production with human-written code? How many times has a production failure been avoided because an LLM didn't make a typo or mistake that a human would have?
This is pushing an agenda. It's not measuring anything meaningful.
But the "where's your control group" take bugs me too. It's not that AI writes buggier code line for line. The gaps are just in different places. Devs who've shipped real apps add rate limiting, auth middleware, proper CORS — because they got burned before. AI skips all of it because nobody prompted for it.
I read through about 80 AI-generated repos a few weeks ago. Code looked decent. The missing stuff was always the same list — no auth on admin routes, API keys hardcoded in client JS, CORS wide open, debug endpoints still live in prod. Over and over.
Nothing there makes a wall of shame. Nothing's exploded yet. But it's the kind of stuff that does.
Personally, I don't care that much about org incentives (even though they obviously matter for what OP posted) but more about what it does to my thinking. For me, actually writing code is what slows my brain down, helps me understand the problem, and helps me generate new ideas. As soon as I hand off implementation to an LLM (even if I first write a spec or model it in TLA+) my understanding drops off pretty quickly.
I feel people are just lumping two things they don't like together because they are plausibly related, but without any real proven causality between them. Is this site any different?