Skip to main content
友田 陽大
Vibe coding: shipping AI-generated code safely
バイブコーディング
AI駆動開発
技術選定
セキュリティ
Next.js

What is vibe coding? Choosing between Cursor, Claude Code, v0, Lovable, and Bolt — and taking it to production

What is vibe coding? From Karpathy's original definition, to the criteria for choosing between Cursor, Claude Code, v0, Lovable, and Bolt across three categories — editor-type / agent-type / builder-type — to the minimum production gates that close the gap between 'it runs' and 'it's safe.' A start-to-finish guide for developers who build things themselves.

Published
Reading time
11 min read
Author
友田 陽大
Share

Let me give the conclusion first. vibe coding is "a way of building where you hand the code to an AI and move on vibes without reading each diff," and you'll never be lost choosing between Cursor, Claude Code, v0, Lovable, and Bolt if you sort them into three categories — editor-type / agent-type / builder-type. But no matter which tool you build with, "it runs" does not mean "it's safe, it won't break." The key to turning generation speed into production quality is inserting a mechanical verification gate before you ship.

This article is for developers who build with their own hands. The buyer's perspective — "how do I evaluate the ordering and acceptance of an AI-built app" — is collected in a separate article (productionization & hardening). The audience is different, so don't conflate them. Here, on the premise that I have built — solo × generative AI (Claude Code) — a B2B SaaS that won the Minister of Economy, Trade and Industry (METI) Award and a payments platform with zero production double-charges, I write how to choose tools and the minimum bar for shipping to production, from a builder's point of view.


1. What is vibe coding — back to Karpathy's definition

"vibe coding" is a term Andrej Karpathy coined on February 2, 2025 (the original post). His definition goes like this — a new way of coding where you "fully give in to the vibes, embrace exponentials, and forget that the code even exists." He continues: "I always 'Accept All,' and I don't read the diffs anymore."

There's a line that often gets overlooked. Karpathy himself qualified it as "not too bad for throwaway weekend projects." In other words, vibe coding in its original sense is a technique for rapidly building toys that don't matter if they break.

The problem is that the term was later stretched to mean "AI-led coding in general," and people started shipping even production SaaS in the same spirit. Apply the original "don't read the diffs" to a production app that handles payments or personal data — that's an incident. So this article's stance is: welcome the "vibe" of generation. But come back to your senses with mechanical verification only right before you ship.


2. Three categories of tools — editor-type / agent-type / builder-type

AI coding tools are proliferating, but view them along two axes — "abstraction" and "control granularity" — and they split cleanly into three. Understand this and the choice is settled in one shot.

CategoryRepresentative toolsYour roleAbstractionUnit of output
Editor-typeCursor, GitHub Copilot, WindsurfYou drive; the AI completes and suggestsLow (line to file)Diffs / completions
Agent-typeClaude Code, Codex, Cursor AgentDelegate tasks in words; the AI executes autonomouslyMedium (feature / multiple files)Commits / PRs
Builder-typev0, Lovable, BoltGenerate a whole app from a promptHigh (entire app)A running app + backend

Editor-type — you hold the reins

Cursor and Copilot are powerful completion embedded in your editor. You drive one line — or one function — at a time, and the AI suggests the next move. Its strength is that control granularity is the finest and the output is always right in front of you. It suits surgical changes to existing code, delicate refactors, and "I just want to fix this one spot." The closest thing to vibe coding in its original sense is Cursor's Composer — and that's exactly what Karpathy cited as his example.

Agent-type — delegate the task

Claude Code and Codex autonomously execute task-level instructions across multiple files — things like "write tests for the auth module, run them, and fix whatever fails." They read files, edit them, run commands, and even create commits and PRs. The abstraction goes up a notch, and you move into the reviewer's seat. This is the workhorse for adding features, fixing bugs, and large refactors in an existing codebase. It's the center of gravity when I build production products.

Builder-type — generate an app from a prompt

v0, Lovable, and Bolt generate a running app — UI and backend included — from a single line like "build me an app that does X." The abstraction is the highest and it's the fastest. They have overwhelming force for standing something up from zero, a design starting point, or a prototype for an internal tool. On the other hand, this is also the category where the insides of what's generated — especially the database and authorization — are the furthest from your field of view. This is what leads into the heart of Section 4.


3. The criteria for choosing — pick by "what you're building"

Bringing the three categories down to an actual decision looks like this. My rule is simple: choose by "how tightly a human wants to hold the reins" = the level of risk.

ゼロから立ち上げ・UIの叩き台・使い捨てプロト
   └─→ ビルダー型(v0 / Lovable / Bolt)で一気に形にする

既存コードベースへの機能追加・リファクタ・テスト整備
   └─→ エージェント型(Claude Code / Codex)にタスクを委譲する

決済・認可・データ整合性など「間違えたら事故る」中核ロジック
   └─→ エディタ型(Cursor / Copilot)で1行ずつ運転し、diffを必ず読む

The important thing is that these three are not mutually exclusive — you switch between them phase by phase within a single project. I mix them: put out the skeleton with builder-type, stack features with agent-type, and drop down to editor-type to check the diff line by line only where money and permissions are touched. The higher you raise the abstraction the faster it goes, but the higher you raise it the less you can see of "what is actually happening." Tuning that invisibility to the risk is where a builder earns their keep.


4. "It runs" ≠ "it's safe, it won't break" — the higher the abstraction, the more the risk hides

This is the one line I most want to land in this article. No matter which category of tool you build with, "the demo runs" and "it doesn't leak and doesn't break in production" are separate things. Generative AI writes happy-path code astonishingly fast, but what production asks is how it behaves against malformed input, concurrent access, and — above all — "a well-formed request that points at someone else's ID."

And the higher the abstraction, the less visible this hole becomes.

  • Editor-type: the output is right in front of you, so you can still notice.
  • Agent-type: it spans multiple files, so it slips through if you neglect review.
  • Builder-type: it auto-provisions the backend. When v0 / Lovable / Bolt spin up Supabase behind the scenes, the RLS (Row Level Security) and authorization design become production-grade without you ever laying eyes on them.

This is not a hypothetical worry. A case where missing RLS in an AI-builder-made app let an unauthenticated attacker read and write other people's data is registered as CVE-2025-48757 (CVSS 9.3 CRITICAL). And Supabase's service_role key runs with PostgreSQL's BYPASSRLS and ignores RLS entirely — that the defense boundary moves to "where you keep the key" is something the generated code never tells you.

Furthermore, because the attack is a well-formed, correctly authenticated request, there are holes that WAFs and headers can't stop. Object-level authorization flaws (IDOR/BOLA) have been #1 in the OWASP API Security Top 10 ever since 2019 — the most frequent risk of all.

How often does it happen? In primary research on the OSS "Aegis" I'm involved with — a primary survey of 1,000 public Supabase apps found that roughly 9.2% of the apps that had RLS carried a policy that "authenticates but doesn't scope rows to the owner" (a lower bound, since the sample is public repositories; non-owner-scoped ≠ immediately vulnerable — it needs checking) (the survey's details and methodology). "Lets the login through but returns someone else's rows" — this structure of "authenticates but doesn't authorize" is the trap vibe coding steps on most easily.

Exactly which vulnerabilities AI-generated code mass-produces (missing authorization, missing input validation, hardcoded secrets, slopsquatting, and so on) is explored in depth, with before-and-after code, in Vulnerability assessment of AI-generated code. I won't repeat it here.


5. The minimum gates for shipping to production — insert one verification step into the vibe loop

So what do you do to reach production quality without killing generation speed? The answer is "don't change how you generate; just pass through four mechanical gates right before you ship." This is the final "verify" part of the explore → plan → implement → verify loop I use consistently.

GateWhat it stopsHow
① Typed boundariesMalformed input / unexpected data shapesZod parse external input at the boundary. Eliminate direct process.env references with types
② Invariant testsSkipped or regressed authorizationPin down "you can't see someone else's data with someone else's ID" as a test
③ CI quality gate"A human forgets to review"Enforce type checking, static analysis, and dependency/secret scanning on every PR
④ Security scanCommon injection / RLS & authorization trapsStatic analysis with npx @aegiskit/cli scan

The design philosophy behind ①②③ — dropping acceptance criteria into tests and mechanically upholding them in CI — is collected in Quality gates for AI-driven development. And as the polar opposite of "don't read the diffs," the approach of fixing what you'll build as a spec first and letting the AI handle only "the implementation that satisfies that spec" is covered in The spec-driven development workflow. Generate fast on vibes, but keep the entrance (the spec) and the exit (verification) in human hands — that's the key to having both.

Where ④ fits — make the current state visible with free OSS

Even before you've set up ② and ③, you can diagnose the code you have with a single command. The MIT-licensed OSS Aegis runs static analysis with no install via npx @aegiskit/cli scan, and it automates filling the gaps in the "horizontal controls" — headers/CSP, rate limiting, input validation, CSRF, secret hygiene — while it detects and warns on the "vertical risks" a library can't fix (authorization/IDOR, Supabase RLS design mistakes). Code exported from v0 / Lovable / Bolt can be fed in as-is.

But — Aegis does not claim to "protect you completely." A tool that advertises otherwise is, if anything, dangerous (the complacency of "I installed it, so I'm fine" produces the worst outcomes). The authorization, business logic, and tenant isolation raised in Section 4 are "vertical risks," and neither an AI nor a scanner can guarantee them by nature. That's because they depend on the meaning of your business rules — "who owns what, and which operations they're allowed." What a scanner can do is inspect "form," not guarantee "meaning." So keep closing the vertical risks as a human job — design and review — to the very end; don't let go of it.


6. Going deeper from here — how to walk the productionization cluster

From this pillar article, reading the following by your goal is the shortest path.


Summary — welcome the vibes; come back to your senses only right before shipping

  1. vibe coding's original meaning is "throwaway weekend projects" (Karpathy). If you bring it to production, add the verification gates that the original meaning never had.
  2. Tools come in three categories — editor-type (Cursor/Copilot) / agent-type (Claude Code/Codex) / builder-type (v0/Lovable/Bolt). Choose by abstraction and risk.
  3. The higher the abstraction, the more the risk hides. Builder-type in particular goes production-grade with RLS and authorization unseen (a measured lower bound of 9.2%, CVE-2025-48757).
  4. The minimum production gates are four — typed boundaries → invariant tests → a CI quality gate → npx @aegiskit/cli scan.
  5. Authorization, business logic, and tenant isolation are the human domain. Don't let go of spec decisions and design review.

I myself, staying solo × generative AI with this approach, have built a B2B SaaS that proved zero missing-authentication findings across all 221 endpoints through four rounds of audits, including third-party penetration testing across 15 real roles and a payments platform with zero production double-charges. The source of speed is AI; the source of safety is verification — with that design in place, vibe coding becomes the strongest weapon you have. Start by making the current state of your code visible with the free Aegis.

Frequently asked questions

What is vibe coding?
A term Andrej Karpathy coined in February 2025 for a way of building where you hand off to an AI coding agent and move the code forward on 'vibes' without reading each diff. Its original meaning was for throwaway weekend projects; it does not assume production use. Today it's often used loosely to mean 'AI-led coding in general.'
How do you choose between Cursor, Claude Code, v0, Lovable, and Bolt?
Sort them into three categories by abstraction and control granularity. Surgical edits to existing code suit editor-type (Cursor/Copilot); feature-level implementation and refactoring suit agent-type (Claude Code/Codex); UI from scratch and early prototypes suit builder-type (v0/Lovable/Bolt). Choose by what you're building and 'how tightly you want a human on the reins.'
Can you ship an app built with vibe coding straight to production?
In most cases, as-is, it's dangerous. AI writes the happy path fast, but the adversarial conditions of production — malformed input, concurrency, authorization, error handling — tend to be missing. Builder-type tools in particular auto-generate the backend, so gaps in RLS and authorization are hard to see; ship only after passing the minimum gates of typed boundaries, tests, CI, and a security scan.
Is there a free way to audit vibe-coded code?
Yes. Aegis, an MIT-licensed OSS, statically analyzes your current project with `npx @aegiskit/cli scan`. It detects missing horizontal controls — headers/CSP, rate limiting, input validation — and it detects and warns on vertical risks such as authorization/IDOR and Supabase RLS design mistakes. But it does not claim 'complete protection' — closing those is a design decision.

References

友田

友田 陽大

Developer of a METI Minister's Award–winning product. With TypeScript + Python + AWS, I deliver SaaS, industry DX, and production-grade generative AI (RAG) end to end — from requirements to infrastructure and operations — single-handedly.

That AI-generated code — safe to deploy as-is?

After “it works” comes “it doesn't leak” — scan your project free with one command

Aegis, an MIT-licensed OSS, automates the controls AI tends to skip (headers/CSP, rate limiting, input validation, secrets) and detects-and-warns on vertical risks in authorization and RLS design. The fix plan from `aegis fix --format json` pastes straight into Claude Code or Cursor.

Available for both project-based (contract) and advisory engagements. Start with a free 30-minute consult.

Also worth reading