[Roundup] AI Made Development Faster. Then Quietly Broke Things.

In February 2025, former Tesla AI Director Andrej Karpathy posted the term "vibe coding" on X. It racked up 6.8 million impressions. By November 2025, Collins Dictionary named it their word of the year. The practice of having AI write your code has moved beyond trend into infrastructure.

GitHub Copilot has surpassed 20 million users. According to the 2025 DORA Report, 90% of software development has adopted AI. 84% of developers use AI tools, and 51% use them daily. This is no longer a question of whether to use AI.

Meanwhile, 62% of AI-generated code contains design flaws, and approximately 246,000 tech workers were laid off in 2025 alone. AI made development faster. It has also quietly begun to break things. As a freelance engineer in downtown Yokohama who uses AI daily, let me lay out both sides.

Three Benefits AI Has Brought

Satoshi Nakajima, an engineer who worked on Windows 95, compares vibe coding to "disposable paper bags." If traditionally engineered code is a Louis Vuitton bag, vibe-coded output is a paper bag. The cost is orders of magnitude lower, which means software that you only use once is now economically viable.

Understanding that it is a paper bag, the benefits AI has brought to development are genuinely significant.

Development Speed Has Increased by Orders of Magnitude

Multiple studies measuring GitHub Copilot's impact have produced clear numbers.

The 2025 Google DORA Report found that over 80% of respondents reported improved productivity with AI. But the same report added a telling line: "AI doesn't fix a team; it amplifies what's already there." Speed has increased. But perhaps only for teams that were already good.

The Number of People Who Can Build Has Exploded

In his video, Nakajima mentions his son, a venture capitalist who never studied computer science. He builds dedicated iPhone apps for his fund's investors using vibe coding. He doesn't even review the code. If it works, ship it. If not, redo it. What used to cost millions of yen can now be built by someone who isn't even an engineer.

This isn't limited to individuals. In large enterprises, citizen developers (business staff building their own apps) now outnumber professional developers 4 to 1. In Y Combinator's Winter 2025 batch, 25% of startups had codebases that were 95% LLM-generated.

A striking example: Base44, founded solo by Maor Shlomo with no external funding and 8 employees, acquired 250,000 users in 6 months and was bought by Wix for $80 million.

"We Don't Have the Budget" Is No Longer an Excuse

Solopreneurs can now run a full tech stack for $3,000–$12,000 per year — a 95–98% cost reduction compared to traditional staffing models. Solo-founded startups grew from 23.7% in 2019 to 36.3% by mid-2025.

Nakajima sees this as a fundamental shift in the enterprise custom application market. Companies used to hire IT consultants and spend six months customizing Salesforce CRM or SAP accounting software. Now salespeople can vibe-code their own customizations in a day or two. Because the cost has dropped to paper-bag levels, it's now realistic to build an app for each department, each sales rep, or even a single customer.

Five Crises AI Is Accelerating

So far, this sounds like nothing but good news. But paper bags have paper-bag problems. Pour water in and the bottom falls out. Sometimes the contents are visible to everyone.

Half of AI-Written Code Is Full of Holes

Research published on arxiv found that 62% of AI-generated code contains design flaws or known security vulnerabilities. A Carnegie Mellon study showed a 61% pass rate on functional tests, but only 10.5% on security tests. It works, but it's not safe.

Georgia Tech researchers note that "actual numbers could be 5–10x the detected count." Monthly AI-caused CVEs went from 2 in August 2025 to 35 in March 2026 — a 17x increase in six months.

Real damage has occurred. In early 2026, a vibe-coded app suffered a data breach exposing 1.5 million API keys and 35,000 user email addresses. The creator admitted they "hadn't written a single line of code manually." A survey of 5,600 vibe-coded apps found over 2,000 vulnerabilities and 400+ exposed secrets.

Deep dives on this topic:

• → I Reviewed an OSS That Was 95% Written by LLMs
• → When AI-Written Code Breaks, Whose Fault Is It?
• → AI Code Gets Worse the Longer You Use It — All 11 Models Failed

OSS Supply Chains Collapsed in a Cascade

In March 2026, the security scanner Trivy's GitHub Actions were compromised. Within just 10 days, the attack group "TeamPCP" used stolen credentials to cascade through four OSS projects, including LiteLLM (95 million monthly downloads) and Telnyx.

The LiteLLM attack exploited Python's .pth file mechanism — no imports, no install scripts needed. Simply starting the Python interpreter executed malware. SSH keys, cloud credentials, Kubernetes secrets, and cryptocurrency wallets were stolen.

There's also a new threat called "slopsquatting." When LLMs generate code, approximately 20% of recommended packages don't actually exist. When the same prompt is run 10 times, 43% of hallucinated package names repeat every time. Attackers register those names and plant malware. This was documented by a joint study from Virginia Tech, the University of Oklahoma, and the University of Texas.

Related articles:

• → A Cascade Started from Trivy. 4 OSS Projects Fell in 10 Days
• → LiteLLM with 95M Monthly Downloads Was Hijacked
• → Invisible Malware Was Planted in GitHub Code

250,000 Lost Their Jobs at Major Tech Companies

In 2025, 783 layoff events hit the tech industry, affecting approximately 246,000 workers. By March 2026, another 60,000 — a pace of 682 people per day.

What makes this troubling is that layoffs and strong earnings are happening simultaneously. Block reported $2.87 billion in gross profit (up 24% year-over-year) while cutting 40% of its workforce. The stock rose 23% after the announcement. CEO Jack Dorsey stated that "intelligence tools have changed what it means to build and run a company," but posts on the anonymous app Blind suggested "pandemic over-hiring corrections rebranded as AI replacement."

Atlassian declared in October 2025 that it would "hire more engineers thanks to AI," then laid off 1,600 people (including 900 engineers) five months later. Data shows that 54% of companies are funding AI investments by cutting employee compensation.

Related articles:

• → Block Laid Off 4,000 for AI. The Stock Surged 23%
• → Atlassian Cut 900 Engineers 5 Months After Promising to Hire More with AI
• → $135B AI Investment, 16,000 Laid Off — Meta's Equation

The App Store Is Overwhelmed, and Slop Is Everywhere

When paper bags are mass-produced, garbage increases. App Store submissions rose 54.8% year-over-year. Reviews that normally took less than 24 hours have stretched to 45 days in some cases. Apple officially states "90% are reviewed within 48 hours," but developer forums are filled with posts from people waiting two weeks or more.

Merriam-Webster chose "slop" as their 2025 Word of the Year — defined as "digital content of low quality that is produced usually in quantity by means of artificial intelligence." AI-generated articles now account for over half of English web content, and eMarketer predicts 90% by 2026. Raptive's survey found that content suspected to be AI-generated reduces reader trust by approximately 50%.

Related:

• → App Store Reviews Now Take Up to 45 Days as AI Apps Overwhelm the System

More People Are Treating AI Output as "The Answer"

Stanford researchers measured sycophancy across 11 AI models. They found that AI agrees with users 49% more than humans do, and affirms harmful or illegal scenarios 47% of the time.

This is causing real-world problems. A restaurant owner consulted ChatGPT about a staff dispute and shared the screenshot as "objective evidence." Of course, having only input one side of the story, the AI returned an answer favorable to the owner. That's not objective judgment — it's faithful output based on biased input.

Research by Welsch et al. at Aalto University found that while AI usage improved actual performance by 3 points, self-assessment inflated by 4 points. Confidence grows faster than competence. A correlation has also been reported between frequent AI use and declining critical thinking ability.

• → ChatGPT Agrees With Everything You Say. Stanford Proved It
• → AI Handed Out the Weapon of Plausibility, and It's Hitting People

What Vibe Coding Can and Cannot Do

Looking at the data above, it's clear that AI code generation has both suitable and unsuitable use cases.

SlopCodeBench, published by the University of Wisconsin–Madison in March 2026, quantified the "struggles" column. When 11 AI models were given iterative code extension tasks, every model showed monotonic quality degradation. The highest accuracy was 17.2%, with zero perfect scores across 20 problems. One main() function bloated from 84 lines to 1,099.

The DORA Report's line is apt: "AI doesn't fix a team; it amplifies what's already there." Good teams get better with AI. Bad teams get worse faster. AI is a tool, not magic.

What the Industry Thinks

How do the world's most renowned engineers view the benefits and risks we've examined through data? Their positions vary, but unconditional endorsement and unconditional rejection are both virtually nonexistent. Everyone attaches some kind of caveat.

"This Is Real"

"It Depends on How You Use It"

"Don't Trust It Yet"

How I Use It: Break Things Small, Let AI Fight Where It's Strong

First, a premise: I don't use AI for the core foundation, the central architecture that everything else sits on, or the initial build. I design that with my own head and write it with my own hands. That's exactly the domain where AI struggles — integration decisions across features, deciding what to abstract versus duplicate.

On top of that foundation, I actively use AI for the small features that grow around the edges — Lambda functions, utility libraries, and similar isolated pieces. Vibe coding is strong at single small tasks. So the key is cutting the work to a granularity AI is good at.

For example, when I want to carve out part of a Python-based system into a Lambda, there used to be situations where Go would have been the better choice, but we'd go with Python anyway because of learning costs, staffing, and maintenance overhead. If nobody on the team could write Go, the option simply didn't exist.

That's different now. I can decide "Go is the right tool here, so let's use Go." The language barrier has dropped significantly thanks to AI. With small, focused Lambda functions, the volume of AI-generated code to review stays manageable. This very site uses quite a few Lambdas, and I've started applying the same approach to client systems in my freelance work.

What matters is separating what can go into paper bags from what can't. And keeping what goes into paper bags small enough that rebuilding one from scratch doesn't hurt.

This kind of "decomposition to the right granularity" used to require the budget and team size of a large organization. Microservice architecture was talked about as an ideal, but only big companies could actually do it. Now individuals and freelancers can too. This may be the most practical benefit of paper bags getting cheaper.

If there's a key to maximizing vibe coding's power, it's not "hand everything to AI." It's "cut the work to the granularity AI is good at." One issue. One Lambda. One library. At that granularity, AI is surprisingly accurate. Hold onto the foundation yourself, and let AI handle the periphery. That's the most realistic approach I've found so far.

Frequently Asked Questions