Your Vibe-Coded App Is A Trojan Horse. Karpathy Just Said The Quiet Part Loud.

Andrej Karpathy got on stage at Sequoia's AI Ascent two months ago and said something that should have made every founder in the room nervous. He coined the term "vibe coding" a year earlier. Now, in front of the same crowd, he said he's "never felt more behind as a programmer" — and drew a hard line between vibe coding and what comes next.^[1]

He called it agentic engineering. He said vibe coding raises the floor. Agentic engineering raises the ceiling.

If you're a non-technical operator who shipped something with Lovable, Bolt, or Replit in the last six months, you should care a lot about that line — because right now your app is sitting on the wrong side of it, and that gap has a price tag attached.

What he actually said

The talk gets quoted in pieces, so here's the part that matters for operators. Vibe coding, in Karpathy's framing, is when a person describes what they want and accepts whatever the model produces. No spec. No diff review. No evals. "Anyone can build software without understanding syntax, without knowing how the code works, without being able to debug it. That's genuinely useful."^[2]

Agentic engineering is the discipline of coordinating fallible, stochastic agents — writing specs they can't drift from, building eval loops, reviewing diffs, owning the system end to end. Same agents. Different operator.

Karpathy isn't saying vibe coding is bad. He's saying it's the floor. The question is whether your business app is sitting on the floor or somewhere higher up.

The receipts on the floor

For most operators, the answer is the floor. And the data on what that looks like in production is brutal.

Escape.tech scanned 5,600 publicly available apps built with vibe coding tools in early 2026. They found over 2,000 high-impact vulnerabilities, 400+ exposed secrets (live API keys, database credentials, auth tokens), and 175 instances of exposed personal data — all live, all reachable.^[3] These aren't hypotheticals. These are real apps with real customers' real data sitting one URL away from anyone who knows how to read a JavaScript bundle.

The Cloud Security Alliance ran a separate benchmark on AI-generated code samples. 45% failed OWASP Top-10 security tests. Java code came in at a 72% failure rate.^[4] Prompt-injection prevention — the most relevant category for anything that talks to an LLM — failed 86% of the time.^[4]

OX Security pegs the overall vulnerability rate at 62% of vibe-coded code shipping with security flaws.^[5] CodeRabbit's analysis shows AI-generated code is 2.74x more likely to introduce cross-site scripting bugs than human-written equivalents.^[6]

And the volume is not slowing down. Lovable alone is seeing 200,000 new vibe-coded projects created per day.^[7] Gartner forecasts 40% of new enterprise production software will come from vibe coding by 2028 — while simultaneously warning that prompt-to-app citizen-developer workflows could increase software defects by 2,500%.^[8]

That last number is the one that should keep you up. A defect at 25x the baseline rate is not a tooling problem. It's a business risk you're carrying without knowing it.

Why most takes are wrong

The dominant take from VCs and Twitter has been "this is fine, the tools will get better." That's true and irrelevant. The tools will get better. Your app, the one you already shipped, will not get better on its own. It will keep serving traffic with whatever flaws were baked in the day the model finished generating it.

The second wrong take is "this only matters for tech companies." Half the apps in the Escape study were small businesses, side projects, internal dashboards, and operator-built ops tools. The kind of thing a $5M Shopify brand builds in a weekend to track refunds. That's where the credentials get exposed. That's where the customer data gets leaked.

The third wrong take is "I'll just have a developer audit it later." Sure. Hope you find one who agrees to audit a 12,000-line LLM-generated React app for less than what it would have cost to build it correctly the first time. Most won't touch it.

What it actually changes for operators

Three things change the day you accept Karpathy's framing.

One: stop calling it shipping. Call it prototyping. If you vibe-coded a customer-facing app in a weekend and pushed it to production, you didn't ship — you exposed a prototype. There's nothing wrong with prototypes. They're how you find product. There's a lot wrong with treating one like a production system that handles money or customer data. Internal tools, dashboards, lead capture forms — fine. Anything that touches checkout, auth, PII, or payments — not fine.

Two: assume your secrets are leaked. If you put an OpenAI key, a Stripe key, a Postgres connection string, or an admin token into a vibe-coded app, treat them as compromised. Rotate them. Move them server-side. Lovable, Bolt, and Replit have written entire blog posts about exposed secrets being the #1 issue they see, and they're shipping fixes — but the apps already deployed before those fixes don't retroactively benefit. The Escape study found 400+ live exposed secrets across just 5,600 apps scanned. Yours is in there or it's one of thousands more nobody's checked yet.^[3]

Three: stop hiring vibe coders. Start hiring agentic engineers. This is the part most operators will get wrong for the next 12 months. The market is flooded with people who can prompt Lovable into a working demo. The market is starving for people who can write a spec, build an eval harness, review LLM-generated diffs, and run the whole thing in production without a 62%-vulnerability default. Same tools. Completely different person. You're paying for the latter and getting the former, and you won't notice until something breaks.

The actual move

If you already have a vibe-coded app in production handling anything sensitive, the move is not to rebuild from scratch. It's to do three things this week, in order.

First, rotate every secret the app has ever touched. Every key, every token, every connection string. Assume they're already in someone's GitHub scrape and act accordingly.

Second, run a basic vulnerability scan against the live URL. Tools like Escape, Snyk, or even a free OWASP ZAP run will surface 80% of the bad stuff for an afternoon of work. You don't need a security firm — you need to know what's exposed.

Third, decide what the app actually is. If it's a real production system, plan a rebuild with an agentic-engineering loop: specs, evals, diffs, monitoring. If it's a prototype that got pushed too far, scope it back. Pull it behind auth. Make it internal. Limit who can reach it. Buy yourself time.

The thing Karpathy understands and most of the market doesn't is that the gap between vibe coding and agentic engineering isn't a tooling gap. It's an operating gap. The agents are the same. The discipline isn't. The next two years of business AI will sort operators into the ones who closed that gap and the ones whose customer data ended up in a Reddit thread.

If you want help figuring out which side of the line your stack is on, that's what a 30-minute audit call is for. No pitch. Just a read on whether what you shipped is a prototype, a system, or a liability.

Sources 8 references

1. 1
   Andrej Karpathy: From Vibe Coding to Agentic Engineering w/ Stephanie Zhan

   Sequoia Capitalvideo

   Karpathy's Sequoia AI Ascent 2026 talk where he named agentic engineering and said he'd never felt more behind as a programmer.

   ↩
2. 2
   Sequoia Ascent 2026 summary

   Andrej Karpathy (bearblog)primary

   Karpathy's own written summary of the vibe coding floor vs agentic engineering ceiling framing.

   ↩
3. 3
   Methodology: 2k+ Vulnerabilities in Vibe-Coded Apps

   Escape.techreport

   Scan of 5,600 vibe-coded apps surfacing 2,000+ vulnerabilities, 400+ exposed secrets, 175 PII leaks.

   ↩
4. 4
   Vibe Coding's Security Debt: The AI-Generated CVE Surge

   Cloud Security Alliancereport

   AI-generated code benchmark: 45% OWASP fail rate, 72% Java fail rate, 86% prompt-injection prevention fail rate.

   ↩
5. 5
   Vibe Coding Security: Why 62% Of AI-Generated Code Ships With Vulnerabilities

   OX Securityanalysis

   62% of vibe-coded code ships with security flaws.

   ↩
6. 6
   Vibe Coding Security Risks: Why 53% of AI Code Has Security Holes

   Autonomaanalysis

   CodeRabbit-cited stat that AI-generated code is 2.74x more likely to introduce XSS bugs than human-written equivalents.

   ↩
7. 7
   Vibe coding is being called the greatest unlock for non-techies. These 8 startups are raising billions.

   Business Insidernews

   Lovable seeing 200,000 new vibe-coding projects created per day.

   ↩
8. 8
   Vibe coding statistics 2026: Adoption, productivity, and security data

   Hostingeranalysis

   Gartner forecasts: 40% of new enterprise software from vibe coding by 2028, with 2,500% defect increase warning from prompt-to-app citizen developer workflows.

   ↩