Andrej Karpathy wants the world to stop calling it vibe coding. Last week, celebrating the one-year anniversary of the "throwaway tweet" that accidentally named a movement and earned Collins Dictionary's word of the year for 2025, he offered a replacement. "Agentic engineering," he called it, meant to signal that professionals now direct AI agents to write production code rather than typing it themselves. "Engineering," he wrote on X, "emphasizes that there is an art and science and expertise to it."
The Argument
• Vibe coding platforms carry $45 billion in combined valuations, but only $27 million has gone to securing them
• A BBC reporter's laptop was hijacked via zero-click attack on Orchids, a platform with 1 million users and fewer than 10 employees
• Wix's Base44 platform exposed enterprise authentication to anyone with basic API knowledge, patched within 24 hours
• Karpathy's rebrand to 'agentic engineering' acknowledges a maturity gap the security infrastructure hasn't closed
The valuations track with the ambition. Cursor, the AI coding editor that rode the wave, raised $2.3 billion last November at a $29.3 billion valuation. Stockholm-based Lovable hit $6.6 billion the following month. Replit is reportedly nearing a round that would push it to $9 billion.
But between the tweet and the rebrand, a BBC reporter had his laptop taken over through a vibe coding platform in a zero-click attack that required nothing from the victim. A security firm found that Wix's vibe coding platform let anyone bypass enterprise authentication using data sitting in the URL bar. And the one startup dedicated to securing vibe coding workflows just raised $19 million. A rounding error against the $45 billion in combined valuations the industry has generated.
The promotion came through. The background check never happened.
The platforms nobody can reach
The Orchids hack played out like this. BBC cyber correspondent Joe Tidy downloaded the desktop app and started building a simple game. Lines of code filled his screen, thousands of them, none of it readable. Normal enough. Then his desktop wallpaper changed to an image of a hacker. A notepad file appeared reading "Joe is hacked."
Security researcher Etizaz Mohsin had exploited a flaw in Orchids to inject code into Tidy's project remotely. No phishing email. No malicious download. No action from the victim at all. A zero-click attack. There's no link to avoid, no file to refuse. The target just gets hit.
Mohsin found the vulnerability in December. He's 32, based in the UK, and spent weeks trying to reach Orchids through email, LinkedIn, and Discord. Around a dozen messages in total, all unanswered. The company claims one million users but employs fewer than ten people out of San Francisco. When they finally responded this month, they said they had "possibly missed" his warnings because the team was "overwhelmed with inbound."
A million users and fewer than ten staff. Too swamped to read a security disclosure from a researcher with a track record that includes work on the Pegasus spyware.
The Wix vulnerability told a parallel story with a bigger company. Cloud security firm Wiz discovered that Base44, Wix's vibe coding platform, hardcoded application IDs in publicly visible URL paths and manifest files. Anyone who spotted an ID could register a rogue account and bypass authentication, including the SSO protections enterprises trust to keep outsiders out. The exploit required what Wiz called "only basic API knowledge," no insider access necessary. Many of the affected applications handled HR operations and personally identifiable information.
Wix patched the flaw within 24 hours of being notified, then responded defensively, insisting they "continue to invest heavily in strengthening the security of all products." But Wiz's team had used what they described as "straightforward reconnaissance techniques." If finding the hole was that simple, the real question isn't why Wiz spotted it. The question is why Wix's own security processes never did.
You can generalize beyond Wix. Vibe coding platforms ship fast, attract users fast, and raise money fast. Security audits, penetration testing, vulnerability disclosure programs, all the machinery that builds trust, operates on a different clock entirely.
$19 million against $45 billion
If you want a single number that captures where vibe coding security ranks as an industry priority, run the ratio.
Cursor is valued at $29.3 billion. Lovable at $6.6 billion. Replit is on track for $9 billion. Add the smaller players and the combined valuations of platforms generating AI-written code approach $50 billion. Against all of that, Backslash Security, the only startup purpose-built for vibe coding security, has raised $27 million total. Nineteen million of it landed last week.
That ratio is the tell.
Backslash covers the full AI development lifecycle, monitoring code editors, autonomous agents, and MCP servers. It watches code scroll across developer screens in real time and applies guardrails without choking developer speed. "We've passed the point of no return on how enterprise software is being composed," CEO Shahar Man said when announcing the round. Hard to argue with that. But "past the point of no return" and "adequately secured" are not the same condition. The gap between them gets worse every quarter, not better.
Join 10,000+ AI professionals
Strategic AI news from San Francisco. No hype, no "AI will change everything" throat clearing. Just what moved, who won, and why it matters. Daily at 6am PST.
No spam. Unsubscribe anytime.
KOMPAS VC led the round. Partner Talia Rafaeli put it plainly. "AI has fundamentally changed how software is built regardless of industry and is dramatically increasing security risk." What she left unsaid is the uncomfortable corollary. Her firm's bet exists because the platforms generating billions in value haven't solved this problem themselves. The investors sound nervous. The platforms don't.
And Backslash is working alone. Legacy application security tools weren't built for AI-generated code. The newer AI security startups chase model-layer problems, prompt injection and jailbreaks, hallucination risks. The vibe coding platforms themselves, emboldened by valuations that keep climbing, treat security as someone else's department.
Part of the reason is technical. Traditional code scanners hunt for known vulnerability patterns in code humans wrote. AI-generated code presents a different challenge. It generally works and reads clean on first inspection. But it can harbor hardcoded secrets or logic flaws that an experienced developer would flag on sight. And the volume compounds everything. A single vibe coding session can produce hundreds of files in an afternoon, more code than a security team could audit in a week.
When vibes reach your homescreen
The discomfort shouldn't center on Orchids. Small startup, sloppy security, will either clean up or vanish. What should make you nervous is how fast vibe coding is spreading beyond developer tools into consumer products aimed at people who will never read a single line of code.
Nothing, the phone manufacturer, launched Essential Apps in beta this month. Users type a prompt, and AI generates a homescreen widget. A 9to5Google reviewer asked for a widget tracking soil moisture to plan outdoor activities. The platform built something that looked plausible. Was any of it accurate? The reviewer had no way to know. The widget pulls its data "from the ether," he wrote. Whether it was right or worthless, he couldn't check.
That sentence captures vibe coding's destination better than any industry report could. Not professionals directing agents under careful supervision. Consumers generating code they cannot read and have no way to verify, running on phones that hold their banking apps and private messages. Unlike the developer platforms, there is no security researcher on the other end filing disclosure reports. The consumer market has no Etizaz Mohsin.
A Forbes Tech Council essay by Amorepacific's Joey Ahnn tried to stake out a middle ground, arguing for sandboxed experiments with hard lifecycle limits and strict separation from production systems. The productivity case is real enough. Developers using AI assistants report a 10 to 30 percent boost, with some studies claiming 60 percent. But Stripe's research found developers already spend 13.4 hours per week, a full third of their working time, cleaning up technical debt. That figure comes from a time when humans created the debt themselves. Nobody has measured what happens when agents start mass-producing it.
Karpathy's rebrand reads more defensive than triumphant. It carries an unintentional admission. By replacing "vibe coding" with "agentic engineering," he conceded the original term described something that wasn't engineering. Something assembled on instinct rather than discipline. The name changed. The security infrastructure underneath it, at most of these platforms, has not.
The resume nobody reads
Vibe coding's first year followed a pattern familiar from every technology boom before it. Explosive adoption driven by massive capital, with a security reckoning always running one funding cycle behind. The industry went from weekend experiment to $45 billion market without stopping for the work that makes professional software trustworthy. Code review and penetration testing. Disclosure programs staffed by people who actually read their inboxes. Running a proper background check on this industry would mean standardized security audits for platforms above a certain user threshold, mandatory disclosure timelines, third-party pen testing before Series A money clears. None of that exists yet.
Karpathy said the quiet part in his anniversary post. Engineers no longer write code directly, he explained. They direct and oversee agents. But oversight requires understanding what you're overseeing. When the BBC reporter watched Orchids compile thousands of characters on his screen, he saw output he couldn't parse. When the attacker slipped a malicious line into that wall of text, nobody caught it. Call that what you will. It looked like a rubber stamp on a document nobody read.
The $19 million Backslash raised will fund some of the background checking this industry needs. Enterprises want visibility into what AI agents actually produce. Platforms need guardrails that operate at the speed code ships. But one company cannot audit a $45 billion market by itself. And the platforms, the Orchids and Base44s and whatever launches next Tuesday, keep compiling code faster than anyone can inspect it.
Vibe coding turned one last week. It got a new name and a corner office. Nobody asked for its references. The only question now is whether the industry runs the background check before or after something breaks that can't be patched in 24 hours.
Frequently Asked Questions
Q: What is agentic engineering and how does it differ from vibe coding?
A: Agentic engineering is Andrej Karpathy's proposed replacement for 'vibe coding.' While vibe coding described casual AI-assisted coding experiments, agentic engineering signals professional workflows where developers direct AI agents to write production code. Karpathy says the term emphasizes 'an art and science and expertise' that the original label lacked.
Q: What happened in the Orchids vibe coding hack?
A: Security researcher Etizaz Mohsin found a vulnerability in Orchids that allowed him to inject code into any user's project remotely. He demonstrated a zero-click attack on a BBC reporter, taking over his laptop without any action from the victim. Orchids, which claims one million users with fewer than ten employees, took months to respond to his warnings.
Q: What is Backslash Security and why does its funding matter?
A: Backslash Security is the only startup purpose-built for vibe coding security. It raised $19 million in Series A funding last week, bringing its total to $27 million. The company monitors AI-generated code across development tools in real time. Its small funding contrasts sharply with the $45 billion in valuations held by the platforms it aims to protect.
Q: How does vibe coding affect consumers who do not write code?
A: Companies like Nothing are bringing vibe coding to smartphones, letting users create homescreen widgets by typing text prompts. The AI generates code the user cannot read or verify. Unlike developer platforms where security researchers file vulnerability reports, consumer products have no equivalent safety net for AI-generated code.
Q: What security standards should vibe coding platforms meet?
A: The article argues platforms above a certain user threshold need standardized security audits, mandatory vulnerability disclosure timelines, and third-party penetration testing before major funding rounds. Currently none of these requirements exist, and platforms like Orchids operated with a million users while being unable to respond to basic security disclosures.
