The Expert Developer in the Age of "Vibe Coding"
We have experimented extensively with vibe coding, and here is our takeaway: the expert developer remains vital.
Why? Because while we can ask AI to build something, there are a thousand different ways to implement a single feature. The "right" way depends on the production environment, the required level of granularity, security considerations, potential attack vectors, and the specific platform where the software will run.
Let’s break it down with some examples.
1. Architectural Granularity: Roles vs. Permissions
Imagine asking an AI to develop a user management system with specific roles like Admin, User, and Sales Manager. In the vast majority of cases, the AI will implement a standard Role-Based Access Control (RBAC) system. This works for simple needs, but it hits a wall the moment you need to create undefined roles in the future or associate them with unpredictable permissions.
In a professional setup, you need a robust system of both Roles and Permissions that functions via middleware at every route. We’ve noticed that if you don't explicitly specify this architectural requirement, the AI defaults to a rigid role-based system packed with limitations.
2. Performance and Optimization: Game Development
If you are developing a game, the architectural burden is on you to decide whether to use an Octree, a Quadtree, or a BSP (Binary Space Partitioning) to manage entity positioning and data retrieval.
The AI won't intuitively choose the best spatial partitioning method for your specific use case. Eventually, as the project grows, you will run into performance bottlenecks. While the AI might try to "fix" these slowdowns later, it will do so reactively—often without any understanding of the long-term side effects or the underlying hardware constraints.
3. Security and Resilience: Beyond "Happy Path" Coding
When an AI generates code, it tends to follow the "happy path"—it writes functions that work perfectly under ideal conditions. However, true cybersecurity isn't about what the code should do; it’s about what the code must not allow.
Without the supervision of an expert developer, it is easy to overlook critical vulnerabilities such as input sanitization (to prevent SQL Injection or XSS), secure session token management, or the correct implementation of CORS policies. An AI might write a perfectly functional query in Next.js, yet completely ignore a potential logical flaw that allows one user to access another’s private data.
An expert doesn't just write code that "runs"; they write code that resists attack. They anticipate intrusion vectors that a language model—due to its purely statistical nature—cannot truly "understand," but can only imitate.
Spec-Driven Development vs. The Vibe Coder
Yes, Spec-Driven Development is still a reality, and you can certainly assign rules to AI agents. However, this does not guarantee a codebase that can sustain heavy data loads or complex modifications in the long run. With AI, you must be incredibly precise—and only an experienced developer knows what to anticipate for the future of a given application.
The Problem of Choice: Database Architecture
Take the choice of a database, for example. Should we use MySQL? Or MongoDB? This decision is always influenced by numerous factors that inevitably impact one specific variable: THE FUTURE.
Architectural decisions made today dictate how the system scales tomorrow. AI might pick a default, but it doesn't weigh the long-term trade-offs of relational vs. document-based storage for your specific trajectory.
The Value of the "Old-School" Developer
We believe that the value of a skilled, "old-school" developer is higher today than that of a pure vibe coder. Why? Because the expert understands exactly what the AI is writing on their behalf. They know where to look, how to audit the code, and how to prevent security flaws or superficial architectural decisions before they become systemic failures.
Finally, there is one more aspect to consider, and it is a critical one. When an AI writes the code for a specific feature, who actually knows that code?
No one but the AI.
As a project grows, this becomes EXTREMELY DANGEROUS. If the need arises to intervene manually, no human truly understands how the architecture was structured or where to find the essential files required to fix a bug. We run the risk of discovering—far too late—that a feature was implemented using the wrong approach or the least performant method possible.
We need to proceed with caution.