6 min read News

From Vibe Coding to Agentic Engineering: What Decision-Makers Need to Understand in 2026

From Vibe Coding to Agentic Engineering: What Decision-Makers Need to Understand in 2026
Photo by Van Tay Media / Unsplash
Vibe coding went in one year from a viral tweet to a structuring market. Behind the hype, a more nuanced reality where generation speed guarantees neither quality nor security.

I-

Genesis : From Intuition to paradigm

In February 2025, Andrej Karpathy OpenAI Co-founder and former Head of AI at Tesla published a tweet seen by more than 4,5 million times. His message was simple : he now codes by conversation, without touching the keyboard, letting AI generate the functional code. The term he invented, "vibe coding", entered the Merriam-Webster dictionary on march 2025, then was named word of the year by Collins Dictionary.

What is striking about the genesis of vibe coding is the speed of cultural shift. In march 2025, Y Combinator reported that 25% of startups in its winter cohort had codebases generated 95% by IA. By November 2025, 84% of developers were using or planning to use AI coding tools (Stack Overflow Developer Survey 2025). The Google search curve for "vibe coding" jumped 6700% in spring 2025.

But beyond the buzzword, vibe coding is a part of three distinct phases technological evolution that every decision-maker needs to understand.

PHASE 1 - AUTOCOMPLETE (2021 - 2023) Github Copilot, launched in 2022, offered line-by-line code completion. AI was typing assistant. The Developers remained in control of every architectural decision.
PHASE 2 β€” CONVERSATIONAL ASSISTANT (2023-2024). ChatGPT, then Claude, made it possible to generate entire blocks of code through natural language. IA became a conversation partner, but operate in "question-and-answer" mode without any project memory. .
PHASE 3 β€” AUTONOMOUS AGENT (2025-2026) Current tools : Cursor, Claude Code, Codex no longer simply respond : they plan, navigate throw the source code, execute commandes, and iterate autonomously. This is a change in nature, not in degree.

II-

2026 Ecosystem : A decision-maker's framework

The AI-assisted coding tools market has exploded in 18 months. Rather than an inventory, countless articles already do that. Here is a framework of three categories, each addressing a different organizational need.

RAPID CREATION PLATFORMS

Lovable, Bolt.new, vO target prototyping and MVPs. Lovable, a Swedish startup founded in 2023, illustrates the dynamic : $100M ARR in height month, $200M in November 2025, valued at $6,6B in December 2025 during a $330B Series B led by CapitalG and Menlo Ventures (TechCrunch, Bloomberg). More than 100,000 projects are created on it every day. These platforms are suited to non-technical products teams wanting to validate an idea quickly. They are not designed for production code in regulated environments.

AUGENTED IDEs

Cursor, Windsurf/Cognition, GitHub Copilot target professional developers. Cursor raised $900M at a $9B in May 2025. The Windsurf affair illustrates the competitive intensity of the sector : after an attempted $3B acquisition by OpenAI fell in July 2025. Blocked by the conflit of interest with Microsoft. Google DeepMind recruited the CEO and co-fonder for $2,4B, while Cognition AI acquired the remaining assets (Fortune, Bloomberg, TechCrunch).

CODING AGENTS

Claude Code, Codex, Devin represent the latest frontier. These systems operate autonomously : they receive a task, plan their approach, write the code, run the tests, and iterate. OpenAI launched GPT-5.3-Codex-Spark on February 12, 2026, a model optimized for a real-time on Cerebras hardware, delivering more than 1,000 tokens per second (OpenAI, Cerebras).

III-

The hangover : When velocity creates debt

The initial euphoria has given way to what the community calls Β« vibe coding hangover Β». Warning signals are multiplying and are now documented by rigorous studies.

THE PRODUCTIVITY PARADOX

The most striking study of 2025 comes from METR, a non-profit research organization. Their randomized controlled trial of 16 experienced developers, 246 reals tasks in matures open-source projects produced a counterintuitive result : developers are using AI tools (primarily Cursor Pro with Claude 3.5/3.7 Sonnet) took 19% longer to complete their tasks than those working without IA (METR, arXiv:2507.09089, July 2025).

Most troubling still : developers believed they had been 20% faster. This does not mean that IA is useless. It means that on mature codebases where the developer has deep expertise, cognitive overhead of verification can outweigh the speed gain. AI accelerates writing, but it's the delivery that counts. The bottleneck has shift to review.

SECURITY DEBT AT SCALE

In May 2025, researcher in security Matt Palmer published CVE-2025-48757, documenting a systemic vulnerability in applications built with Lovable. Out of 1645 projects analyzed, 303 vulnerable endpoints were identified across 170 applications (~10,3 %), exposing names, emails, financial data and API keys in free access with no authentication whatsoever (Matt Palmer, mai 2025; CyberSecurity News).

The root cause : The Supabase tables generated par IA were deployed with no Row Level Security (RLS). The AI had produced functional codebases but fundamentally with no security. Lovable published a security scanner, but it only checked for the presence of an RLS policy, not its relevance, creating a wrong security behavior.

Β« SLOPSQUATTING Β» : A NEW ATTACK SURFACE

A more recent phenomenon: the AI models regularly hallucinate the names of packages that not exists. Attackers register these ghosts names on NPM and PyPI with malicious code. A developer who accepts AI suggestions without checking the imports can directly integrate malware into their codebase. This is typosquatting for the agentic area.

IV-

The answer : Structured Agentic Engineering

In response to these challenges, 2025-2026 is seeing the emerging of a new paradigm that the industry is beginning to call Structured Development with AI (SDD). The main idea : AI is not the problem, the absence of a framework is.

THE CONSTITUTION FILE : AGENTS.MD

Several frameworks are converging on the same principle : a root file that defines the contraints the AI Agent must confirm to before generating anything. In Cursor, it's .cursorrules. In Claude Code, it's CLAUDE.md.

The generic concept of AGENTS.md defines the authorized technical stack, the non-negotiable rules, code conventions and architectural patterns.

This is a paradigm shift : instead of correcting the code after it's generated, the agent is constrained before it start. The analogy : don't ask an architect to fix a building that's already built but give them the specification document upfront.

STRUCTURING FRAMEWORKS

Several approaches formalized the agentic structured development. BMAD (Breakthrough Method of Agile AI-Driven Development), created by Greg Reeves, proposes a multi-agent system with specialized personas.

GSD (Getting Stuff Done), developed by John Googler, favors exhaustive functional specification that serves as the project's "constitution".

AWS launched Kiro, an IDE that natively integrates structured "specs" for AI.

The common thread : explicitly separating specification phase from generation phase. The human developer invests more on upfront, requirements, architecture, security constraints, so that the AI produces compliant code downstream.

THE PACT PROTOCOL

This protocol transforms the "prompt β†’ code β†’ hope it works" cycle into an engineering process: Plan β†’ Architect β†’ Code β†’ Test. Each phase produces a validated artifact before moving to the next, ensuring the agent operates within explicitly defined boundaries at all times.

V-

What Comes Next: A Projection for Decision-Makers

Three trends will shape the next 12 to 18 months.

TREND 1 β€” MULTI-AGENT ORCHESTRATION Gartner reports a 1,445% surge in inquiries about multi-agent systems between 2024 and 2025. Software development is evolving toward "virtual teams" of specialized agents β€” an architect agent, a security agent, a testing agent β€” orchestrated by a project manager agent. AutoGen, CrewAI, and LangChain are positioning themselves in this space.
TREND 2 β€” THE SPEED/DEPTH BIFURCATION The launch of GPT-5.3-Codex-Spark illustrates a structural trend: two complementary modes coexist. An ultra-fast "real-time" mode for interactive iteration (>1,000 tokens/s), and a "deep work" mode for complex reasoning tasks spanning hours or days. Decision-makers will need to structure workflows around this duality.
TREND 3 β€” SECURITY "BY DESIGN" VIA MCP Rather than scanning code after it is generated, emerging approaches integrate real-time security checks during generation, via MCP (Model Context Protocol) servers that intercept and validate agent actions. This is "security by design" applied to agentic coding.

Conclusion: From Black Box to Glass Box

Vibe coding in its original form β€” "forgetting that code exists" in Karpathy's own words β€” is a phase that is over. What replaces it is more interesting and more demanding: software engineering where AI does the heavy lifting, but where humans control the specification, supervision, and validation.

The metaphor that imposes itself is the "Glass Box": AI-generated code is no longer a black box accepted blindly, but a transparent box whose input constraints are specified and whose output is verified.

For technology decision-makers, the challenge is not to adopt or reject vibe coding. It is to structure the practice: agent constitutions, formal specifications, validation protocols, systematic security review. The organizations that invest in these frameworks today will be the ones that truly capture the promised productivity gains β€” without paying for them in technical debt and vulnerabilities.

Speed without structure is disguised debt. Structure without speed is a missed opportunity. Agentic engineering is both at once.

Godwin AVODAGBE