Andrej Karpathy coined “vibe coding” in early 2025 to describe a deliberately reckless way of building software: prompt an LLM, accept whatever it generates, never read the diff, paste error messages back until it works. A year later, he declared the term passé and proposed “agentic engineering” as the replacement. The name changed because the activity changed. Developers stopped typing prompts into chat windows and started orchestrating autonomous agents that plan, write, test, and iterate on code across multi-step workflows. That shift from conversational prompting to structured agent orchestration is the real story, and for enterprises, it carries governance implications that most organizations have not addressed.
Only 9% of enterprises have reached what Deloitte calls a “Ready” level of AI governance maturity. The other 91% are somewhere between “we have a policy document” and “we pretend this isn’t happening.” That gap is where the vibe coding vs. agentic coding distinction stops being academic and starts costing money.
What Vibe Coding Actually Is (and Is Not)
Vibe coding is prompt-driven development with minimal oversight. You describe what you want in natural language, an AI generates the code, and you run it. If it breaks, you paste the stack trace back. You do not review the implementation. You do not write tests. You do not think about architecture. You convey the “vibe” and the model fills in the details.
For prototypes, hackathons, and internal tools with a single user, this works surprisingly well. A product manager can spin up a working dashboard in an afternoon. A researcher can build a data pipeline without waiting for engineering bandwidth. The speed is real.
The problem starts when vibe-coded artifacts move from prototype to production. Google’s DORA research measured a 7.2% reduction in delivery stability as AI adoption increased across teams. AI-generated code contains 2.74x more security vulnerabilities on average, particularly in password handling and input validation. These are not theoretical risks. They show up in production incident logs.
A team of twenty developers vibe coding without governance is not twenty times more productive. It is ten times more chaotic. Each developer generates code at a pace that exceeds anyone’s ability to review it, and no one is reviewing it because the whole point of vibe coding is that you do not read the diffs.
The Shadow AI Problem
The enterprise headache is not that vibe coding exists. It is that enterprises cannot prevent it. 60% of respondents in a recent survey have built software outside IT oversight in the past year. If companies do not provide sanctioned AI coding tools, developers use them on personal devices, through consumer APIs whose terms allow training on inputs. Organizations with high levels of shadow AI activity pay an average of $670,000 more per breach than those with robust governance.
The irony: banning AI coding tools does not reduce AI coding. It pushes it underground where you have zero visibility into what code ships and what data leaves the building.
What Agentic Coding Changes
Agentic coding shifts the model from “human prompts, AI generates” to “human defines objectives, AI agents plan and execute.” The distinction matters because agentic systems introduce structure that vibe coding deliberately discards: task decomposition, automated testing, iterative refinement, and audit trails.
When Karpathy proposed “agentic engineering,” he defined it precisely: “‘agentic’ because the new default is that you are not writing the code directly 99% of the time, you are orchestrating agents who do and acting as oversight. ‘Engineering’ to emphasize that there is an art & science and expertise to it.”
Anthropic’s 2026 Agentic Coding Trends Report found that developers now integrate AI into 60% of their work while maintaining active oversight on 80-100% of delegated tasks. That oversight ratio is the key differentiator. Vibe coding has a 0% oversight target by design. Agentic coding assumes oversight is the engineer’s primary job.
How Enterprise Agentic Workflows Differ
In practice, enterprise agentic coding looks like this: an engineer writes a spec describing the desired behavior, constraints, and acceptance criteria. A coding agent (Claude Code, Codex, Cursor, or a custom orchestration layer) decomposes the spec into tasks. Each task gets implemented, tested against the spec’s criteria, and reviewed either by another agent or a human. The agent iterates until tests pass.
This is not fundamentally different from how StrongDM’s Agate framework operates, or how Anthropic built a 100,000-line C compiler with 16 parallel Claude agents. The pattern is the same: specification, decomposition, implementation, convergence through iterative testing. Humans own the spec and the acceptance criteria. Agents own the implementation cycles.
The compliance benefit is significant. Every step produces logs. Every decision has a trace. When a regulator or an auditor asks “who wrote this code and how was it reviewed,” there is an answer beyond “someone prompted ChatGPT and pushed the output.”
The Sandwich Approach: Why Hybrids Win
The most effective enterprise teams in 2026 are not choosing between vibe coding and agentic coding. They are using both, sequentially, in what practitioners call the sandwich approach.
Layer 1: Vibe coding for exploration. Rapid prototyping, feasibility testing, UI mockups. A product manager and an engineer sit together, prompt their way to a working concept, and validate direction. Nothing here touches production infrastructure.
Layer 2: Agentic coding for implementation. The validated concept gets a formal spec. Coding agents build the production version with linting, security scanning, test coverage requirements, and architectural constraints enforced at the orchestration layer. This is where the software factory model from tools like Agate and Factory.ai takes over.
Layer 3: Human review at the seams. Engineers review the spec-to-implementation mapping, check that agent-generated code matches the architectural intent, and sign off on security-sensitive components. They do not review every line. They review every decision boundary.
This model preserves the speed advantage of vibe coding (exploration is fast) while adding the governance layer that enterprises need (production code is traceable and testable). Teams using this hybrid approach report shipping 40-60% faster than pure manual coding while maintaining lower defect rates than teams that vibe code everything to production.
What the Governance Gap Costs
Gartner forecasts AI governance spending will reach $492 million in 2026 and surpass $1 billion by 2030. That spending is reactive. Companies are buying governance solutions after discovering the cost of not having them.
The real costs of ungoverned AI coding break down into three categories:
Comprehension debt. When no human understands the codebase because no human wrote it, every bug becomes an archaeology project. The trick77 enterprise guide calls these “haunted codebases”: code that works but nobody can explain why, and nobody knows what breaks if you change it.
IP leakage. Developers pasting proprietary code into consumer AI tools that train on inputs. 75% of builders now work under some form of AI directive, but 35% of organizations still have not established AI productivity metrics, let alone data handling policies for AI tool usage.
Compliance exposure. Regulated industries need audit trails for software changes. Vibe-coded software has no trail. When the auditor asks how a financial calculation works, “the AI wrote it and we did not review it” is not an acceptable answer under SOX, DORA, or the EU AI Act.
The organizations that close the governance gap fastest are not banning AI coding. They are mandating the agentic approach: structured workflows with specs, tests, and logs that make AI-generated code as auditable as human-written code.
Where This Goes Next
Anthropic’s trends report identifies the next evolution: multi-agent systems where specialized agents handle different parts of the development lifecycle in parallel. A planning agent writes the spec. Implementation agents build features in separate context windows. Review agents check the output against acceptance criteria and security policies. Human engineers supervise the coordination layer.
This is already happening at scale. Stripe runs 1,300 autonomous pull requests per week across their codebase. Anthropic’s own teams built a compiler with 16 parallel agents that passed 99% of the GCC test suite. The pattern works. The question is not whether agentic coding replaces vibe coding in enterprise settings. It is how fast governance catches up.
For engineering leaders, the practical takeaway is straightforward: vibe coding is a tool for exploration. Agentic coding is a tool for production. Governance is the layer that tells you which one your team is using and whether that is appropriate for the context. If you do not have that layer, you have shadow AI wearing a badge that says “productivity.”
Frequently Asked Questions
What is the difference between vibe coding and agentic coding?
Vibe coding is prompt-driven development where you describe what you want and accept the AI’s output without reviewing it. Agentic coding uses autonomous AI agents that plan, implement, test, and iterate on code under structured human oversight. The key difference is governance: vibe coding has zero oversight by design, while agentic coding makes oversight the engineer’s primary responsibility.
Who coined the term vibe coding?
Andrej Karpathy, former OpenAI co-founder and Tesla AI director, coined “vibe coding” in early 2025. By early 2026, he declared the term passé and proposed “agentic engineering” as a more accurate description of how professional developers use AI, emphasizing structured agent orchestration over casual prompting.
Is vibe coding safe for enterprise use?
Vibe coding carries significant risks for enterprise use. AI-generated code contains 2.74x more security vulnerabilities on average, and organizations with uncontrolled shadow AI activity pay an average of $670,000 more per data breach. Only 9% of enterprises have adequate AI governance maturity. Vibe coding is best limited to prototyping and exploration, with agentic approaches used for production code.
What is the sandwich approach to AI coding?
The sandwich approach combines vibe coding for rapid exploration (prototypes, feasibility testing) with agentic coding for production implementation (structured specs, automated testing, security scanning). Human review happens at decision boundaries rather than on every line of code. This hybrid model preserves speed while adding the governance and traceability that enterprises require.
What does Anthropic’s 2026 Agentic Coding Trends Report say?
Anthropic’s report found that developers integrate AI into 60% of their work while maintaining active oversight on 80-100% of delegated tasks. Key trends include the shift from single-agent to multi-agent workflows, extended agent sessions lasting hours or days, and the elevation of engineering roles toward architecture, system design, and agent supervision rather than direct code writing.