Vibe coding results

AI · Coding · Cybersecurity · LLM

4 minutes

I’ve vibe coded.

Challenging one’s own convictions can sometimes be difficult, but necessary. I’ve used generative AI sporadically for some tasks for a while, and I haven’t been all that impressed. However, people I’ve known for many years and whose competence is not in question kept telling me how extremely productive they were with modern developer models - able to churn out fully working projects in very little time.

So, seeing as Mistral had just launched a vibe coding tool for their new coding models, I installed both it and a local quant of their Devstral-2-Small model. Since it’s my belief the economy behind the large cloud models will never work I mostly use local models - I have a 16GB VRAM GPU and lots of DDR5 RAM in my workstation and can usually get by just fine.

I decided to start a hobby project developing a locally hosted “web app” for my Meshtastic node, since I had an itch to scratch there. With a Python backend and an HTML/CSS/Javascript frontend this should be squarely in that alley where these coding models excel.

And it did. I was very pleasantly surprised at how well Devstral broke down my requirements from the prompts into actions it then performed. Every now and then I had to nudge it, of course, and sometimes tell it to just revert something horribly bad and start over, but there’s no denying that this app was moving along well and at a much more rapid pace than if I had written everything myself. Additionally, it understood many concepts directly that I would’ve needed to study myself first.

The interface to the meshtastic device is a CLI app, and with the model able to run executables when told to I could just point to to the binary and let it figure out which parameters to use and how to parse the relevant output. Adding OpenStreetMap functionality was something it knew how to do itself, but even when I added heightmap data from the Swedish public geodata service all I had to do was to give it the API endpoint Swagger and it did the rest with very little aid.

Do I sound converted?

Well.

I’m now paying for Mistral Pro and moved on to using the full Devstral-2 cloud model.

Here’s the thing: It works. I never looked at a single line of code. I prompted all development, documentation and commits. The model created test cases. All in all it felt like I had an extremely fast and obedient junior developer at my side - although one that sometimes screwed up and needed senior guidance.

But I would never do any serious product development this way. The code is horribly bad in many places. There’s duplication at a level a human developer would always refactor away even if no ticket asked for it explicitly. There’s dead code. I had to prompt in detail to get efficiency where the model was happy to accept algorithms first year Software Engineering students learn to shy away from.

Oh, and security in the form of secure coding is nowhere to be seen. Now, it’s understandable since so very little of all public code is well implemented, but that isn’t a good reason to create more of it.

So where are we at?

I think “vibe coding” is going to result in lots more itch-scratching apps being developed - like my MeshNetMon . I would’ve never spent the effort in making it without this aid. It just wasn’t that important to me. These apps will also not likely be maintained like many of those open source projects we’ve come to know have been. There will be no proud maintainer wanting to keep perfecting their contribution to the world.

I also believe there will be an enormous amount of vibe coded products being sold to customers. If those products protect anything of value we’ll see a similar increase in security exploits. Unless these companies are punished (hey - in 2027 EU’s new Cybersecurity Resiliance Act takes effect!) this will be quite catastrophical.

But if they are, a lot of the savings from using AI models for product development will instead be used to pay Cybersec consultants (like me!) to clean up the slop.

And we’re not cheap.

(Using LLMs as whiteboarding during regular development? Oh yes - that I absolutely encourage and will most certainly continue with myself)