By now, you’ve probably seen some of the memes making the rounds about vibe coding who start out excited “Hey guys, I made an app in 10 minutes without even knowing what the code does!” And then the next update is “Oh no guys, my app got hacked and I don’t know how to fix it!”
It’s an easy thing to point at and laugh about. Putting insecure code on the internet is dangerous. Bragging about creating something without understanding what’s happening is incredibly risky. There’s also a great tradition of wanting to be part of the community of coders and entering the decades-long history of mentorship and connection, which is the social underpinning of what truly makes being a developer an amazing experience – that community is worth investing in.
But at the same time, we all do want to lower the barriers to creating new things, and we don’t want to be gatekeepers. None of us know all of the code and dependencies in a modern stack. At Fastly, our Fast Forward open source program supports many of the biggest open source projects in the world, so we get a good glimpse into the software supply chain, by partnering with (for example) the teams who deliver every Python package, every Kubernetes download, every Rust crate, every Ruby gem, and so on. And one big reason those teams work so hard is so that every developer who relies on their work can feel safe. But honestly? When I look at my node modules directory, I realize that I’m kinda just vibe coding too.
We’re all vibe coders
Then, if we have to assume there are going to be millions more people making apps without fully understanding the security and architectural implications, what are we going to do about it? Well, we have a strong point of view about what it takes to go forward from here. We need platforms that are ready for this moment-- able to anticipate code that’s been cooked up with a completely different set of assumptions, by developers with a completely different background than traditional coders. It’s important not just for their apps to look like they work correctly, but to protect the health and safety of the internet ecosystem overall. Here’s what we need to see:
Secure by default: The execution environment for more apps has to be locked down, protected from entire risk areas like memory protection bugs, noisy neighbor resource contention, and other classic failure states that vibes coders are generally not going to be familiar with, let alone know how to solve.
Prevent attacks, don’t just respond to them: Rather than waiting for an app to get hacked and then attempting to put the horse back in the barn, a vibes-ready platform has to anticipate that vulnerabilities are likely to already exist in an app (you know this was always true, right?) and anticipate them. The old method of trying to write “rules” to stop attacks after the fact is simply not going to fly, especially for a vibes-based team that’s never known how to do so.
Regions, deployments and resiliency have to be automatic: Complex processes that teams used to rely on to make an app reliable or scalable are not going to work for a vibe-coded app whose team barely understands its architecture. These newer apps may have to rely on the platforms themselves to provide these capabilities automatically.
We’ve been hard at work on all of these capabilities for years at Fastly. But to be clear: that doesn’t mean we don’t think people shouldn’t understand their code. Of course, we do! But we think that it will be increasingly common for some developers to learn how their systems and applications work over time after parts of it have been created or even deployed, as LLMs and AI-assisted tools accelerate their creation process. In some ways, this mimics what we saw in the last generation of tools that made it easier to reuse code dependencies from other developers, where devs often didn’t debug, or even understand, those dependencies until something went wrong.
Are you a vibe coder who’s worried that your app isn’t secure or isn’t going to scale? We’ve got you. A free Fastly account will keep your app secure, help it keep running, and get you ready to grow over time.
Are you an experienced developer who’s pretty skeptical about the internet we’re going to be dealing with if all the apps out there are built by people who don’t even know what their code does? Then we need you to join us in advocating for a path that gets new creators to learn about best practices as quickly as possible. They aren’t going to get there by having experts dismiss or simply mock them. We have to engage them and offer up a way for them to build things in a way that scales — both for the good of their app and for the good of the internet as a whole.
