Insights from the world’s most AI mature companies
IMD’s AI Maturity Index demonstrates how to align leadership, people, and technology for measurable business benefits and revenue growth, with examples from 10 industries....
Artificial Intelligence
From low-code to vibe code: Why you may no longer need software engineers
Democratizing the coding process offers huge advantages for business but will also bring new risks, warns IMD’s Tomoko Yokoi.
“The hottest new programming language is English,” says Andrej Karpathy, a Slovak-Canadian computer scientist best known as the former Senior Director of AI at electric vehicle (EV) giant Tesla. Karpathy has popularized “vibe coding” – the concept that, in the era of generative AI (GenAI) and large language models (LLMs), you no longer need to know complex computer programming languages to develop new apps or software products. Rather, you can just tell an LLM what you want in plain English.
Karpathy has described his idea as “fully giving in to the vibe” and “forgetting that the code even exists.” You can see the attraction. Suddenly, even the barely computer-literate could turn their idea for a new app into reality.
Business users with little or no coding experience now find themselves able to explore their ideas for creating new value, whether from an improved internal process or a customer-facing proposition.
No more waiting for IT
In a business setting, this promises untold riches. As organizations worldwide explore digital transformation, they require ever-growing armies of software engineers. They depend on their engineering teams to support the rest of the business in developing new products and services. But what if the business no longer depended on IT to code their ideas into practice? It could unleash a wave of accelerated innovation.
Vibe coding is just the latest trend in the shift away from dependence on software engineering. Many organizations have already embraced “low-code” and “no-code” solutions that also seek to democratize software development.
Low-code platforms allow ordinary business users to augment their ideas with only a small amount of coding. No-code platforms typically depend on visual elements, enabling users to drag and drop pre-built components into place. As with vibe coding, both bypass the need for a software engineer.
These ideas are gaining traction fast. The market research group Gartner has predicted that, this year, low-code development of one type or another will account for more than 70% of all application development activity, up from 20% in 2020.
Business users with little or no coding experience now find themselves able to explore their ideas for creating new value, whether from an improved internal process or a customer-facing proposition. Meanwhile, software engineers have fewer demands on their time from across the business and can focus on high-level technological initiatives.
Unleashing creativity
Early results from this trend are exciting. When business users start to see their ideas come to life, they’re encouraged to push harder, creating a virtuous cycle of experimentation and exploration. And when the whole business is keyed into the innovation process, it can develop proofs-of-concept quickly and at scale. This accelerates viable projects and fails the others fast, all with minimal upfront investment.
Many organizations dream of such agility, eradicating lengthy, expensive development cycles and overcoming the challenge of skills shortages in software engineering. Forrester Research has estimated that developing applications in this way is 10–20 times faster than traditional methods.
This concept does not only apply to brand-new, standalone ideas. These platforms can also reduce the cost and complexity of integrating new developments into legacy systems. This is one of the biggest challenges facing organizations as they seek to transform.
Nor is it only large corporations that are getting excited. Low-code/no-code platforms and vibe coding have huge potential to drive a new generation of startup and scale-up businesses. Previously, anyone could have a smart entrepreneurial idea, but their ability to execute it was often inhibited by a lack of access to specialist IT skills. Now, there are no external limits on their creative potential.
“This shift is already having a huge impact,” says Garry Tan, CEO of the influential incubator Y Combinator. He recently disclosed that 25% of the businesses currently going through Y Combinator’s startup program depend on LLMs to write 95% of their software code.
“Specialist software engineers may now find their time is taken up debugging the creations of business users who didn’t really know what they were doing.”
Danger lurks
But before your organization gets rid of all its software engineers, it’s worth thinking more carefully about the implications of the rise of the amateur developer.
Above all, these solutions are fallible. There’s a danger of creating applications that contain significant coding errors or that are of generally inferior quality. Business users with little experience of software testing may not spot these issues. Specialist software engineers may now find their time is taken up debugging the creations of business users who didn’t really know what they were doing. Errors may still sneak through, with significant repercussions for organizations that put flawed apps into production.
Moreover, apps and software developed without professional expertise may lack basic security protocols. There’s also the risk of incorporating compromised open-source code. Attackers may target LLM-powered coding assistants with access to the organization’s internal data, inadvertently providing the attackers with a way to obtain sensitive information.
Compliance is another consideration. Business users may lack an understanding of what is required or simply be unable to develop their products in a compliant way. There’s also the broader risk of an intellectual property (IP) violation that leaves the organization vulnerable to legal challenges. Just because a project or piece of code is open source, it does not necessarily mean that any user can access it without limits.
More broadly, organizations will want to think carefully about how much license they give to business users to code independently. While businesses want to encourage creativity, they will also want to avoid an unsupervised free-for-all, with business users operating outside and regardless of organizational priorities.
Organizations will need clear policies on retention, storage and disposal of data used by new applications built by business users.
Balancing risk and reward
Given these risks, organizations need to put guardrails in place. Good governance can protect the business while enabling it to reap the undoubted benefits of the low/no/vibe coding phenomenon.
Above all, it’s vital to develop and communicate clear policies for the use of these tools, including development standards, approval processes, and deployment procedures. Use cybersecurity and regulatory professionals to assess security and compliance risks for non-specialist business users.
Many of the platforms now commercially available are designed to adhere to compliance standards in particular industries. But it will still be important to keep careful records of how the tools are used and the steps organizations take to ensure they meet regulatory requirements.
It also makes sense to provide specific training to business users who want to explore these tools, including good compliance and security practices. More broadly, organizations should promote a culture of security awareness that empowers all employees to voice their potential concerns.
Monitoring also provides important protection. Various tools are available to help organizations track usage and output performance of low-code/no-code and vibe coding solutions. This provides a means to audit developments and deployments, particularly in cases where a problem subsequently comes to light.
Finally, don’t overlook data governance. Organizations will need clear policies on retention, storage, and disposal of data used by new applications built by business users. As well as this, a means to ensure high data-quality standards will be vital.
The bread-and-butter work of today’s software developers may indeed soon be shared out across the whole organization, with huge accompanying benefits. But organizations shouldn’t make the mistake of dispensing with the risk, security, and compliance expertise that are critical to an effective technology function.
Authors
Related
Artificial confidence: How LLMs undermine executive thinking
Professor Amar Bhidé challenges AI hype, arguing that LLMs flatter rather than enlighten and that executives must distinguish calculable risk from true uncertainty....
Generative Engine Optimization (GEO): The $80 billion shift that every executive should understand
As AI-driven Large Language Models reshape digital visibility, Generative Engine Optimization (GEO) emerges as a critical frontier threatening to upend the $80 billion SEO industry and demanding urgent attention from senior executives....
What’s really at stake when we choose an AI vendor
AI has moved from the purely technical realm into the geopolitical one, with nations and regions striving for AI sovereignty. What are the strategic implications for leaders? ...
Learn Brain Circuits
Join us for daily exercises focusing on issues from team building to developing an actionable sustainability plan to personal development. Go on - they only take five minutes.
Explore Leadership
What makes a great leader? Do you need charisma? How do you inspire your team? Our experts offer actionable insights through first-person narratives, behind-the-scenes interviews and The Help Desk.
Join Membership
Log in here to join in the conversation with the I by IMD community. Your subscription grants you access to the quarterly magazine plus daily articles, videos, podcasts and learning exercises.