Vibe Coding: Developing Applications At Speed But At What Cost?

Artificial intelligence (“AI”) is fundamentally changing how applications are developed. In the absence of coding knowledge or a computer science degree, historically, people could not generate fully functional applications or software. With the advancement in AI, literally anybody with basic AI knowledge can, within a matter of minutes, do so by simply prompting AI systems. This trend has been popularly termed “vibe coding” which refers to generative AI systems being used to write source code and to develop fully functional applications in response to natural‑language prompts. This trend focuses more on momentum and functional outcomes rather than traditional line‑by‑line software development.

Vibe coding offers faster turnaround, lower development costs and enables smaller teams to build sophisticated applications and software. However, deploying AI‑generated code into production introduces significant legal risk. This is especially true for regulated sectors and systems that are commercially or operationally critical.

Vibe coding raises key intellectual property concerns. Ownership of AI-generated code may be unclear, particularly where proprietary, open-source and AI-generated elements are combined. Businesses should consider whether copyright subsists, who owns the output, and whether third‑party content or training data has been incorporated without the requisite permissions. Importantly, contracts should clearly address intellectual property ownership and licensing, and confirm rights to use, modify and commercialise the developed application or software.

Vibe coding also creates confidentiality risk. Prompts can include proprietary source code, designs, business logic, client information or trade secrets. If inputs are sent to non‑enterprise or non‑ringfenced AI tools (or tools with permissive usage terms), companies may have limited control or visibility over how that information is stored, reused or processed by the service provider, which could include further training of AI models.

Under data privacy laws such as the Protection of Personal Information Act (POPIA), 2013, companies remain responsible for how personal information is processed, even when using AI systems. Vibe coding often involves developers using real user data or personal information in prompts, which can result in data breaches if not lawfully processed. AI systems may also store data abroad, raising concerns about inadequate protection. Many companies find it challenging to explain how and why AI processes specific data, especially when applications are built quickly by those lacking technical or legal expertise.

From a legal perspective, additional material downstream risk is created when vibe coding applications and software. AI‑generated code can contain hidden vulnerabilities, inefficient logic, or non‑compliant design choices. If source code underpins customer‑facing systems, financial platforms or regulated services, failures may result in contractual breaches, security incidents and/or regulatory action. Importantly, liability does not shift simply because AI was involved in the development of an application. Customers, regulators and courts will still hold the deploying company responsible for defects, outages and data breaches.

Many technology contracts still assume a traditional development model, with human‑written source code, predictable tooling and well‑understood risk profiles. However, service providers may rely heavily on AI systems without disclosing it, creating misaligned expectations around, inter alia, bespoke development, intellectual property rights, and data processing. As AI systems increasingly drive efficiencies in system development and service delivery, customers should be proactive in ensuring that any cost savings achieved by service providers through the use of AI systems, such as reduced development time or lower operational overheads, are meaningfully passed on to them in the form of price reductions.

Vibe coding, when properly governed, can generate operational efficiencies and improved innovation. The risk arises when speed displaces oversight and governance, and when overreliance on AI outpaces legal, contractual and compliance frameworks. Customer should ensure that their existing contracts with AI service providers are updated to ensure that key clauses such as intellectual property, data protection, warranties and indemnities, and liability cater for AI-specific risks.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.