Your project was vibe coded? Here's what I find when I take over the code

"It works on my screen"

The scene keeps playing out more and more often. Someone contacts me with a web project or a SaaS application. The prototype exists, the interface looks slick, and the person is proud to show me what they've built. "I did everything with AI, without writing a single line of code." Then they add: "But there are a few bugs."

Those "few bugs" are usually just the tip of the iceberg.

Since early 2025, I've taken over several projects that were entirely AI-generated. Not by developers using AI as an accelerator (that's my daily workflow, and it's a very different thing), but by non-technical people who used Claude, Cursor, Bolt, or other tools to build their product from scratch. The famous vibe coding.

I'm not here to trash this approach. Making software creation accessible to everyone is a revolution. But there's a reality nobody talks about: what happens when the prototype needs to become a real product.

The pattern I find every single time

Every project is different, but the underlying problems are surprisingly similar. It's not about the language or the framework. It's about foundations.

No solid technical base

When an experienced developer starts a project, they begin by setting up the architecture. The folder structure, data typing, naming conventions, error handling, environment variables, linting and formatting configuration. This isn't "useful" code in a functional sense, but it's what keeps the project standing over time.

A vibe coded project jumps straight into features. The AI generates what you ask for: a form, a page, an API connection. It works. But there's no skeleton underneath. No shared types between frontend and backend. No server-side validation. No centralised error handling. Every feature is an island, connected to the others by invisible threads that break the moment you touch something.

The database is usually chaos

This is probably the most serious and most common problem. The database is the heart of every project, and that's where I find the worst damage.

No versioned migrations, so it's impossible to know how the schema evolved. Relationships between tables that aren't properly defined, or that are managed on the application side instead of the database side. Duplicated fields because the AI created a new column instead of reusing the existing one. Sensitive data stored in plain text. And sometimes, the sneakiest issue of all: it works locally, because the AI bypassed integrity constraints instead of respecting them.

The day you deploy to production with real users, everything collapses.

Security? What security?

This is the point that makes me cringe the most. On practically every vibe coded project I've taken over, security was partial at best, nonexistent at worst.

I've seen APIs with zero authentication. Tokens stored in localStorage with no expiration. SQL queries built by string concatenation. Forms without CSRF protection. File uploads with no type or size validation. API keys hardcoded in the source code, pushed to GitHub publicly.

The problem is that AI generates code that works. It answers the request: "build me a login." And it builds a login. But it doesn't spontaneously think about everything surrounding that login: session management, rate limiting, password hashing, injection protection. These are reflexes a developer has internalised after years of practice. The AI does what you ask. Nothing more, nothing less.

Code that works, but impossible to maintain

Let's say you get past all the previous problems. Your application works, it's deployed, people are using it. Great. Now you want to add a feature. Or fix a bug. Or change a component's behaviour.

And that's when you hit a wall.

AI-generated code has a very particular characteristic: it's often locally correct but globally incoherent. Each file, taken individually, looks clean. But the whole thing follows no architectural logic. The same pattern is implemented three different ways in three different files. Utility functions are duplicated rather than shared. Dependencies between modules form an impossible spaghetti to untangle.

The result: for every hour spent adding a feature, you spend three understanding what already exists and trying not to break anything.

Why this happens (and it's not the AI's fault)

I want to be very clear about this: the problem isn't the AI. AI is an extraordinary tool. I use it every day in my work and it has transformed my productivity.

The problem is the absence of technical oversight.

When I work with Claude Code, I know what to ask, I know how to evaluate what it produces, and I know when it's going off track. Not because I'm better than the AI, but because I have the domain context and the experience to judge whether the code is solid, maintainable, and secure.

A non-technical person vibe coding is like someone using a GPS without knowing the roads. As long as the GPS works, everything's fine. The day it suggests an absurd route, you don't notice. You follow it. And you end up in a dead end.

Fix or start over? The painful question

It's the first question people ask me when they get in touch. "Can we save what exists?"

The honest answer: it depends, but often, starting over is faster.

Not because the code is "bad" in an aesthetic sense. But because the time required to understand the implicit logic, identify side effects, fix security flaws, restructure the database, and make the code maintainable often exceeds the time it would take to rebuild properly from scratch.

And above all: when you rebuild, you start on solid foundations. The vibe coded prototype isn't lost. It serves as a functional specification. It's an interactive draft that shows what the product should do. That's valuable. But it's not the final product.

What this means for you

If you're building a project with AI and you don't have a technical background, that's fine. But you need to be aware of it.

Vibe coding is brilliant for validating an idea. Want to see if your concept holds up? Want to test a user journey? Want to show a prototype to investors or early users? Go for it. AI will let you move fast and test hypotheses without investing tens of thousands of francs.

But the moment you want to go from prototype to product, that's when you need someone who understands what's happening under the hood. Not to throw everything away and start from zero (even if that's sometimes the best option), but to give an honest diagnosis of what holds up and what doesn't.

How long does an audit take?

In a few hours, I can tell you where your project stands. What works, what's fragile, what's dangerous. Not a 50-page report, but a concrete diagnosis with clear priorities: what needs fixing now, what can stay, and what's better off rebuilt.

If you have a project that was vibe coded and you're wondering whether it's viable going forward, let's talk. No jargon, no judgement, just a professional eye on what exists.

Because the worst-case scenario isn't having vibe coded. It's continuing to build on foundations that don't hold.