What Vibe Coding Means for Investment

A lot of investors have been asking me about my opinion on vibe coding: Do I think it’s legit, and how will it change the way we do venture capital?

I’m ex-Microsoft and Accenture, and I deal a lot with building tech. Here’s my add into the discussion of this surprisingly complex topic.

What is Vibe Coding, Actually?

The term was first coined February 2025 by OpenAI co-founder Andrej Karpathy in his X post: “There's a new kind of coding I call "vibe coding", where you fully give in to the vibes, embrace exponentials, and forget that the code even exists.”

What this means is basically, you don’t have to be a software engineer at all to code. Thanks to the advancement of LLMs, it is now possible to generate code that’s good enough that it can actually build a whole product from scratch.

This has huge implications, because in startup world, code is the bricks of your product. Other than solid business acumen, how good and how fast you can ship your product out there depends on how you build it, and you need to pay top dollar to get the best tech talent to execute your plan.

Here’s some numbers that speak for itself: 25% of the latest YCombinator W25 batch have almost all of their codebases generated by AI, and a 6-month-old, solo-owned vibe coder Base44 sold to Wix for $80M.

How does this translate to changing investing frameworks? Let’s first be very clear about what vibe coding can do, and what it can’t do (for now).

What Vibe Coding CAN do:

Allows anyone without software engineering knowledge to either:
(1) Scale down the time it takes to make a prototype of an app to test the waters by at least tenfold, or
(2) Make a very simple app and that’s the entire product (also with the same time reduction factor)

What Vibe Coding CANNOT do:

(1) Make a complex product from zero to one.
(2) Make them work 100% of the time: LLMs don’t generate the right code every single time, and it can’t debug them all the time.
(3) Make them secure: A Stanford study found security vulnerabilities in 36% of AI-assisted code snippets, and the EU AI Act now classifies some vibe coding implementations as "high-risk AI systems".

Why Not?

There’s a lot going on when you make a tech product. The website/dashboard (the “frontend”) that you see is only a sliver of the work. Under the hood (or the “backend”) is a jumble of disconnected systems and dependencies that all need to work together to make a functioning product, even for “simple” products like a CRM or a marketplace.

It takes a team of very smart engineers to work on making the stuff under the hood function well, efficiently, and without downtime.

As for security, here’s one example from The Hacker News: A developer prompted AI to "create a password reset function that emails a reset link." The AI generated working code that successfully sent emails and validated tokens.

All looks well, but the LLM quietly ships functioning software with exploitable flaws. The code it generated has a side-channel opening where attackers could brute-force reset tokens by measuring response times.

The function passed all functional tests, worked perfectly for legitimate users, and would have been impossible to detect without specific security testing.

I’ll quote Secure Vibe Coding Whitepaper: To ensure good results, the prompt needs to look something like this: "Generate [feature] with OWASP top 10 protections. Include rate limiting, CSRF protection, and input validation."

Which at that point, you will say: “Well that needs an engineer to know those questions to ask!” Yes. This means that vibe coding still cannot replace human software engineers entirely.

Now that it’s clear what it can achieve and what it couldn’t, let’s talk about the implications for investing.

How Vibe Coding Changes Investment Dynamics

With all that being said, it should be more clear about the impact of vibe coding for investors. 

Unprecedented Capital Efficiency - Anysphere, built using Cursor AI, reached $10M ARR and $10B valuation with teams of less than 10 people. Many companies that follow this path have been able to prove earlier commercial validation compared to previous generations.

This is a fundamental shift in the capital-to-revenue ratio that VCs have historically expected.

Some startups now are reaching annual revenues of $1 million to $10 million with fewer than 10 employees, a feat only the best outliers have achieved (Instagram only had 13 employees when Facebook/Meta bought it for $1B in 2012). Traditional SaaS companies typically required teams of 20-50 people to reach similar revenue milestones, meaning significantly higher burn rates and longer runways to profitability.

Companies are reaching as much as $10 million in revenue with teams of less than 10 people. Startups don't have to raise as much, and the capital goes much longer. This creates a new category of "capital-light unicorns" where traditional venture scaling models may not apply.

Faster Time-to-Market - Up to 55% faster completion times reported across projects using vibe coding, according to GitHub Copilot’s research.

The business case is clear here: The entire product iteration cycle becoming compressed = Faster everything. Companies validate faster, build an MVP faster, reach PMF faster, grow faster, exit faster.

They also fail faster. The barrier of entry keeps on getting lower and lower. If tech billionaires are the headlines in the 2010s, vibe coding might make the 2020s allow other non-technicals to share the stage.

Investors are rethinking what it means to be a technical founder, looking at domain expertise, business acumen, and proficiency with AI tools rather than traditional coding skills.

This creates what some people are calling "AI-native" founders who are not technical but excel at using AI to vibe-code, among other things. Many tell me that it’s increasingly difficult to have up-to-date frameworks that assess founders well.

Caveats of Vibe Coding

But before you immediately sign 5 new deals based on vibe coding, here are critical issues and risks that come with:

Unprecedented Technical Debt - Without proper systems architecture and security in place, you’re going to end up paying so much more to fix things and have a system installed later on, versus if you had implemented them early… or as people say it, a Build Now, Pay Later model.

The problem compounds over time as teams accumulate more and more tech debt. Forrester predicts that by 2025, more than 50% of technology decision-makers will face moderate to severe technical debt. That number is expected to hit 75% by 2026.

AI-generated code lacks the structure, documentation, and clarity necessary for long-term maintenance. This makes it really hard for human engineers to make changes and do debugging, and re-prompting over and over again usually doesn’t work.

“But AI will only get better!” I have no doubt, but I do think there’s a limit. LLMs are still statistical models that answer based on the statistically most common answer. The reason why it works well for simple prototypes is because the source code for these projects are public and everywhere.

The internal code for complex, profitable things that work well? That’s proprietary information that LLMs won’t (and shouldn’t) get access to, so those won’t be added into an LLM’s training dataset.

Let’s take the financial service industry for example, where Kruncher sits. Vibe coding fails to represent complex requirements in this industry because it’s tied to so much domain knowledge not just in financial modeling, but also region-specific regulations.

Code made by AI isn’t really written like how a human does it. So, as the product scales up to meet more customer demands, a company will inevitably need to introduce human engineers into the loop, and when this happens, costs increase dramatically as developers spend more time deciphering AI-generated code than implementing new features. Onboarding new team members becomes a significant challenge, as they struggle to understand the codebase's underlying logic and structure.

For investors, this means that companies showing impressive early growth metrics may be accumulating hidden liabilities that will require significant capital investment to resolve.

This also creates a funding cliff where successful companies suddenly need significant engineering investment to support their growth.

Security Vulnerabilities - 36% of AI-assisted code is found to have security vulnerabilities. It is so bad that Article 6 of the EU AI Act now classifies some vibe coding implementations as "high-risk AI systems" requiring conformity assessments.

It only takes one big cyber attack and that can destabilize companies so much that they risk bankruptcy. It immediately erodes your customer’s trust and puts a giant hole into your budget.

This is the paradox of using LLMs to create. Because AI models are trained on public code repositories, they replicate common security patterns, thus attackers become familiar with them.

For non-technical investors, this introduces another complicated layer of risk that you'll need to evaluate when you do due diligence.

For startups operating in regulated industries, this can also create an additional compliance overhead that might end up being more time-consuming and expensive than the advantages of vibe coding can cover.

For investors, you know the drill by now: Yet another layer of due diligence. It will be your worst nightmare to discover that a company cannot legally put their copyright header on any of their things, which means it's not actually an IP asset that they properly own. Intellectual property ownership is another complex subject that could affect exit valuations.

Reduced Funding Needs - This is something underrated that I don’t see often in other people’s writing. Because vibe-coding allows the product to be built faster, successful startups will bootstrap longer before seeking institutional funding. Startups now have more leverage and incentive to not have a VC partnership.

This fundamentally alters the traditional venture capital value proposition, where access to capital was often the primary competitive advantage VCs could offer. And yes, this does mean increased competition for deals while potentially seeing lower ownership percentages and reduced influence over company direction.

It’s already happening. I’ve talked to founders who are doing more with much less, and  bootstrapping instead of going the traditional route of fundraising or joining an accelerator. Investors also say that the teams they’re seeing are shrinking and shrinking, reducing their capital requirements and extending their runway without external investment.

The broader market dynamic also creates a scenario where the most successful vibe-coded companies become acquisition targets rather than venture-backed growth stories.

So What Should I Do?

Good question. I’ve laid out all the ups and the downs, and you’ve read 10 other articles and heard 100 stories of vibe coding. The game is changing fast. So what can you do differently?

Vibe coding creates three main problems for investors: Volume, Due Diligence, and Changing Frameworks.

Volume

First, volume. Due to the lower barrier of entry, it’s easier to vibe-code a SaaS than setting up a lemonade stand. This creates an explosion of new startups that just about anyone can build.

If you’re a mid-sized fund, you easily get 50 proposals a week. With vibe-coding getting better and more popular, that number can easily double in just a year.

If you’re a slightly more systemized investor than spraying and praying, you would still want to assess these startups, even if they get only a 5-minute skim.

You can hire a legion of analysts to help you deal with the inflow. Or, you get automations in place that filter out these startups. Very similar to an HR resume filtering system, though evaluating a company needs more complex assessment than just deciding from a single-page resume.

Due Diligence

Second, due diligence. I talked about tech debt and how they later reveal a price tag that many are unprepared to pay for. Vibe code also creates complications with IP and compliance.

Is there a good framework to assess a startup whose people don’t understand why their code works? Even if the financials look good, there is just something off with the fact. Are we ready to assess them fairly?

With these new checks in the due diligence stage, they’re only adding delays and more costs to an already painful process nobody likes going through. Paradoxically, expert devs are getting more and more in-demand as VCs increasingly need to do DD to the level of inspecting the product’s tech infrastructure.

If there’s a growing pattern of vibe-coded startups in your portfolio, you might also consider having an in-house IP and compliance consultant. Or partner with good firms that have the subject matter expertise. 

Truth be told, I am not sure if AI can help automate this part of the process. I will be the first to write about it if I genuinely think there’s a way.

An AI tool assessing the work of another AI is an endless loop because AI cannot verify. Humans still need to check. And AI is tremendously bad at this; there are too many stories of plagiarism-checkers failing to correctly assess whether a writing is by AI or a human. It will be the same case for this.

On the other hand, AI is improving rapidly, and founders and developers should at least try it for themselves to properly understand its limitations in place. With constant use, we move the bar up when the models are able to do something better.

Changing Frameworks

Finally, changing frameworks. As an investor, you’re going to need to re-wire your brain for vibe-coded startups. Here are some steps you can take to evaluate them:

• Re-evaluate how you assess founders. Focus on founders who understand software architecture principles even if they don't write code. Can they design scalable systems and identify when AI-generated solutions are inadequate? Domain expertise is a great premium to have as well. A healthcare expert who can effectively use AI may be more valuable than a traditional engineer without domain knowledge.
  
  
• Map out which AI coding tools the company relies on, their pricing models, terms of service, and what happens if access is revoked. A company built entirely on Cursor or Claude could face existential risk if those services change pricing or availability.
  
  
• Reserve capital for technical overhaul. Prepare for significant engineering investment/hiring when companies reach product-market fit.
  
  
• Plan for longer development cycles in Series A and beyond, as companies will need to rebuild systems that were rapidly prototyped with AI.
  
  
• Also factor in factor in cybersecurity audits, compliance requirements, and potential security incident response costs.

I know it sounds like a lot of work. But you can use this knowledge as a competitive advantage. While other investors may be attracted to the initial speed metrics, you can identify which companies are building sustainable technical foundations versus the ones accumulating unsustainable debt.

Final Thoughts

Tough times make for tough questions. Is your fund okay with extending deal making timelines? What about the new level of financial uncertainty and risks that using AI-generated code presents?

Will you stay back and double-down on conventional startups, or do the upfront investment of setting up a new system of doing things, in order to capture the new market?

AI is evolving fast and your decision making needs to stay dynamic. On Kruncher, we stay in the crux of tech, AI, and investing, and we will keep you updated with the latest industry information.

About Kruncher

Kruncher is a team of AI, financial, and technology experts united by a single mission: to transform how venture capital firms discover, evaluate, and manage investments in the AI era. As of time of writing, 20+ investment firms use Kruncher’s AI-powered platform to sharpen their deal flow, due diligence, and portfolio strategy.