Trust Emerges as the Critical Bottleneck in the Age of Vibe Coding

(SeaPRwire) –   Welcome to Eye on AI, with AI reporter Sharon Goldman. In this edition: Microsoft CFO’s AI spending confronts tech bubble fears…How AI assisted one man (and his brother) in building a $1.8 billion company…Apple intensifies its crackdown on vibe coding apps.

AI is now capable of writing code at a speed impossible for a human to match. Utilizing “vibe coding” tools such as Anthropic’s Claude Code and OpenAI’s Codex, developers are happily building and releasing software at a rate that was inconceivable only a year ago. Even Boris Cherny, the creator of Claude Code, has claimed that the most recent version was authored completely by Claude Code itself.

However, while vibe coding accelerates development, it can also embed subtle bugs and security weaknesses. Human error remains a factor, as evidenced by Claude Code now facing scrutiny after its source code was unintentionally leaked this week because of a packaging error.

For large enterprises, such vulnerabilities are unacceptable. In companies with extensive codebases, the priority is not merely speed but guaranteeing that code is accurate, secure, and adheres to internal systems and external regulations. As AI tools start to automatically produce code for production, the primary challenge is moving from writing software to validating it. At an enterprise level, where systems may handle millions of code modifications annually, minor mistakes can rapidly escalate into significant threats.

This brought to mind an interview I conducted two years ago with Itamar Friedman, cofounder and CEO of Qodo, an AI code review tool that recently secured $70 million to address what he terms the expanding issue of “AI slop” in codebases.

During our first conversation in early 2024, when his company was named CodiumAI, Friedman discussed “flow engineering”—a framework where one AI model generates code and another evaluates it, incorporating layers of testing and analysis. Even at that time, it was apparent that producing code was far simpler than ensuring its accuracy and performance, making “code integrity” paramount.

In a discussion yesterday, Friedman contended that current AI coding tools, driven by LLMs, are built to fulfill tasks, not to challenge them—which makes an independent “governance and trust layer” crucial for deciding which code is suitable for release.

“AI is not enough when you’re talking about real-world software quality and code governance,” he stated. “What you need, actually, is official wisdom.” He elaborated that for a developer in a large organization, producing high-quality code involves more than intelligence. It requires understanding the specific ways a company operates—the collective, unwritten knowledge within the organization.

He explained that Qodo examines how an organization’s developers actually write and review code—studying pull requests, comments, and historical changes—and converts this into a rule set that defines “good” code for that particular company. These rules are then automatically applied, identifying new code that breaches them.

In the AI era, the dilemma for enterprises is their desire for greater speed, balanced against the inability to modify their codebases without confidence in the code’s trustworthiness.

“That’s the gap we’re trying to close,” said Friedman, who worked for three years as a director of machine vision at Alibaba before founding what is now Qodo in 2022, shortly before ChatGPT’s debut. He noted that Qodo’s clients, which include Walmart, Nvidia, Ford, and Texas Instruments, aim to be agile but also recognize their systems rely on deep layers of accumulated knowledge and limitations.

The current vibe coding environment, he added, overstates the short-term reliability of these tools and understates the necessity of a trust layer to ensure their long-term practicality in real-world applications.

With that, here’s more AI news.

Sharon Goldman
sharon.goldman@.com
@sharongoldman