Agentic Development

Beyond Vibe Coding

The rise of "vibe coding" tools (Replit, Lovable, Bolt, and similar platforms) has popularized the idea that anyone can describe what they want in natural language and get a working application back in minutes. The concept has real momentum: Collins Dictionary named "vibe coding" its 2025 Word of the Year, and Y Combinator reported that 25% of its Winter 2025 startup cohort had codebases that were 95% AI-generated.

But there is a fundamental gap between generating a working prototype and operating an enterprise-grade system. These tools optimize for the first mile of software delivery. They do not address the last mile, which is where the hard problems live: How do you get that application into production alongside your existing enterprise systems? How do you secure it, govern access, maintain audit trails, and enforce compliance? Who owns the infrastructure? Who maintains the application when business requirements change six months from now?

The Enterprise Reality Check

The evidence on these questions is not encouraging. In May 2025, Lovable-generated web applications were found to have security vulnerabilities that exposed personal information across 170 sites. Veracode found that 45% of AI-generated code contained an OWASP Top 10 vulnerability. As Java creator James Gosling put it in The New Stack: vibe coding is "not ready for the enterprise because in the enterprise, [software] has to work every time." Mendix CEO Raymond Kok was more direct: "Vibe coding in the world of enterprise software will need to understand the notion of non-functional software requirements, governance and control. Until then, it's a short-term con with limited long-term gains."

The core issue is structural. Vibe coding tools generate code. Code, once generated, must be understood, tested, secured, deployed, integrated, and maintained by someone. The developer who prompted the AI often does not fully comprehend the output, making debugging, security auditing, and long-term evolution difficult. As the application accumulates complexity, the pattern shifts from iterating to abandoning and rebuilding. Appfarm's enterprise analysis notes that this leads to "exponentially difficult" modification cycles that are unsustainable for applications expected to operate over years.

Specification-Driven Development: A Different Architecture

Nextworld's Agentic Development takes a fundamentally different approach. Rather than generating code from prompts and hoping for the best, it implements specification-driven development. During a conversational session with Ed the Builder, user requirements are captured and persisted into a formal, AI-readable specification. As the user iterates (fixing problems, adding features), the specification is updated, and Ed the Builder triages work to the Agentic Team to conform the solution to the specification's new state. Tests are generated and maintained against these requirements, ensuring the solution satisfies them even upon regeneration.

This is the critical architectural distinction. In the vibe coding model, the generated code is the asset, and it is fragile, opaque, and difficult to maintain. In Nextworld's model, the specification is the asset. The specification captures the user's intended functionality in a portable, stack-agnostic format. The generated solution becomes closer to a commodity that can be recreated at any point. As Nextworld's internal documentation states: "Nuance and proprietary value is captured primarily in the specification, rather than in the finished good."

No "Last Mile" Problem

Because all outputs are defined in Nextworld's metadata and execute inside the platform runtime, everything the agents build automatically inherits the full operational foundation: security, access control, audit trails, lifecycle management, automated testing, and zero-downtime upgrades. There is no "last mile" problem. There is no separate infrastructure to provision, no security model to bolt on, no deployment pipeline to assemble. The application is enterprise-grade by construction, not by afterthought.

The agents also reuse existing platform metadata (workflows, security definitions, data structures) whenever possible, focusing effort on the novel parts of each solution. This is what enables delivery timelines measured in days-to-weeks for production applications that would take months in a framework or vibe-coding model, with none of the accumulated technical debt.

Sources Referenced

  • Collins Dictionary, 2025 Word of the Year: "Vibe Coding"
  • Y Combinator, Winter 2025 Batch Data (25% of startups with 95%+ AI-generated codebases)
  • Wikipedia, "Vibe Coding" (Lovable security vulnerability incident, May 2025: 170 affected sites)
  • Veracode (via Peterson Technology Partners), AI-generated code vulnerability analysis (45% OWASP Top 10)
  • The New Stack, "Vibe Coding Fails Enterprise Reality Check" (September 2025), James Gosling quote
  • AI Magazine / Technology Magazine, "Why Vibe-Coding Raises Enterprise Governance Concerns" (November 2025), Raymond Kok, CEO at Mendix
  • Appfarm, "Vibe Coding: What Enterprises Need to Know" (enterprise modification cycle analysis)

About the author