The vibe coding guy says vibe coding is passé
Karpathy says vibe coding is passé. The new term is "agentic engineering" — and for legal and product teams, the distinction is a governance question, not a branding one.
Andrej Karpathy coined "vibe coding" in February 2025. One year later, he's back to tell us it's already outdated. The new term is "agentic engineering," and the distinction matters — not just linguistically, but structurally — for how we think about building software, governing AI systems, and defining who's accountable when things go wrong.
Karpathy's original post was, by his own admission, "a shower of thoughts throwaway tweet." But it crystallized something real: the experience of surrendering control to an LLM and just seeing what comes out. Vibe coding was fun. It was exploratory. And it almost worked — his words, not mine.
The problem is that "almost works" doesn't ship. It doesn't pass security review. It doesn't satisfy regulatory obligations. And it certainly doesn't hold up when a product counsel asks, "Who verified this code actually does what we say it does?"
From vibes to oversight
What Karpathy is now describing is fundamentally different. Agentic engineering, as he frames it, means you're not writing code directly 99% of the time. Instead, you're orchestrating agents and acting as oversight. The word "engineering" is doing real work in that phrase — it signals expertise, discipline, and accountability.
This is a meaningful shift. Vibe coding treated the human as a passenger. Agentic engineering treats the human as a supervisor. That's not a branding exercise. It's a governance architecture.
For product teams, the implications are concrete. If agents are writing the code, then the human layer — the engineer, the reviewer, the product counsel — becomes the quality control function. The question stops being "can we build this faster?" and starts being "do we have the oversight infrastructure to trust what the agents produce?"
The accountability gap hasn't closed
Here's what Karpathy's framing doesn't fully address: the accountability question. When a human writes code, there's a clear chain of responsibility. When an agent writes code and a human reviews it, we're in murkier territory. How thorough does the review need to be? What standard of scrutiny satisfies a duty of care? If an agent-generated module introduces a vulnerability, is the "agentic engineer" responsible the same way a developer would be?
These aren't hypothetical questions. They're the questions that legal, compliance, and product teams are going to face — and in many organizations, are already facing. The shift from vibe coding to agentic engineering is welcome precisely because it reintroduces the concept of human oversight. But naming the oversight function and actually building it are two different things.
Software writing software, revisited
Constellation Research analyst Holger Mueller made a related prediction back in 2023: the developer function of writing code will slowly disappear over the next five years and will likely be gone altogether in 15 years. His argument was that the primary input would shift from keyboard to voice, from code to natural language, and that software would increasingly write software.
Mueller was directionally right, and Karpathy's evolution from vibe coding to agentic engineering tracks that trajectory. But Mueller also identified something that gets less attention: this shift broadly expands the number of people who can build applications. More business users putting themselves "in charge of their automation destiny," as he put it.
That's both an opportunity and a risk. More builders means more software in production. More software in production means more surface area for errors, bias, security gaps, and regulatory exposure. The democratization of building is great for innovation. It's a challenge for governance.
What this means for product counsel
If you're in a legal or governance role, Karpathy's shift in terminology should prompt a practical question: does your organization's development workflow account for agent-generated code as a distinct risk category?
Because the oversight model for agentic engineering isn't the same as traditional code review. When agents produce code, the review function needs to account for the fact that the reviewer may not have written — or even fully understand — every line. That changes what "reasonable review" looks like. It changes what documentation you need. And it changes how you think about liability when something breaks.
Karpathy is right that agentic engineering is something people can learn and improve at. But the learning curve isn't just technical. It's organizational, procedural, and legal. The companies that figure out the oversight layer — not just the agent layer — are the ones that will capture the leverage without the liability.
The vibe was fun while it lasted. Now comes the hard part.
Darryl K. Taft
