TetraMesa

MVPs + Vibe + Moral Hazard = VibeWreck?

By

“There’s two classes of failure: those who thought and never did, and those who did and never thought.” – Laurence J. Peter

As product people, we may have some dev experience. Or not. Either way, we should know about risk. We know when deploying products the bottom line is what value we’re putting out there and is it worth more than the costs. The risk comes into play depending on how far out on the edge we’re going. Upon failures, regardless of cause, who takes the first hit and is invited to seek out other career options? Typically product. Perhaps a whole division. And yes, perhaps a whole company. I’ve seen this up close and been a part of it a couple of times. Still, when building the new, at some point we have to do as Richard Branson says, “Screw it, let’s do it.”

I understand I might be hopping on this train bit late. While I thought my rant was semi-on-time, while typically sitting on my draft over weeks, others have piped up and said things well or better. Such as this thread from Simon Wardley about Vibe Coding in general.

Fine. OK. So I’m not first. That’s ok. Here’s my perspective from the product side anyway…

Here’s the Too Long, Didn’t Read (tl;dr): I believe the whole Vibe Programming thing is going to result in some tragically bad outcomes. Yes, perhaps also some exceedingly rare big wins. But mostly not. And yes, many of us now have spectacular tools for faster prototyping and testing. That’s great. Will this collective benefit be worth the costs of what I think might be some stunning failures coming soon to a web thing near you? Maybe. Tough call. Stay tuned. Now I have to mention my favorite quote from that Wardley comment thread I came across: “Just make sure you hire lots of really good lawyers and fire extinguishers then. Or, hire some software engineers … you’ll need them.”

Here’s my bottom line and if you buy off on it, you can just skip the whole rest of the article:

The latest Gen AI tools for coding and product design and production are amazing. I’ve quickly adopted them myself and find them super useful. And yet, they’re still super scary. Anyone actually delivering production product with these things is sending a lot of risk and waste out into the world. And I think we’re going to sense the fallout from that soon enough.

Why So Gloomy? Lighten Up!

This post is atypically… “acerbic” perhaps? Especially in that I generally adopt an optimistic viewpoint, even to a fault on occasion. But here? I don’t know. I think perhaps I just have viscerally poor reactions when the breathlessly and tragically hip meme machine starts advocating for things with zero sense of balance. It’s like the old story about the lemmings following each other over the cliff. Which lemmings don’t even really do. And that’s kind of the point. Lemmings might not do this. But people seem to as they accept memes and ideas with little to no critical thought.

And my spidey-sense has been tingling a bit when I think about ‘so-called’ MVPs and Vibe. Why? Partly because I’ve been building with some of these tools, including site generators, code generating GPTs to fill in gaps and using AI agent tools as well. They’re good. But not necessarily great. At least not yet. And that’s obvious enough to me as a product person even without professional dev skills. What are these things anyway? We’ll start with a couple of quick definitions and then we’ll see if I can actually tie these together with any kind of fair argument.

  • First, Vibe Coding. Coined by Andrej Karpathy, co-founder of OpenAI and former director of AI at Tesla, in February 2025. He described it as a new kind of coding where developers “fully give in to the vibes, embrace exponentials, and forget that the code even exists,” highlighting a shift towards intuitive, AI-assisted programming. Great. Maybe makes sense. Maybe it’s good. You judge. While we’ve always had tools to accelerate production, over just the past few years we’re seen the emergence of early “low-code, no-code” solutions evolve to what’s we have now with AI generated graphics, website designs, code, and so on. These tools are amazing, while also being occasionally sloppy and wrong. Just as with GPT based AI’s, they can be wrong, but rarely in doubt. (You know, kind of like some people you probably know.)

  • Moral hazard is the risk that one party takes greater risks because they don’t bear consequences, often due to being protected or insured. Or being what’s called judgement proof. Being judgment proof means that even if a court rules against you, the plaintiff can’t collect anything because you don’t have assets. Or you’re otherwise protected. This can amplify moral hazard, as actors may knowingly take actions that could harm others, understanding any legal consequences will be toothless. Or even if not acting with intentional malice, they might be thoughtless, (arguably reckless), and disregard consequences. Who’s judgement proof here? That’s right. Most startups. Though if you mess up badly enough, you’ll be sued anyway. And if careless enough to release something that does bad things as a solo practitioner without even a corporate presence, you’d likely have an even rougher time.

  • MVP. I won’t bother excessively defining this here. I just have to assume anyone in my audience, (all 12 of you… “hi mom”), are familiar with Minimum Viable Product (MVP) concepts. (Though a lot of us are probably doing it sloppily at least some of the time. I’m not saying we have to do everything that Marty Cagan says to do. Frameworks are great, (I’m a big fan), but we always need our own judgement to right fit and customize for our circumstances. Please consider seeing my thoughts on this in: MVPs – Refresh, Reimagine or Retire?)

These unpleasant thoughts came to mind while I was playing around with ideas about how to apply Minimum Viable Product (MVP) concepts and how they relate to the fad-of-the-month, “Vibe” programming. Or is it a trend? It’s definitely a meme. The bandwagon hitchhikers are already extending it to Vibe Marketing, Vibe Financing, Vibe [insert YOUR thing HERE!]. So we’re going to see more things being deployed faster. The problem might be that some of them are a bit out of control or without a lot of depth of human reasoning as to why. Yes, humans may be in the loop, but let’s face it; humans under time pressure often make bad choices. (Pro tip: Avoid the Vibe Dental clinic.)

Like… Some Vibe Questions… Duuuuude

The questions are fairly simple:

  • Is anything of value really happening here? And if so, where?
  • Is this all just a fresh, steamy pile of memeingless… nonsense that will burn out quickly.
  • Are there risks?
  • If there are risks, do the gains – at least potentially – outweigh them?

Some of these thoughts struck me as I was considering why some software seems so bad. The Chain of Thought was informed from looking at some the things we learned from our COVID-19 experience. COVID exposed how brittle our systems have become; partially in our drive for efficiency. That may be seeping into digital products as well.

So I got to wondering if some of the way we build products might be creating collectively challenging problems, even when individual winners thrive. Some quintessential examples of risk elements are security and privacy. Practically no one designs these in unless the product itself is for those purposes or there’s some regulatory burden. Why? Because they’re negative externalities. What’s that you say? A negative externality is a cost imposed on a third party who did not choose to incur that cost. The cliche example is something like pollution affecting nearby residents.

As to the Questions

  • Is anything of value really happening here? And if so, where?

Yes. It’s clear to anyone who’s tried these tools that they’re amazing, powerful, and liberating. You can build and deploy prototypes and working software super fast. (I’ve built multiple working web sites, one with agentic AI workflows, in just a few days. Alone. With minimal or at least decades old atrophied coding skills.)

  • Is this all just a fresh, steamy pile of memeingless… nonsense that will burn out quickly.

No. It’s not nonsense. There’s something here. Many things. Valuable things. But not EVERYthing.

  • Are there risks?

Boatloads. The largest? People don’t know what they don’t know. And don’t seem to care. There’s an old joke about being “often wrong, but never in doubt.” That’s just one risk here. The largest risk may be these things work well enough that everybody who’s nobody will be tossing things up against the interwebs to see what sticks. In their zeal and numbers, some garbage may overcome value thanks to speed and low costs. Think of this like a writer who’s really good at Search Engine Optimization (SEO) having their crappy content beat out higher value content for attention. Meanwhile, I’m reminded of the nuts and bolts plastic drill toy my daughter had when she was around five. It was great. But I didn’t just say, “You seem to be doing well with that. Why don’t you just head to the garage and try the table saw and other tools next. Have at it kid.”

  • If there are risks, do the gains – at least potentially – outweigh them?

I think this ends up being a moral question and value judgement. It’s somewhat like Venture Capital (VC) math. They know that their unicorn hit rate is some low percentage of investments, but will bring them to the moon and make up for everything else. So they swing for the fence. Even so, Angel/VC funding approval gates do offer some small gating function on who gets to market. Though we do have lower on the price of entry level everything from bootstrapping to crowdfunding or crypto funded projects. But now everybody’s jumping in as the costs of production with these things plummets. Even bootstrapping used to take somewhere between tens and hundreds of thousands. Maybe not for a basic content site or whatever, but for anything deeply functional. Now? Not so much. At least for something that kind of looks like it kind of maybe sorta works. This is arguably a very good thing. But maybe not. Or at least, certainly not always. This is the concern. Everyone’s jumping in the pool. And they’re not following the signs that say to take a shower first. Maybe they’re even leaving other kinds of mess in the pool. (Sorry.) Collectively, it’s possible the goodness that goes into the world by these means will outweigh all the junk. But this isn’t just about having to take the time to eliminate all the junk in your email box that gets through your filters. There will be some software out there that people will likely pay for and lose money. Or will adopt and somehow otherwise get hurt by. And still others that suffer collateral damage. (There’s those negative externalities again.) The question will be how badly. And we’re not going to know for a couple of years. I’m just guessing here, but I’ll bet sometime over the course of 2025 – 2026 we’ll start to hear about various failures and get a sense of how bad. (I’m not going to imagine-guess on what some of these might be. I’ll just be watching the news. And who knows, maybe we’ll get lucky and I’ll just be wrong here.)

Here’s the issues with which I propose we might have some concerns. One of them is that use of MVP techniques in general, but certainly “vibe coding” in particular might be individually beneficial for the firm or individual in question, but presents certain Tragedy of the Commons type issues. That is, a firm might win a market based on being Lean and such, but the end result for essentially everyone is actually not the best outcome. Or more likely, they don’t win a market, but at least earn just barely enough of a right to participate in the grind. (But maybe shouldn’t have, and are just good enough to hold back others of much higher quality.)

Some software is obviously bad. Slow, clunky, unloved. But more dangerous are the brittle ones that look good while hiding serious failure modes, especially in mission or safety critical domains. There’s lots of reasons for bad software, but perhaps the last thing we needed was yet another high probability, high throughput, high speed means of creating more crap. Of course, we’re not going backwards in any case. So we’ll have to sort out how to contend with this. When laster printers first came out along with desktop publishing, LaserCrud, (the more fonts the better), was everywhere as all of a sudden, everyone had a newsletter. Fast forward to the ease of WordPress and blogging. Awesome overall for society, (my opinion), and yet with 600 million plus blogs, how many are really useful? (How many are even actually maintained?) Of course, the internet transformed every aspect of publishing and content delivery in general. So perhaps now that the ‘harder’ aspects of functionality are getting easier, this is just a natural next wave. Maybe overall this will turn out to be yet another net positive. Even if so though, I think we’re going to see some major speed bumps.

Fundamental Moral Hazard

Let’s go deeper into this. In the U.S. at least, we have some ironic and seemingly contradictory attitudes towards things. We have rule of law like most places. And we learn about morals and ethics and such. And yet, many of our heroes in the movies are big time rule breakers.

It seems the same has been true for a lot of our businesses, especially on the Wild West Web. Think about it. YouTube started out with rampant copyright violation. Uber and AirBnB basically ignored local laws in all manner of ways to get their businesses going. (Uber Became Big by Ignoring Laws (and It Plans to Keep Doing That, and The Rise and Fall of Airbnb: From Beloved Startup to Controversial Giant) They initially bypassed existing laws or operated in legal gray areas, shifting risks to drivers and hosts. In the end, startup land lauds them for their ingenuity, gumption and persistence. Not to mention rewards them with riches. Do we feel the same way when products fail and they hurt people? Early crypto companies launched with poor security leading to major hacks. (E.g., Mt. Gox cost customers hundreds of millions, NiceHash ~$64M, Coincheck, ~$500M, and there’s more.)

A potential problem with driving towards an MVP is it could – in some personality types – lead towards excessive risk taking. This may have always been true, but with a lower bar to digital product creation entry, will likely happen both knowingly, and with reckless disregard among those who are either – or both – unskilled and inexperienced. And yet, it’s off to the races!

Speed Doesn’t Kill, Hitting Things Does

You can drive your car 100 MPH down the highway. No problem. As long as you don’t hit anything. And why even slow down for an automated tollbooth? If you can fit through there at 15, you can fit through at 50, right?

When you build something that’s only going to work when every single thing lines up perfectly, you’re relying on luck. And ironically, one of the biggest problems might be if you get away with it for awhile. Because just like a beginning gambler that wins early, or a child getting away with some ill advised adventure, you can end up with at least some invulnerability or optimism bias that’s unwarranted. What happens when you press your luck? Maybe for some precious few they continue to skate by. More typically the discussion after the headline goes something like, “And no one was even paying attention to these obvious risks”. Add to this that some have an attitude towards the market, customers and competition similar to an idea I saw on an old “No Fear” t-shirt, “IF WE’RE KEEPING SCORE, WINNING IS THE ONLY THING.” Not too long ago, I worked on a project involving some low-code / no-code style tools. This was somewhat before the Gen AI coding boom. Even using these tools, I found a couple of issues that could have been of great concern. As in, possibly safety critical for real people. We fixed these issues, using the tools. (It was a data issue upstream in a process.) But had anyone just blindly generated code here? Maybe such things wouldn’t have gotten caught early.

In aviation, we have the Swiss Cheese Model for risk. It describes how accidents occur due to multiple, compounding failures rather than a single mistake. It basically says that Safety systems are like slices of Swiss cheese, representing different layers of defense (e.g., training, regulations, technology, procedures). Each layer has weaknesses (holes), which represent potential failures in the system (e.g., human errors, technical issues, miscommunications). An accident occurs when the holes in multiple layers align, allowing a hazard to pass through all defenses unchecked. This model emphasizes that no single factor causes an accident. It’s a combination of latent failures and active errors. The Swiss Cheese Model is similar to the Error Chain model, but differs in focus. The Error Chain (also known as the Accident Chain) focuses on the sequence of events leading to an accident. Each event is a link in the chain, and breaking any one link can prevent the accident. How much error chain protection do you think is built into Vibe Coding projects? (For those unfamiliar with the Do You Feel Lucy Punk meme, please see the classic Dirty Harry movie clip.)

Very rarely will things be perfect, even for fully professional team builds. What I question with these methods is how much of error root causes might be due to more subtle or hidden project release pressures vs. just the findings of some specific mistake. It’s unlikely your 15 year-old kid’s vibe project is going to have the kind of impact that Boeing jet failure or Tesla autonomous vehicle error or whatever could have. Probably. But 100,000 of these VibeWrecks? (There you go… my own meme… VibeWreck. Let’s see if that catches on. I may have to change the title of this article now.)

Non functional aspects of product.

I’ve already mentioned Privacy and Security. These are just two of many aspects of software that can fall under the category of “non-functional” requirements. That is, the product or service will kind of work without any consideration of these things. Or rather, maybe they’re kind of built in, but poorly. This is where I predict we’ll see the most severe and obvious failures.

Can We Balance Speed & Responsibility

I’m pessimistic here.

If you happen to be reading this far and actually care, here are some suggestions.

  • Build MVPs or Vibe Coded projects with guardrails: Minimum viable should include minimum ethical and minimum safe for the category at hand. If you’re building some mobile game people can amuse themselves with on a checkout line? Fine. Whatever. Launch it. If you get some traction, hire real programmers for a proper review. We’re already seeing freelance CTOs putting their shingles out as offering what I’d call Vibe Coding Rescue services. But if you’re building a crypto app with peoples’ real money? Anything medical? You scare me if you’re just going to have at it.
  • Engage risk mitigation stakeholders early: Legal, security, and ethical considerations should be part of product discovery. This doesn’t necessarily have to take a lot of time early on. But doing so may reveal both risks and opportunities. After all, if you happen to be in a competitive environment, being able to claim you’re a safer option than another could be a winning value proposition. Maybe at least add such issues of concerns to your prompts.

  • Think beyond short-term wins: Fast growth from cutting corners often leads to long-term liabilities. We’ve all always known this. The question is what depth of long term liability might kill your company just as completely as an early MVP failure, just a little further down the road. Some might be thinking, “I don’t care. I can’t win at all if I don’t get into the game and every damn thing I read says “just launch” as perfect is the enemy of the good.” OK, well, play that numbers game if you like. Just accept the higher risk.

I know this was a bit of a rant. Again I say that it’s mostly because I just react poorly to the severity of this particular hype cycle, especially in that I feel it’s going to have some really bad outcomes. Maybe I’m wrong. I hope so actually. Most things are on the proverbial pendulum and we swing back and forth. The only question is how much suffering happens first and who has to pay. Overall, easier to use build tools are likely a net benefit for society. What we’re likely going through now though, is perhaps similar to when monkey started using tools for the first time or discovered fire. There’s going to be some serious wreckage along the way.

I started this one with a quote, so we’ll bookend with one accordingly.

“I may not have gone where I intended to go, but I think I have ended up where I needed to be.” ~ Douglas Adams

Location

We're located in Stamford, CT, "The City that Works." Most of our in person engagement Clients are located in the metro NYC area in either New York City, Westchester or Fairfield Counties, as well as Los Angeles and San Francisco. We do off site work for a variety of Clients as well.

Have a Project?

If you have a project you would like to discuss, just get in touch via our Contact Form.

Connect

As a small consultancy, we spend more time with our Clients' social media than our own. If you would like to keep up with us the rare times we have something important enough to say via social media, feel free to follow our accounts.