The idea of vibe coding — sharing your feelings about the kind of software you want to create with a generative AI coding assistant, rather than feeding it clear instructions — has become popular. It also seems antithetical to working in a bank, where everything, including software development, must be done in compliance with a host of regulations.
Despite this, vibe coding could find a place in financial institutions.
"It's definitely possible" for employees at a regulated bank to vibe code, Adriana Beach, of counsel at Benesch, told American Banker.
The term vibe coding was coined by Andrej Karpathy, founder of Eureka Labs and former senior director of artificial intelligence at Tesla.
In a February X post, Karpathy wrote, "There's a new kind of coding I call 'vibe coding,' where you fully give in to the vibes, embrace exponentials, and forget that the code even exists." He described using SuperWhisper, a voice-to-text app, to tell Cursor Composer, a feature within the Cursor AI code editor, about new code he wanted to generate.
"I'm building a project or web app, but it's not really coding," Karpathy wrote. "I just see stuff, say stuff, run stuff, and copy-paste stuff, and it mostly works."
There's a new kind of coding I call "vibe coding", where you fully give in to the vibes, embrace exponentials, and forget that the code even exists. It's possible because the LLMs (e.g. Cursor Composer w Sonnet) are getting too good. Also I just talk to Composer with SuperWhisper…
— Andrej Karpathy (@karpathy) February 2, 2025
It sounds lazy, but it's becoming an established practice. Google CEO Sundar Pichai recently said he's also been using Cursor as well as Replit to build a website. "I wish I could do more,"
What is vibe coding in software development?
"Vibe coding is just using English language to create code," said John Ratzan, senior managing director at Accenture. "Because of this word 'vibe,' it's taken on an emotional tone."
GitHub Copilot, Amazon CodeWhisperer, Anthropic's Claude, Lovable, Bolt, Cursor, Replit and Memex are among the generative AI models that support vibe coding.
"Say you're building a mobile banking app, and you ask [gen AI coding software] to create an interface that allows someone to deposit money, and then make it a warm tone," Ratzan said. "That would be a real prompt. The power of it is, you could see it immediately and say, 'OK, make it a little less rigid. Make the boxes rounded, make it a triangle.' In an iterative capacity, you can either speak to it or type to it, but very quickly, instead of coding it, you're telling it with natural language what to do."
Steve Rubinow, associate teaching professor at the Illinois Institute of Technology and former chief information officer at the New York Stock Exchange, also sees vibe coding as good for prototyping.
"What do you risk in a prototyping tool? You're not rolling it out. It doesn't need regulatory scrutiny. You just want to demonstrate the concept," Rubinow told American Banker. "I think it's probably great for that and a great productivity tool for things that are so routine and so mundane and so well understood that maybe it's easy for a tool to produce it, and it saves you some time, as opposed to you rehashing it or reinventing the wheel."
Vibe coding vs. AI coding assistants: What's the difference?
Many banks use coding assistants like Github Copilot to help with software development.
The difference between vibe coding and using a coding assistant comes down to how much initiative the
In vibe coding, which is sometimes called AI-driven coding, an AI tool takes the lead in exploring, prototyping or generating large portions of code based on a broad goal or vague idea. The human user acts as a collaborator, editor or prompt-setter.
A banker might give a prompt like, "Make a dashboard that tracks customer churn," and the AI model will start building.
When using a code assistant, the human stays in control.
Benefits of vibe coding for banks and developers
Beyond the obvious efficiencies and time savings of vibe coding rather than writing software from scratch or using a code assistant, allowing vibe coding may create a better working environment for younger generations that banks want to recruit, said Anne Connelly, a faculty member at think tank and education provider Singularity University.
"That changes with every generation," she told American Banker. "When you look at my generation or the one before, an office was a very different place: It was strict, it was prescribed, it was rigid." In the early 2000s, companies tried to make offices fun, with perks like ping-pong and kombucha. Now offices are hybrid or virtual.
"I think the expectations of employees shift significantly over time, and the way they engage with you, with each other, and the language they use, all of that changes," Connelly said. "Even as a mechanism to retain your workforce, providing opportunities to do vibe coding, or whatever new methodology it is that younger generations like to do, can really help with maintaining quality employees."
Risks of vibe coding in heavily regulated industries
Like most uses of gen AI, vibe coding raises concerns about data privacy, transparency, explainability, hallucinations and the potential for biased results. Generative AI is, after all, a pattern generator that generates code, language, images and other content based on prompts and the data it's been trained on, which for foundation models like ChatGPT is a smorgasbord of almost everything on the Internet.
Rubinow said vibe-coded software requires thorough review and testing.
In regulated banks, "there's an extra level of scrutiny, and that takes time, and it takes work, and it's not for the casual observer, it's for people who really know what they're doing," he said. "I'm going to give my favorite gen AI assistant some prompts. It's going to deliver some code for me, that's great. How do I know the quality of the code? How do I know how many bugs it has in it? Obviously you've got to do some testing."
An expert needs to analyze the code to make sure it's secure, Rubinow said. The software has to be explainable and scalable.
AI regulations banks must follow when vibe coding
Banks have to be careful about data privacy when they vibe code, Beach said.
The Gramm Leach Bliley Act, for example, requires banks and their service providers and vendors that have access to customer information to be transparent about what their practices are and to safeguard personal data by reasonable means, Beach said.
Other important regulations are the EU AI Act, the Utah AI Act and the Colorado Privacy Act, Beach said.
"Banks could start with GLBA but would have to move beyond that and provide another comprehensive privacy policy, because the GLBA template privacy notice doesn't really consider things like vibe coding," Beach said. "So they would want to provide a transparent privacy notice to consumers, but also to any business partners that they're going to be working with, that says some of our services and enhancements are going to be done through the use of vibe coding, and be really, really clear about that."
There's also the risk of discrimination, Beach said. "A common thread that comes up in AI legislation, in proposed bills and definitely in the EU AI Act, is making sure that there is a lack of discrimination," she said. "I think that this is a tricky part with vibe coding, because essentially, you're just using day-to-day prompts to build out code for you. So the prompts you're using have to be very meticulous, because the way in which it produces code from those prompts could be discriminatory in nature, if someone has unconscious or conscious biases."
AI laws tend to come down hard on discrimination that could have a financial impact on consumers, such as their ability to gain employment or buy a house.
"All of these things flow through banks," Beach said. "If you need to buy a house, you go to a bank to get a loan. If you need a good job, a background check may include financial crime histories or bank statements."
There are a couple of things that banks can do to make sure that they are meeting existing and upcoming AI laws, Beach said. They can use compliance guardrails such as masking personally identifiable information, using synthetic data to train models and archiving prompts used in vibe coding.
Retaining prompts is important because if a bank turns out to be discriminating, for instance not giving loans to women of color, "you need to understand what went wrong there, and based on vibe coding, it's probably going to be the prompts that were used, and they may not have been intentionally trying to bias a particular class of person, but that may have been the output," Beach said.
For all these reasons, banks will need to be cautious about vibe coding.
"People are going to be experimenting," Rubinow said. "They're going to find the limitations of the tool. They're going to be careful, because they know that you can't use the excuse that it's not my fault, the computer did it. Nobody buys that."
What internal controls are needed to safely operationalize vibe-coded tools in production?
Controls should include code-review checklists for AI-generated code, sandboxed development environments, explainability testing, and documentation of prompt history and model behavior for audit purposes.
Could vibe coding introduce discriminatory logic into financial software?
Yes. Since vibe coding relies heavily on human prompts, unconscious bias can be embedded into generative outputs. The prompts must be meticulous.
