Beyond Vibe Coding into Agentic Engineering

In 2025 I published a blog post titled Common security pitfalls using Vibe coding, where I briefly explained what vibe-coding is, and what the security issues arise from "vide coding".

Recently, I came across an emerging term called "Agentic Engineering".

In this blog post, I will explain what "Agentic Engineering" is and how it differs from "Vibe coding".

Vibe Coding

The term "Vibe coding" came from a quote by Andrej Karpathy on Twitter/X. It refers to the "magical" experience of typing English into an editor (like Cursor) and watching a feature appear. It relies on the model's training data to guess the intent.

Vibe coding is basically when you treat building software like a "vibes only" project. You ask an AI for something, hit copy-paste without really looking at what it gave you, and just cross your fingers that it works. If it breaks, you just throw the error message back at the AI and hope the next try is better. It turns programming into a lucky guess rather than a real skill. The big issue right now is that people are confusing this "winging it" approach with actual professional work, and that's a dangerous mistake to make.

Vibe coding isn't ready for the big leagues because it’s like building a house with a "magic" hammer that does the work for you, but you have no idea how the plumbing or wiring actually connects behind the walls. When you just accept whatever, the AI gives you, you might unknowingly be leaving the front door unlocked for hackers because you didn't check the security. Even worse, if something breaks six months from now, your human team will be stuck staring at a confusing mess of code they didn't write and don't understand. It’s nearly impossible to fix or update a system when the people in charge don't know the "why" behind how it was built in the first place.

The Software Paradigms

The evolution from Software 1.0 to Software 3.0 is most commonly referred to as the Software Paradigms or the Generations of Programming.

Each stage represents a fundamental shift in how humans interact with machines and how logic is generated.

The Three Paradigms

• Software 1.0 (Classical Programming): Code is written by humans. A programmer uses their brain to translate a business requirement into explicit instructions (C++, Python, Java). If the logic fails, a human must find the specific line of code to fix. This is Imperative Logic.
• Software 2.0 (Machine Learning): Code is written by optimization. A human provides a massive dataset and a goal (a loss function). The machine "searches" the space of all possible neural network weights to find the program that fits the data. The "code" is essentially a binary file of weights. This is Data-Driven Logic.
• Software 3.0 (Agentic Engineering): Code is written by AI agents. Humans define high-level goals and constraints in natural language. The agent then uses reasoning loops, calls external tools, and writes its own code to achieve the task. This is Agentic Logic.

References:

• Andrej Karpathy on Software 2.0
• Andrej Karpathy on Software 3.0: Software in the Age of AI
• What Is Software 3.0? How Prompting Replaced Programming

What is Agentic Engineering

Agentic Engineering describes a shift from using AI as a simple autocomplete tool to using it as a semi-autonomous agent capable of reasoning, using tools, and correcting its own mistakes.

While the concept of "Software Agents" dates back to the 1990s, the modern term gained momentum in late 2023 and early 2024. Industry leaders like Andrew Ng (via DeepLearning.AI) have championed the "Agentic Workflow," arguing that iterative agent loops often produce better results than larger, more powerful models using simple zero-shot prompting.

Defining the Concept

In standard development, a human writes the logic. In Agentic Engineering, a human defines the goal and the constraints, while an agentic system performs the following:

• Planning: Breaking a complex task into sub-steps.
• Tool Use: Executing shell commands, searching the web, or running tests.
• Self-Correction: Analyzing error logs to rewrite code until the tests pass.

The 6 Operational Principles

When experts like Andrej Karpathy or Addy Osmani discuss the shift to agentic engineering, they often talk about six core principles that define the workflow. These include the structure above, but add the "how-to" of professional engineering:

The "Spec-First" Foundation

• Spec-Driven Planning: This is the evolution of the "Planning" pillar. Instead of the agent just "thinking," it must produce a formal specification. This is the blueprint that prevents the agent from going off the rails.
• Technical Fundamentals: This is the constraint system. You ensure the agent follows established patterns (like DRY or SOLID principles) rather than just "vibing" its way through a solution.

The Execution & Validation Loop

• Relentless Testing: This is the "Check" phase of the agentic loop. In agentic engineering, an agent is not "done" when the code looks right; it’s done when the tests pass.
• Full System Ownership: This shifts the agent's scope from writing a single function to understanding how that function affects the entire codebase, including deployment and security.

The Human Leadership Layer

• Strategic Orchestration: This is the management of multiple agents. The human doesn't write the code; they coordinate how the "Frontend Agent" and "Backend Agent" talk to each other.
• High-Level Oversight: This is the final safety gate. Humans focus on the 5% of decisions that are high-risk or subjective, while the agent handles the 95% of "grunt work."

References:

• What's next for AI agentic workflows
• Agentic Engineering
• What is agentic engineering?
• 10 Things I Learned from Andrej Karpathy on the Shift to Agentic Engineering

Summary

Vibe coding relies on intuition and a "guess-and-check" workflow where a developer prompts an AI and hopes the output works. While fast for prototyping, this approach lacks the structure needed for complex systems because it depends on the human to spot errors and manage the logic. The shift to agentic engineering replaces this experimental style with a professional discipline. Instead of a single chat, you build a system where the AI acts as an autonomous agent that creates a formal plan, executes tasks in small steps, and uses a self-correcting loop to fix its own mistakes before delivering the final result.

The core of this transition is moving from being a writer of code to a strategic orchestrator. You provide the high-judgment oversight and define the technical fundamentals, while the agent takes full system ownership of the implementation. By implementing spec-driven planning and relentless testing, the agent ensures that every line of code is verified against real-world requirements. This move from "vibes" to "engineering" creates a reliable, scalable factory for software where the focus is on building robust systems rather than just chasing a lucky output.

Disclaimer: AI tools were used to research and edit this article. Graphics are created using AI.

Reference:

Andrej Karpathy: from vibe coding to agentic engineering

About the Author

Eyal Estrin is a cloud and information security architect and AWS Community Builder, with more than 25 years in the industry. He is the author of Cloud Security Handbook and Security for Cloud Native Applications.

The views expressed are his own.