Executive summary

The interesting question in vibe coding is no longer whether AI can write code. It can. The harder question is who owns the app after the code exists.

Vibe coding is the shift from writing software line by line to steering software agents with intent and feedback. The market is no longer hypothetical: users describe an app or engineering task, and an AI system plans the work, writes code, runs it, fixes errors, previews the result, and often deploys it.

The category splits into three lanes. On their own product pages, Replit Agent, Lovable, Emergent, Bolt, and v0 are presented as products that can take a user from idea to working app, often without assuming a traditional software-development workflow: Blog: Introducing Replit Agent Docs: Welcome.md Emergent Bolt V0 By contrast, Cursor and Devin are presented much closer to existing engineering workflows such as repos, tests, reviews, and backlogs: Cursor Docs: Devin Intro. Frontier lab platforms such as OpenAI Codex and Anthropic Claude Code are moving from model supply into full software-agent workflows.

The core view is that vibe coding does expand software creation, but the durable economics may not sit in raw code generation alone. The better business is likely in the layers around the code: context, execution, deployment, verification, and governance. Conputer makes the sharpest business-model point here: app-first “consumer developer” tools monetize differently from SWE/dev-first tools. The demo is “prompt to app.” The sturdier business may be “intent to maintained, hosted system”: Conputer: The Business Of Vibe Coding

Why now

First, coding models are good enough for multi-step work. OpenAI describes Codex as a cloud software engineering agent that can write features, answer codebase questions, fix bugs, propose PRs, run tests, and cite terminal/test outputs: OpenAI: Introducing Codex

Second, execution loops are now part of the product. Replit Agent says it configures the development environment, installs dependencies, executes code, and can take an application from idea to deployment: Blog: Introducing Replit Agent

Third, deployment and collaboration surfaces are bundled into creation. v0 can generate working applications, sync with GitHub, call APIs, and deploy to Vercel: V0 Lovable similarly describes full-stack generation with frontend, backend, database, authentication, integrations, editable code, GitHub sync, and governance: Docs: Welcome.md

That combination changes the buyer. A PM can build a prototype without waiting on design and engineering. A founder can test a workflow before hiring. A developer can hand an agent a bug or migration. A CTO can imagine parallelizing backlog work, then immediately worry about whether anyone understands what the agent produced.

What this industry actually is

A useful definition: vibe coding is intent-driven software creation through agentic code generation and execution. It is adjacent to no-code, but different in an important way. No-code often hides code behind visual abstractions. Vibe coding usually creates real code, then hides most of the authoring work behind natural language.

That distinction matters. Real code gives the user flexibility, portability, and access to the existing software ecosystem. It also inherits ordinary software risk: bugs, vulnerable dependencies, data leaks, brittle architecture, and maintenance debt.

The market map: app-first, dev-first, lab-first

App-early vibe coding

The app-first tools sell immediacy. They are not primarily asking the user to become a better programmer. They are asking the user to describe the thing they want.

  • Replit Agent attaches agentic creation to Replit’s workspace and deployment environment: Blog: Introducing Replit Agent
  • Lovable positions itself as a full-stack AI development platform for natural-language app creation with real code and governance: Docs: Welcome.md
  • Emergent explicitly markets a “vibe-coding platform” for production-ready applications from natural language, spanning web apps, mobile apps, agents, integrations, and deployment: Emergent
  • Bolt markets chat-based creation of apps, websites, and prototypes, with infrastructure pieces such as hosting, databases, auth, SEO, and analytics: Bolt
  • v0 has evolved from UI generation toward an AI builder for agents and apps, tightly linked to GitHub and Vercel deployment: V0

The app-first lane is where “vibe coding” feels most disruptive because the user may not be a developer at all. It is also where the category feels most fragile: lots of impressive starts, fewer durable finishes.

Dev-early tools and agents

The dev-early lane sells throughput rather than magic. Cursor’s positioning is not “no developers required.” It is “the strongest way to code with AI,” wrapped around codebase understanding, model choice, terminal work, Slack, GitHub, and cloud agents: Cursor

Devin goes further toward delegation. Its docs describe an autonomous AI software engineer that can write, run, and test code, tackle Linear/Jira tickets, implement features, reproduce bugs, write tests, modernize code, review PRs, and support customer engineering work: Docs: Devin Intro

These products are more likely to penetrate serious engineering organizations because they fit existing controls: repos, tests, PRs, tickets, CI, review, and audit. They also face a harder bar. Professional teams may not forgive code that nobody can maintain.

Frontier lab platforms

OpenAI and Anthropic are not neutral suppliers. Codex and Claude Code show that the labs want the agent workflow rather than only the model API. OpenAI Codex runs tasks in isolated environments and returns evidence through logs and test outputs: OpenAI: Introducing Codex Claude Code is packaged as a terminal and IDE coding agent: Claude: Claude Code

This creates the strategic tension in the category. If lab-native agents become good enough and already live inside ChatGPT or Claude, many orchestration startups lose differentiation. If specialized tools own context, deployment, design systems, and enterprise workflow, the labs remain suppliers rather than the whole product.

Buyer and budget

The buyer splits by control versus speed.

Non-engineer builders buy app-first tools because they want speed. Founders, operators, marketers, designers, students, and SMB owners want landing pages, internal tools, dashboards, workflows, demos, and MVPs. Lovable explicitly names founders, students, independent makers, product/design/GTM teams, and organizations: Docs: Welcome.md

Engineering teams buy dev-early tools because they want throughput without losing control. Cursor, Devin, Codex, and Claude Code compete for backlog work, tests, refactors, migrations, bug fixes, codebase Q&A, and PR generation.

CTOs, security teams, and procurement buy governance. Their question is not “can it make a demo?” It is: where does the code go, who approved the change, what data was exposed, did tests pass, can the organization audit the agent’s actions, and who owns the failure if the output breaks?

Budget starts bottom-up through subscriptions and credits, then moves toward team and enterprise contracts.

Value chain

The value chain has seven layers.

  1. Model supply: frontier and open models generate and reason about code.
  2. Context ingestion: the tool reads repos, docs, designs, logs, database schemas, package state, and prior prompts.
  3. Planning: the agent decomposes an app or ticket into tasks.
  4. Code generation: the system writes files, configs, schemas, tests, and deployment code.
  5. Execution: the agent runs commands in a sandbox, browser, IDE, cloud workspace, or terminal.
  6. Verification: tests, builds, previews, linters, security scans, code review, and user acceptance decide whether the output is usable.
  7. Deployment and operations: apps go live on Replit, Vercel, Bolt/StackBlitz, customer clouds, or through GitHub and CI/CD.

The important point is that code generation is a single layer. The valuable product is the loop.

Profit and control

The profit pools are upstream inference, workflow orchestration, deployment, and governance. The mix differs by segment: dev-first tools mostly sell productivity into existing engineering workflows, while app-first tools need a path from creation into retained hosting or deployment revenue: Conputer: The Business Of Vibe Coding

The app-first tools are easy to judge by the magic of the first session, but the business depends on what happens after the first session. Does the user keep the app running? Add a database? Invite teammates? Pay for deployment, domains, auth, storage, logs, and support? Conputer’s argument is persuasive because it shifts the metric from “apps generated” to “workloads retained.” That is a much better test of whether vibe coding becomes a durable software business or a very expensive demo machine.

Replit is unusually explicit about this blend. Its pricing page combines agent credits, collaboration, database rollbacks, publishing, regions, SSO/SAML, privacy controls, single-tenant environments, VPC peering, and static outbound IPs. That is not just an editor price card; it is a ladder from creation into deployment and enterprise infrastructure: Replit: Pricing

Vercel starts from the opposite direction. It already monetizes deployment, bandwidth, edge requests, firewall, team collaboration, and enterprise controls; v0 can act as a creation funnel into that existing platform. Its pricing page shows the economic shape: Pro is per-user plus usage, while Enterprise adds security, performance, observability, SLAs, and support: Vercel: Pricing

That makes the app-first field less symmetrical than it looks. Replit and Vercel/v0 have clearer paths from creation to hosted workload. Bolt appears to be moving toward a bundled app/infrastructure surface. Lovable and Emergent may still build strong businesses, but the strategic question is whether they become durable deployment systems, partner into one, or remain mostly creation layers. The first session creates attention. The hosted workload creates the annuity.

Model companies capture inference, but pure model access is not the only profit pool. Cursor can charge for the developer workflow if it understands the repo and fits into review. v0 can convert generated apps into Vercel workloads: V0 Replit can keep creation, workspace, and hosting together: Blog: Introducing Replit Agent Bolt can bundle app creation with infrastructure primitives: Bolt

Control accrues where switching costs accumulate: project history, codebase index, deployment state, tests, design systems, secrets, integrations, user feedback, and team permissions. The product that owns those surfaces can survive model churn. The product that is a prettier prompt box may be competed away.

The uncomfortable economic question is inference cost. High-autonomy agents can spend real compute planning, generating, running, failing, and retrying. Conputer calls out the dev-first version of this risk: users prefer predictable subscriptions, but vendors pay variable inference costs. That pushes the industry toward credits, effort tiers, usage limits, enterprise commitments, or hosted-app monetization: Conputer: The Business Of Vibe Coding

Incumbents and challengers

The biggest incumbents are Microsoft/GitHub/VS Code, OpenAI, Anthropic, Vercel, and Replit. They already have distribution, developer trust, enterprise channels, model access, or deployment rails.

The strongest challengers are specialized products with a wedge. Lovable has a crisp app-oriented promise for full-stack web apps. Emergent pushes a no-developer-required message for web, mobile, and agents. Bolt combines chat-based building with infrastructure. Cursor owns developer mindshare around AI-native coding. Devin owns the “AI software engineer” frame for backlog work. For Cursor/Windsurf-style tools, Conputer also flags a specific platform risk: dependence on VS Code forks makes switching easy but could become a liability if Microsoft changes the terms or competitive posture around VS Code: Conputer: The Business Of Vibe Coding

The likely losers are products and services selling commodity implementation: rigid low-code platforms, template wrappers, snippet generators, and agencies whose edge was assembling standard CRUD apps.

Regulation, verification, and governance

The near-term constraint extends beyond AI law into ordinary software accountability. Generated apps can mishandle authentication, permissions, secrets, dependencies, data storage, and logging. When the app touches regulated workflows, the EU AI Act and similar regimes raise the importance of traceability, human oversight, and risk management: European Commission

The enterprise version of vibe coding therefore needs admin controls, SSO, audit logs, repo permissions, model/privacy controls, data retention policies, and security scanning. OpenAI’s emphasis on isolated environments and task evidence for Codex is a sign that auditability is becoming a core feature: OpenAI: Introducing Codex

Cursor’s security posture shows where the category is headed. The company describes SOC 2 Type II availability, annual penetration tests, subprocessor review, privacy mode with zero-data-retention terms for model providers, enterprise SSO/SCIM, audit logs, network controls, and agent-specific security docs: Cursor: Security

Verification is where the app-first and dev-first worlds may converge. Non-engineer builders need guardrails because they cannot reliably inspect the code. Engineering teams need guardrails for a different reason: agent output can scale faster than ordinary review habits. In both cases, the winning product has to package evidence: tests run, build results, changed files, secrets touched, dependencies added, permissions requested, and rollback path. Without that evidence, vibe coding risks creating software faster than organizations can trust it.

The bear case: vibe debt

The bear case is “vibe debt.” The easier it is to generate software, the easier it is to create code nobody understands.

This risk shows up for both non-technical users and professional teams. A non-engineer may ship an app that works in a demo but fails under edge cases. A developer may accept a large agentic diff without reading it closely. A team may accumulate generated abstractions, dependencies, and tests that look plausible but do not encode the real business logic. When the app breaks, the owner has to debug the code and the invisible reasoning path that produced it.

The dangerous part is that vibe debt can look like velocity for a while. The app exists. The demo works. The backlog moves. But the hidden liabilities are familiar: unclear ownership, weak tests, unknown dependencies, sloppy permission boundaries, security gaps, and architecture that nobody would have chosen deliberately. AI does not invent those problems. It just makes it much cheaper to create them at volume.

This is why verification becomes the scarce layer. If generation gets cheap and abundant, review, tests, security, observability, rollback, and architecture become more valuable. The winning products may be the ones that make generated work inspectable enough for humans to trust: what changed, why it changed, which tests ran, what failed, what data was touched, what permissions were requested, and how to unwind the change if it goes sideways.

There is a product lesson here. One promise is “generate the app.” Another is “keep the app understandable.” A buyer can evaluate that with concrete questions: can the platform explain its own changes, preserve architectural intent, surface risk, and support rollback?

If the labs absorb more of the stack

The biggest strategic threat to specialized vibe-coding tools is not another tiny app builder. It is OpenAI or Anthropic turning the model interface into the default software-creation interface.

OpenAI’s Codex already points in that direction. It is no longer just code completion; it is a cloud software engineering agent inside ChatGPT that can work on tasks in parallel, run in isolated environments, edit files, execute tests, produce terminal-log evidence, and propose pull requests: OpenAI: Introducing Codex Claude Code pushes from the other side of the workflow, packaging Anthropic’s model as a coding agent for terminal and IDE use: Claude: Claude Code

If the frontier labs keep moving down the stack, they can compress parts of the market. A user who already lives in ChatGPT or Claude may not need a separate lightweight coding agent for simple tasks. A company already buying enterprise AI seats may prefer a lab-native agent with centralized procurement, admin controls, and model access. That is the bear case for thin wrappers. A product built mainly around model access and prompt packaging has to show why it remains useful as lab-native coding tools improve.

But the labs do not automatically win everything. Software work is full of local context. The durable wedge for specialized tools is ownership of the surfaces around the model: repository indexing, design systems, deployment state, database schema, preview environments, CI history, issue trackers, team permissions, observability, and customer-specific workflows. Cursor is stronger if it remains the place where professional developers understand and change real codebases. Replit and v0 are stronger if creation flows directly into hosted workloads. Lovable, Bolt, and Emergent need to prove they own more than the prompt-to-prototype moment.

So the labs probably raise the floor and squeeze generic tools, while increasing the value of products that own context, deployment, verification, or workflow. The practical question is which companies own the messy, persistent state around the agent after the model call is over.

Bull case

The bull case is straightforward: vibe coding expands the software market. More people can create custom tools. Engineers spend less time on boilerplate and more time on architecture, product judgment, and systems integration. Small companies reach software scale earlier. Large companies parallelize maintenance and migration work. Deployment platforms convert more ideas into hosted workloads.

In that world, creation-led and dev-early products can both win, but for different jobs. App-early tools expand the top of the funnel of software creation and need to prove that enough projects become retained hosted apps. Dev-early tools protect and accelerate the serious production base, while managing the fixed-price subscription versus variable-inference-cost tension.

What would change the thesis

The case becomes more bearish if app-oriented vendors disclose weak 30/90-day retention for generated or hosted apps, if credible security incidents cluster around non-engineer-created systems, if enterprise buyers restrict generated code, or if pricing changes and usage caps imply that inference-heavy usage has poor unit economics.

The case becomes more bullish if generated apps show strong production retention, if enterprises accept agent-written code through normal review and compliance, if verification tools keep pace with generation, and if platforms such as Replit, Vercel/v0, Bolt, Lovable, Cursor, Devin, Codex, and Claude Code convert usage into durable team workflows.

Watch next

  • App-early retention: do Lovable, Replit, Emergent, Bolt, and v0 projects become real workloads or mostly demos?
  • Pricing: does the category settle differently by segment: seats for dev productivity, credits/effort for agentic work, hosted-app monetization for builders, or enterprise contracts for governed deployments?
  • Verification: do testing, security, and audit tools become bundled requirements?
  • Lab integration: do OpenAI Codex and Claude Code collapse the need for specialized orchestration, or do they increase demand for better context wrappers?
  • Enterprise controls: which vendors become trusted enough for regulated and production systems?

Sources