The default reaction to vibe coding has been alarm — a default assumption that letting AI write large chunks of an application is going to flood production with vulnerabilities and undocumented behavior. That fear is doing as much damage as the bad code people are afraid of. Teams that freeze, ban the tools or push the work into the shadows end up with less visibility into how AI is actually showing up in their codebase, not more.
Tyler Merritt, CTO at UneeQ, joins Mike Vizard to push back on the panic and reframe the problem. Merritt’s argument is that AI-assisted development is a construction site, not a finished building — and construction sites are inherently messy. The job for engineering leaders isn’t to keep the site spotless, it’s to make sure the right safety systems, inspections and review steps are wrapped around the work that’s happening anyway.
They get into the practical mechanics of doing that. Instead of trusting any single model, Merritt makes the case for using multiple AI assistants — Claude, Gemini and others — as a kind of cross-check, where one model reviews what another produced and pulls weaknesses to the surface before they hit a pull request. Pair that with the existing toolchain (SAST, dependency scanning, code review, tests) and the AI output starts to look more like any other developer’s output: imperfect, but reviewable.
The longer-term view is more optimistic than the headlines suggest. Merritt points out that no developer wakes up wanting to ship insecure code, and as these assistants get better at understanding context, security and intent, they have a real shot at making the secure path the easy path — turning today’s messy reality into a faster, safer way of building software.