From Vibe Coding to Agentic Engineering: How AI Is Redefining the Engineer‑Architect Boundary

Andrej Karpathy’s 2026 Sequoia AI Ascent interview revisits his 2025 “Vibe Coding” tweet and introduces the broader concept of Agentic Engineering . The discussion moves from fast code generation to embedding AI agents throughout the software‑engineering pipeline with reliable delivery, verification, and governance.

From Vibe Coding to Agentic Engineering

Vibe Coding lowers the barrier for small tools, prototypes, and low‑risk scripts, enabling developers to produce functional software in an afternoon. Addy Osmani’s February 2026 article “Agentic Engineering” distinguishes Vibe Coding (ideal for prototypes) from Agentic Engineering, which requires specifications, task breakdown, PR‑style review, testing, and CI. The GLM‑5 paper “from Vibe Coding to Agentic Engineering” (Feb 2026) confirms the shift toward long‑context models, asynchronous reinforcement learning, and real‑world software‑engineering tasks.

Software Evolution

Software 1.0 : Hand‑written code executed by deterministic machines.

Software 2.0 : Neural‑network era where data, objectives, and training replace explicit rules; model weights become part of the software.

Software 3.0 : Large‑language‑model era where prompts, context, tools, and execution environments are first‑class design materials.

Agentic Engineering Control Plane

Context Control : Define what the agent can see and what must be hidden.

Spec Control : Express task goals, constraints, and acceptance criteria.

Tool Control : List which tools/APIs the agent may invoke and constrain parameters.

Permission Control : Distinguish actions allowed outright from those requiring human approval.

Runtime Control : Isolate the execution environment, enforce quotas, and enable recovery.

Verification Control : Validate results through tests, static analysis, and custom evaluators.

Audit Control : Record what the agent did, why, and its impact.

Cost Control : Budget token usage, model calls, tool invocations, and retries.

The goal is not to lock agents away but to provide a structured “control plane” that lets them operate safely within a larger development workflow.

Verification Levels for Agent Tasks

L1 : Statically checkable output – high suitability.

L2 : Compilable and testable code – high suitability.

L3 : Passes integration tests – relatively high suitability.

L4 : Involves business rules and state changes – requires approval and audit.

L5 : Touches finance, identity, permissions, or data deletion – strict governance needed.

L6 : Strategic, legal, or organizational decisions – human‑led.

Building a verification pipeline moves agents from “help me write a snippet” to “help me complete an end‑to‑end engineering task”.

Risk & Safeguard Matrix

Hallucination execution → pre‑execution tool validation.

Incorrect code changes → branch isolation and code review.

Accidental data deletion → sandbox and read‑only default permissions.

Wrong deployment → canary releases, rollback, and approval workflow.

Identity or financial mix‑up → stable IDs and domain‑model constraints.

Prompt injection → separate private data, untrusted input, and outbound communication.

Cost runaway → token limits, budget caps, and model routing policies.

Untraceable actions → full audit logs and provenance chain.

Simon Willison’s “lethal trifecta” (access to private data, untrusted input, and external communication) illustrates how combining these capabilities can create high‑impact failures.

Concrete Example: MenuGen

Karpathy built a MenuGen app that photographed a menu, generated dish images, and re‑rendered the menu. He later realized a multimodal model could take the original photo and directly output the modified menu image, eliminating the entire intermediate pipeline. The story warns architects that any middle‑layer that merely wraps model capability may be swallowed by future model improvements.

Payment‑ID Mismatch Illustration

An agent matched a Stripe email to a Google login email and attached credits to the wrong user. The code compiled and passed local tests, yet the business logic was incorrect. This demonstrates that syntactic correctness does not guarantee semantic correctness without explicit domain verification.

“Sawtooth” Intelligence

A state‑of‑the‑art model refactored 100 k lines of code and found a zero‑day vulnerability, yet answered a simple question about walking versus driving to a 50‑meter‑away car wash by saying “walk”.

The uneven capability distribution means engineers cannot assume future models will automatically cover all needed tasks; targeted data, reward shaping, and verification environments remain essential.

AI‑Native Engineer Interview Shift

Karpathy argues that traditional algorithm‑puzzle interviews no longer reflect the skills needed for Agentic Engineering. He proposes giving candidates a large, security‑critical project (e.g., an Agent‑driven Twitter clone) and evaluating their ability to define specifications, orchestrate multiple agents, assess security risks, set up testing, and manage audit trails.

Agent‑Native Infrastructure Building Blocks

Agent‑readable Docs : Docs become executable instructions for agents.

Tool Registry : Agents know which tools exist and how to invoke them.

Permission Gateway : Controls what agents may do.

Execution Sandbox : Isolates agent actions and limits impact.

Verification Pipeline : Runs tests, rules, and evaluators on agent output.

Audit & Cost Ledger : Records actions, costs, and side effects.

These components move infrastructure from a human‑centric UI (chat boxes in IDEs) to a machine‑readable, controllable layer that agents can safely interact with.

Key Takeaways

Vibe Coding is valuable for personal scripts and low‑risk prototypes but does not provide the architectural, testing, and security guarantees required for production systems.

Agentic Engineering addresses context, permissions, tool access, verification, rollback, and audit for reliable delivery.

Verification layers determine how far agents can be trusted; without them, Agentic Engineering collapses to an advanced Vibe Coding scenario.

Architects may need to shift focus from modules and interfaces to the environment in which agents operate safely.

References

Karpathy interview video: https://www.youtube.com/watch?v=96jN2OCOfLs

Karpathy Vibe Coding tweet: https://x.com/karpathy/status/1886192184808149383

Karpathy one‑year‑later Agentic Engineering tweet: https://x.com/karpathy/status/2019137879310836075

Addy Osmani, “Agentic Engineering”: https://addyosmani.com/blog/agentic-engineering/

GLM‑5 paper: https://arxiv.org/abs/2602.15763

Simon Willison, “The lethal trifecta for AI agents”: https://simonwillison.net/2025/Jun/16/the-lethal-trifecta/

Code example

.claude