Moltbook shipped in January 2026 and it worked. Thirty-five thousand users. An AI-powered productivity tool, built fast, deployed faster. The Supabase API key was in the client-side JavaScript the whole time.
Wiz Research found it in February. The exposed key gave read access to 1.5 million API tokens and 35,000 email addresses. Not a sophisticated attack — the kind of vulnerability a second-year CS student learns to avoid in a web security lecture. The feature worked right up until the moment it gave every user's credentials to anyone who opened their browser's developer tools.
Andrej Karpathy, who coined the term "vibe coding" twelve months earlier, had a reaction: "It's a dumpster fire, and I also definitely do not recommend that people run this stuff on your computers."
The Year Everyone Was Building
February 2, 2025. Karpathy posted a description of his personal workflow — shipping small tools, leaning on the AI, skimming the output. "Fully giving in to the vibes," he wrote. He later called it "a shower of thoughts throwaway tweet." What happened next was not what he intended.
The tweet spread because it named something people were already doing. Forums lit up with launch posts. Hacker News threads compared the moment to the early maker movement — 3D printing had promised the same thing a decade earlier: anyone could manufacture anything, design skill optional. The comparison was optimistic about the tools and wrong about the timeline. It took the maker movement years to reveal who the actual beneficiaries were.
For several months, the vibe coding wave looked genuinely different. A domain expert who couldn't write React could ship a working prototype. A solo founder could compress a six-week agency sprint into a weekend. The tools were improving fast enough that the failure modes stayed out of sight. The features worked.
Then the features kept working, the codebases kept growing, and the wall arrived.
Functionality Flickering
Gergely Orosz, who covers the software industry at The Pragmatic Engineer, described the pattern he observed across multiple practitioners: enthusiasm, then a few months of increasing pain, then abandonment. He didn't quantify the timeline — no controlled study has measured the exact failure point — but the shape matched three incidents that did get measured.
March 2025. Alberto Acevedo launched Enrichlead, a B2B data product. Two days after launch, the first security report arrived. API keys hardcoded into the source. Subscription logic that could be bypassed without payment. A database that corrupted under load. The tool had shipped; the architecture had not.
July 2025. Jason Lemkin, a well-known venture investor, used Replit's AI agent to build a database of 1,206 executives. The agent deleted the production database. Lemkin described the failure as "95 out of 100 catastrophic" in a public post. Replit's support then misrepresented the recovery options — a secondary failure that compounded the first.
January 2026. Moltbook. The Supabase key in client JavaScript. Wiz's report.
The sequence escalated in a specific direction. Enrichlead was a small launch. The Replit incident involved a named investor's data. Moltbook had 35,000 users. Each case shared a structure: a working feature, a production environment, and a security or reliability failure that required engineering knowledge the builder didn't have.
The Terminology Shift
On February 4, 2026 — one year and two days after the original tweet — Karpathy introduced a new term: "agentic engineering." He described it precisely: "You are not writing the code directly 99% of the time, you are orchestrating agents who do and acting as oversight."
This was not a retraction. Karpathy didn't say vibe coding was wrong. He drew a distinction that the original tweet had collapsed: the difference between a personal workflow for low-stakes tools and a production methodology for software that holds other people's data.
The term "agentic engineering" centers oversight. The agent generates; the engineer reviews, understands, and takes responsibility for what ships. "Vibe coding" centers the vibe. The two practices produce different binaries and, as the incident record shows, different failure rates.
A terminology correction applied by the person who started the chain, one year out, is not coincidental.
What Gets Extracted
The cURL project shut down its bug bounty program on January 31, 2026. Daniel Stenberg, who has maintained cURL for over two decades, published the math: each security report engages 3 to 4 people on his 7-person team for 30 minutes to 3 hours per report. At roughly 2 reports per week, 20% were AI-generated noise — valid-looking submissions hallucinated from security advisories that didn't match the actual codebase. He mass-blocked 20 accounts and closed the bounty.
"We are effectively being DDoSed," he wrote.
Six to 24 person-hours per week, one report in five worthless. A program Stenberg had run for years became indefensible at the margin.
This is the extraction dynamic. The open-source infrastructure that vibe-coded applications depend on — the HTTP libraries, the authentication packages, the database clients — absorbs the maintenance burden that the application layer doesn't pay for. A tool built over a weekend on someone else's library adds no obligation to maintain that library. The maker movement had its version of this: a wave of consumer hardware manufacturers built on open-source firmware without contributing back. The projects survived because a small number of maintainers held on.
Stenberg held on. He just stopped absorbing the noise.
The Skill Ladder Paradox
Addy Osmani, Chrome's engineering director, published a taxonomy that cuts through most of the discourse. "Vibe coding" — his definition — is building without reviewing generated output. "AI-assisted engineering" is building with AI tools while retaining human oversight. Every verified incident in the past year falls into the first category. Most documented successes fall into the second.
The paradox is structural. The people who succeed with AI-assisted engineering are, by definition, the people who already know enough to review the output — who can spot a hardcoded credential, who understand what a Supabase key with read access actually means, who know to ask whether the agent's database deletion is recoverable before celebrating the shipped feature.
The tools were marketed as accessible to people without that knowledge. Bubble.io, whose user base skews non-technical, published a figure: 9% of their users deploy to business-critical production environments. The other 91% are building internal tools, prototypes, and personal projects where the failure surface is contained.
That 9% figure is not a failure rate. It's a self-selection rate. The market has already sorted itself: people without engineering background are, in aggregate, not deploying vibe-coded tools to systems that matter. The failures in the incident record came from the zone between — builders with enough confidence to launch and not enough background to audit what they launched.
The ladder was already there. The tools made it easier to start climbing without knowing you were on a ladder.
Who Captures the Value
The original promise was maker-movement democratic: anyone could build. The 3D printing wave made the same promise in 2012. A decade later, the value had concentrated in two places: the platform companies (the hardware manufacturers, the filament suppliers, eventually the closed-ecosystem players) and the professionals who used the hardware as a serious production tool. The hobbyist wave generated momentum, community, and legitimizing energy. The financial returns landed elsewhere.
The parallel holds. The companies selling API access and IDE subscriptions captured recurring revenue from the wave. The experienced engineers who used AI tooling with discipline reported genuine productivity gains — Orosz documented this pattern, Osmani documented it independently. Both groups benefited from the moment.
The maker who shipped Enrichlead in March 2025, the executive who lost his database in July 2025, the 35,000 Moltbook users whose credentials were exposed in January 2026 — each one generated a case study and a lesson they didn't know they were paying for.
Karpathy's correction lands here. "Agentic engineering" requires the oversight layer. Oversight requires knowing what you're looking at. That knowledge isn't the AI's to provide — it's the engineer's to bring. The tools got faster. The ladder didn't get shorter.
What the Three-Month Wall Actually Is
The wall is not a calendar event. It's the moment when the complexity of the codebase exceeds the builder's ability to reason about it without engineering background. For a prototype held together by prompt engineering and optimism, that moment comes when the first production incident arrives and the builder doesn't know how to read the stack trace.
Orosz observed the shape. The incidents document the shape. Neither constitutes a controlled study, and the "$1.5 trillion in technical debt by 2027" figure circulating in the discourse cannot be traced to a primary source — so it isn't here.
What is here: three verified incidents in nine months, an escalating failure surface, a nomenclature correction from the person who started the chain, and an open-source maintainer who shut down a program he'd run for years because the noise-to-signal ratio became indefensible.
The Moltbook feature worked in January. It worked the same way Enrichlead worked in March 2025 and Lemkin's executive database worked in June 2025 — until the thing it was built on top of became visible, and the builder had no frame for what they were seeing.
The features were never the hard part.