Vibe coding in legal tech: The good, the bad, and the ugly

Remember when building software required years of computer science training? Those days are over. Vibe coding is changing everything — and legal tech is at the center of the revolution. 

Coined by computer scientist Andrej Karpathy in early 2025, the term “vibe coding” describes a beautifully simple concept: tell an AI agent like ChatGPT or Claude what you want a program to do using conversational language, and the agent writes the code for you: no programming degree required.  

Within months, the term exploded— Merriam-Webster listed it as trending in March 2025, and Collins English Dictionary crowned it “Word of the Year” by December.  

Vibe coding has now spread to the legal world, with some lawyers and legal operations professionals building genuinely useful tools to solve everyday frustrations. What started as legal professionals’ weekend experiments has become legitimate innovation at some of the world’s largest law firms. 

What vibe coding actually is (and why some lawyers love it) 

At its core, vibe coding is about accepting AI-generated code without fully understanding how it works internally, much like driving a car, or taking a flight. That might sound scary (and sometimes it is….more on that later), but for many, it’s also liberating. Vibe coding exists on a spectrum ranging from completely trusting AI outputs to carefully reviewing every line, but the defining characteristic is this: the user builds software without traditional programming skills. 

For lawyers, this typically means describing a workflow problem in plain language and watching AI create a working solution. Think prompts like “Build a tool that compares two document versions and explains differences in plain English” or “Create a form that flags key client intake details for review.”  

The appeal seems obvious, on first glance: lawyers can now solve their own workflow problems without waiting for vendor roadmaps, procurement approvals, or IT resource allocation. 

The explosive (and chaotic) growth of vibe coding in legal tech

There are a few vibe coding champions in the legal profession and that number does appear to be growing. Lawyers like Jamie Tso at Clifford Chance and James Phoenix at Linklaters posted their experiments on LinkedIn and accidentally started a movement.  

Community platforms like vibecode.law emerged to showcase lawyer-built tools. Common projects include clause checkers that flag missing contract provisions, GDPR policy comparators, redline simplifiers that describe changes in plain English, and email summarizers that generate timelines from message threads. None require formal technical or deep programming skills —  just clear process awareness, problem descriptions, and iterative prompt engineering. 

Mainstream legal institutions have taken notice, too: Washington University Law School and the New York State Bar Association now offer CLE courses teaching lawyers to build software through prompting.  

The risks of vibe coding nobody wants to talk about

Vibe coding is not all sunshine and rainbows. Coderabbit’s research, published in December 2025, analyzed 470 open-source projects and found that AI co-authored code contained 1.7 times more major issues than human-written code. Logic errors were 75% more common, security vulnerabilities were 2.74 times higher, and readability issues plagued outputs. 

The legal implications extend beyond technical failures. Security researchers warn about “slop squatting” — attackers creating malicious packages with names similar to legitimate ones, knowing AI will unknowingly incorporate them into generated code. Since AI models train on open-source repositories, they may embed widespread, yet insecure, practices into your shiny new tool.  

When to vibe code and when to call the experts

Simply put, vibe coding allows you to build functional apps with minimal time investment. However, it cannot magically make you an expert in process, security, and tech management. This expertise may feel less consequential when the stakes are low (e.g. you are a solo practitioner running a 1-3 man firm and are experimenting with automation). But as the organization scales, so too do the stakes and overall risk. 

At the heart of vibe coding is the age-old conversation about “build vs buy.” The emergence of vibe coding forces a new conversation about build versus buy. According to legal tech analysts, understanding when to build custom solutions versus purchasing enterprise platforms is key – particularly when considering the ongoing maintenance that will be associated with any new technology.  

When vibe coding makes sense: 

• Quick prototypes to test whether an idea actually solves your problem 
• Personal productivity tools using non-confidential data 
• One-off utilities where commercial alternatives don’t exist 
• Learning exercises to understand what’s possible with AI 
• Proof-of-Concept (POC) demos before vendor evaluations 

When you should absolutely buy instead of build: 

• Enterprise-level applications handling confidential client data 
• Mission-critical workflows where downtime disrupts business 
• Compliance-sensitive processes requiring audit trails 
• Tools requiring integration with other enterprise systems 
• Applications requiring ongoing maintenance and security updates 

The fundamental question isn’t whether vibe coding empowers productivity — it can. The question is whether organizations can truly govern vibe coding and its outputs responsibly. Generating code and building sustainable software are not the same thing. The gap between a working demo and a production system remains vast, and AI doesn’t bridge that gap automatically. 

How legal leaders should respond

Here’s the plot twist: lawyers building their own tools isn’t a threat to enterprise software — it might be the best thing that could happen.  

When users are empowered to prototype solutions in an afternoon, they arrive at vendor evaluations with crystal-clear requirements. They know what good output looks like and how to handle ambiguity. Even if they ultimately buy rather than build a legal tech solution, the prototyping process clarifies needs in ways demos may not. 

Governance presents a challenge to legal leader because lawyers are already building tools outside firm infrastructure — hosted on personal AWS accounts and operating entirely beyond IT visibility. These tools may never touch work laptops, avoid security scans, or bypass approval workflows. Firms often don’t know they exist until something breaks or a client asks uncomfortable questions. 

Tips for smart governance: 

1. Create internal sandboxes where lawyers can experiment safely with controlled API access and logging. Give innovation a sanctioned home instead of forcing it underground. 
2. Define baseline security requirements for any AI tool: data encryption, access controls, audit trails, clear data retention. Non-negotiable baselines. 
3. Write a playbook that makes it easier to approve low-risk experiments without bypassing controls entirely. 
4. Educate on data classification so lawyers understand which data types are fair game for experiments and which are strictly prohibited. 
5. Monitor for shadow IT by watching for unusual API usage, external tool subscriptions on expense reports, and workflow workarounds. 

Embrace innovation, goverance risk

Vibe coding represents genuine democratization of software creation. The barrier between “I built something useful” and “other people can use this” has largely disappeared, and that’s exciting news for some.  

But democratization of creation doesn’t mean elimination of responsibility. Professional obligations around client confidentiality and data security don’t pause just because you’re building with AI. The code may be AI-generated, but accountability remains human. This is a critical distinction as organizations assess legal liability surrounding these tools, particularly in cases of potential malpractice.  

When vibe-coded tools fail, wehther by exposing client data, producing incorrect analysis, or breaking at critical moments. it’s the lawyer and firm that faces consequences, not the AI model. 

For legal technology vendors like Agiloft, the rise of vibe coding means responding to rising expectations in the marketplace. When users can prototype in hours, they expect platforms to deliver sophisticated functionality without months of configuration. They need platforms combining rapid deployment with enterprise-grade security, audit trails, and compliance frameworks — capabilities vibe coding simply cannot deliver at production scale. 

Ready to explore the difference between vibe-coded prototypes and enterprise-level contract management platforms? Contact Agiloft today to discover how enterprise CLM delivers the customization lawyers crave with the security and reliability they need.