AI already writes better code than a lot of people. So what's left for us? Caio and Marina break down vibe coding, this wave of building software by just talking to AI, and show why creativity became the new superpower while security became the new baseline. With real examples of bugs nobody notices and a checklist of what to review before you put anything live.
In this episode
01 The Hook: The New Way In
- Caio opens with a bold line: in vibe coding, creativity builds the system, but security decides whether it can exist in the real world. Marina reacts like 'whoa, slow down, explain that.'
- Define vibe coding without jargon: building software by talking to AI and letting it write most of the code. Mention Karpathy as the guy who named it.
- Marina asks the obvious listener question: 'so anyone can build a system now?' Caio brings concrete examples: landing page, internal CRM, automation, prototype, without mastering frameworks or databases.
- The turn: the barrier moved. It used to be technical, now it's becoming creative and strategic.
02 Why Creativity Beats Years of Coding
- Core thesis: the edge isn't knowing how to write every line anymore, it's imagining, structuring, testing, and steering the AI.
- What AI can't do alone: understand the customer's real pain, business priorities, ease of use, the product's differentiator. Caio gives a practical example of a vague request versus a well-designed one.
- Marina pokes: 'so people who coded their whole lives are screwed?' Caio shuts down the false fight, it's not creative versus coder, it's a new combination.
- Concrete point: prompting is flow design. Whoever can see the problem and explain it well to AI gets ahead.
03 The Dangerous Illusion of 'It Works, So It's Done'
- Marina describes the scene everyone's lived: it opened, saved data, looked nice, seemed done. Caio: yeah, and that's exactly where the problem hides.
- List invisible flaws AI generates easily: weak authentication, API keys leaking in the code, overly open permissions, insecure uploads, vulnerable dependencies.
- Bring in the recurring risks security analyses flag in AI-generated code: code injection, command injection, missing authentication, insecure configuration.
- The turn: a system working and a system being secure are two totally different things, and the average user can't see the difference.
04 The New Essential Skill: Knowing How to Review the AI
- Caio: the creator doesn't need to become an expert in everything, they need to ask the right questions, of the AI and of themselves.
- The checklist in plain language: does it have authentication? Per-user permissions? Does it validate incoming data? Is there logging? Backup? Rate limiting? Is any data exposed?
- Marina asks for the basics anyone can learn without being a dev: protect API keys, separate test and production, access control, review dependencies, test before going live.
- OWASP mindset without the alphabet soup: security isn't the last step, it's part of the process from day one.
05 The Professional of the Future and a Practical Close
- Sketch the ideal profile: not just the traditional coder, not just the creative with no technical chops. It's whoever combines product vision, creativity, prompting, a sense of architecture, and basic security.
- Marina sums it up in her own words to lock in the idea, Caio confirms and tweaks it.
- Practical message for the founder or leader listening: start building, but create a security review ritual before anything goes to production.
- Close with the bold line: the future of development belongs not to whoever codes best, but to whoever imagines, explains, tests, and protects best. AI turned creativity into code, now we turn that code into trustworthy software.