Something fundamental is shifting in how software gets built. For the first time in the industry’s history, the ability to create applications no longer sits behind years of computer science training or a specialised engineering degree. Low-code environments, No-code platforms, AI-generated code and vibe coding have arrived together and they are reshaping who gets to participate in digital creation.

The consequences, I believe, will be simultaneously transformative and destabilising. That tension will define enterprise technology for the next decade.

The Scale of the Shift

The market data is unambiguous. Gartner forecast in 2021 that by 2025, 70% of new enterprise applications would be built on low-code or no-code platforms, up from less than 25% in 2020. The firm attributed this shift directly to the rise of citizen development and the structural inadequacy of traditional IT delivery. In a separate projection, Gartner estimated that 80% of technology products and services would be built by professionals outside IT by 2024, driven by the proliferation of low-code tooling and AI-assisted development. The firm’s most recent market forecast projects the low-code segment reaching $58.2 billion by 2029, with agentic AI and citizen development cited as the primary growth drivers.

The vibe coding wave has accelerated these dynamics sharply. Y Combinator CEO Garry Tan told CNBC in March 2025 that for roughly a quarter of the accelerator’s Winter 2025 cohort, 95% of the code was written by AI. Managing partner Jared Friedman, speaking to TechCrunch, was precise about the methodology: the figure excluded imported libraries and counted only core application code written by humans versus AI. Collins Dictionary named vibe coding its Word of the Year for 2025, a signal that the practice has moved from engineering subculture into mainstream awareness faster than any regulatory or educational framework could follow.

The Genuine Upside

The benefits of this shift are real and worth stating plainly before examining the risks.

Domain experts who previously waited months in IT backlogs can now build the tools they need directly. Same is for a logistics manager who understands routing inefficiencies better than any external developer or a nurse who sees gaps in patient intake daily. These professionals can now act on that knowledge without translation or delay. This is not simply a cost efficiency argument. It represents a fundamental reallocation of creative agency toward the people closest to the problems worth solving.

Vibe coding adds a further dimension for rapid experimentation. Garry Tan’s observation to CNBC captured this concisely: companies in the YC Winter 2025 batch were reaching $10 million in revenue with teams of fewer than ten people, a capital efficiency that would have been structurally impossible a decade earlier. The barrier between having a product idea and having a working prototype has collapsed.

A Mountain of Scrap in the Making

Here is what I think nobody wants to say plainly: more builders means more building, but not necessarily more good building.

When millions of non-technical users create applications without architectural oversight, security training or long-term thinking, several distinct crises begin to converge.

The first is application sprawl. MuleSoft’s 2025 Connectivity Benchmark Report, drawn from interviews with 1,050 IT leaders worldwide, found that the average enterprise runs 897 applications while successfully integrating only 29% of them. As citizen development scales, that figure climbs without a corresponding improvement in integration. Teams build tools, tools get abandoned and institutional knowledge of what exists, where data flows and who is responsible disperses with staff turnover. Deloitte cautioned directly that without governance frameworks, citizen developers treat application creation like document editing, generating significant technical debt and enterprise security risk at scale.

The research on AI-generated code quality is sobering. In an August 2025 survey of 18 CTOs, 16 reported production disasters directly caused by AI-generated code, according to Google engineering lead Addy Osmani, who characterised the broader dynamic bluntly: AI tools risk turning junior developers into prompt engineers and senior engineers into code janitors. A peer-reviewed study published on ArXiv in December 2025, drawing on field observations and surveys of 99 experienced developers, confirmed what senior engineers have long understood: professionals do not vibe. They plan before implementing, validate every output and retain architectural control throughout. The incoming wave of citizen developers has not learned this discipline and, in many cases, does not know it is needed.

The open source ecosystem is already registering the strain. InfoQ reported in February 2026 that cURL maintainer Daniel Stenberg shut down the project’s six-year bug bounty programme after AI-generated submissions reached 20% of the total, with the valid-submission rate collapsing to 5%. Mitchell Hashimoto banned AI-generated code from Ghostty entirely. RedMonk analyst Kate Holterhoff described the pattern as “AI Slopageddon.” These are not isolated reactions from conservative maintainers. They are structural responses to a quality problem that scales with the number of people generating code without understanding it.

The Build-or-Buy Calculus, Rewritten

For decades, the build-or-buy decision in enterprise software followed a stable logic. Organisations purchased commodity functions and built proprietary systems where genuine differentiation existed. The practitioner shorthand captured it neatly: buy for parity, build for competitive advantage.

Democratisation is disrupting that calculus in more than one direction at once. The case for buying commodity software has strengthened considerably. Harvard Business Review has observed that organisations consistently overestimate how distinctive their requirements truly are, a cognitive bias that drives substantial unnecessary custom development. When any team can deploy a functional workflow in days using a no-code platform, the justification for building standard functions from scratch becomes increasingly difficult to sustain.

At the same time, the accessibility of building has made the attempt more tempting for the strategic layer. McKinsey found that companies building digital assets aligned with their core operations achieve 20% to 30% higher profit margins than peers. Netflix built its recommendation engine, which now accounts for 80% of its viewership. When the cost of attempting drops, the argument for protecting a genuinely differentiated process in proprietary code becomes easier to make — and easier to act on impulsively.

The more consequential shift, however, is that the binary question is becoming the wrong frame entirely. Leading CIOs now argue that the era of assembled, AI-orchestrated architectures demands a different approach: enterprises are purchasing foundation models, adopting vendor-provided domain agents, building their own workflows and connecting everything through shared governance rails. The model I find increasingly compelling is “buy the context, build the core” — an API-first architecture that purchases commodity layers aggressively and reserves custom development for the narrow band where genuine intellectual property resides.

The irony that emerges from all of this is precise: the cheaper building becomes, the more consequential the judgment about what to build. Strategic discernment, not technical access, is becoming the scarce resource.

Governance as the Differentiator

What I find most underrated in this conversation is that the organisations positioned to win the democratised development era are not those with the most tools or the fastest deployment cycles. They are those with the clearest governance posture.

McKinsey’s Global Tech Agenda for 2026, drawn from a survey of more than 600 C-level executives conducted in late 2025, found that top-performing organisations are distinguished precisely by technology leaders who are deeply involved in shaping enterprise strategy rather than managing infrastructure. Half of all CIO respondents planned to increase technology budgets by more than 4% in 2026, with the highest performers investing at more than twice that rate.

What Gartner terms a Centre of Excellence captures the governance model taking shape in practice: a structured framework that establishes guardrails without functioning as a bureaucratic barrier. In practice this requires a clear taxonomy distinguishing experimental applications (disposable by design), departmental tools (maintained with oversight) and enterprise-critical systems (fully governed). It requires mandatory security review before any citizen-built or AI-generated application reaches production, and lifecycle policies that assign each application an owner, a review date and a retirement process, so that ungoverned software gets decommissioned rather than left to fail quietly under load.

The Southwest Airlines operational collapse of December 2022 remains the most cited reference point in this conversation. The company’s crew scheduling system, built in the 1990s and never adequately modernised, failed under the pressure of winter storm Elliott, producing 16,900 flight cancellations and costing more than $800 million. The system had not been vibe-coded. But its fate illustrates precisely what accumulates when technical debt goes ungoverned until the underlying fragility becomes catastrophic. The citizen development era will produce this dynamic at a far greater frequency and a far smaller scale per incident — which makes it harder to see coming and harder to attribute clearly once it arrives.

The metaphor I keep returning to is the printing press. It democratised writing and produced an explosion of knowledge. It also flooded the world with pamphlets nobody read and misinformation that took centuries to correct. The tools of democratised development are already here. The infrastructure of responsible development is still being constructed.

Implications Across the Landscape

For business leaders, the governance investment must precede scale rather than follow it. The efficiency gains from citizen development are real but reversible. A single compliance incident from an ungoverned application can erase years of accumulated savings, and the CIOs planning significant budget increases in 2026 face a consequential allocation decision about whether governance sits inside that number or remains a future concern with asymmetric downside.

For product and technology leaders, the build-or-buy decision has become simultaneously more accessible and more dangerous. The correct frame, as CIO.com’s December 2025 analysis concluded, is no longer binary. The organisations succeeding today are assembling rather than choosing, buying what is commoditised, building what is genuinely core and connecting both through governance rails that allow either component to be replaced without catastrophic disruption.

For professional developers, the shift represents an elevation rather than a displacement. The ArXiv study of 99 experienced engineers found them embracing AI agents as productivity amplifiers while retaining rigorous control over design and validation. Architectural oversight and governance expertise are the skills that prevent the code janitor outcome, and both are in short supply relative to the demand that democratised development is creating.

For educators and policymakers, vibe coding’s status as Collins’ Word of the Year for 2025 signals a cultural adoption rate that has already outpaced any corresponding educational or regulatory response. The curricula now needed are those teaching not only how to build software but when building is the right choice, how to sustain what gets built and what responsible digital creation looks like when practised at the scale of millions of concurrent non-professional practitioners.

What Comes Next

The organisations that emerge from this transition with durable advantage will not be those who distributed the tools most widely or built the most applications. They will be those who developed the strategic discipline to distinguish what merits building from what should be bought, and the governance discipline to ensure that what does get built does not eventually bury them.

More builders, more software, more possibility. More scrap. The ratio between the last two terms is the variable that matters, and it will be determined not by the tools available but by the judgment and governance surrounding their use.

Everyone Can Build Software Now. That is the Problem! was originally published in Mind In The Loop on Medium, where people are continuing the conversation by highlighting and responding to this story.