This is a segment from the Lightspeed newsletter. To read full editions, subscribe. If you want to build in Web3, you’ve pretty much always needed to know how to code. Not necessarily at an elite level, but at least a baseline understanding. That plus lots of late nights, semicolon-heavy syntax, compiler errors, and a burly stack of ever-open documentation tabs. The technical barrier was part of the “chewing glass” culture. Gatekeeping, maybe, but also a necessary filter in an ecosystem where one misplaced line in a smart contract could drain a treasury. That filter is eroding fast these days, however. Brace yourselves, friends. We’ve now entered the era of vibe coding. The term, coined by computer scientist Andrej Karpathy, refers to a novel AI-native coding style where developers (and perhaps more importantly, non-developers) describe what they want and, at the click of a button, an LLM generates a working iteration of their request. Tools like Cursor, Dev.fun and Poof.new are already lowering the floor, turning ideas into dApps with a few lines of stumbling prose. A Poof co-founder told Lightspeed that vibe coders have created over 2,000 apps on the platform since its open beta started on Thursday. But, of course, there’s a dark side to every moon. Because if it’s easier than ever to build something legitimate, it’s also easier than ever to build something that only has the appearance of legitimacy. The ICO boom of 2017 gave us a glimpse of this dynamic. Once the profit motive was clear, hundreds of anonymous teams emerged from the woodwork to spin up faux white papers and (usually crap) landing pages. They promised revolutionary tech, launched tokens, raised millions…and vanished into vapor. Now imagine that, but times infinity. Imagine some clown throwing up an LLM-generated codebase, a slick AI-generated branding package, wholly-believable GitHub activity, a world-class website UI with Web3 login, and then getting his fake chatbot founders to do some live AMAs. Honeypot contracts with backdoors phishing sites that buoy authentic functionality as an indicator of legitimacy…Mint buttons that seed approvals you don’t notice ‘til your wallet is drained…The potential for bad actors runs deep. Once things really get going, reputation systems and persistent identities will likely be the only hope we have of ever trusting another product. Proof-of-humanity systems, social graphs and third-party attestations will form the backbone of trust in an AI-coded world in Web3 and beyond. We’ll need open auditing tools built for non-coders, and sandbox environments that simulate contract behavior before anything hits mainnet. Smart contract registries could begin to mirror app store models, with verified publishers, community ratings, and AI-generated trust scores.