Agentic engineering refers to a structured way of working with AI agents capable of modifying code, running tests, and preparing changes. The difference from vibe coding is simple: vibe coding speeds up exploration, agentic engineering secures delivery. For an SMB project, this mainly changes the risks, validation timelines, and maintenance budget.
Agentic engineering: what the term really covers
Agentic engineering, or agentic software engineering, does not mean “letting AI code in your place.” It means organizing the work between humans and AI agents, with objectives, constraints, tests, human review, and a record of what was done.
An AI agent is software capable of carrying out several actions to achieve a goal: reading a Git repository, modifying files, running a command, creating a pull request, or even calling an external service. In May 2025, OpenAI launched Codex in research preview, GitHub put Copilot coding agent into public preview, Google announced Jules in public beta, and Anthropic made Claude Code generally available. So this is no longer a laboratory hypothesis.
The real breakthrough is not that AI writes code. Assistants have already been doing that since GitHub Copilot in 2021. The breakthrough is that AI enters the production workflow: tickets, branches, tests, linters (automatic code checking tools), reviews, continuous integration.
Vibe coding: excellent for exploring, fragile for delivery
“Vibe coding” was popularized by Andrej Karpathy in early 2025 to describe a practice where AI is asked to produce code in natural language, broadly accepting its proposals without looking too closely at the details. Collins even made it its 2025 word of the year, defining it as the use of AI, guided by prompts, to help write informatics code.
For a business leader, the appeal is obvious. An idea can become a mockup in a few hours. A form, an internal script, a demo page, or an application prototype can come out quickly, sometimes for a few hundred euros of human time if the scope remains very limited.
But the trap is subtle. A demo that works in front of three users is not necessorily a solid foundation for a product that will need to handle Stripe payments, personal data subject to the GDPR, access rights, or scaling up. The hidden cost comes later: technical debt (code that is difficult to evolve), security flaws, functional inconsistencies, and a lack of tests.
On the projects we lead, we often see the same scenario: the AI prototype impresses at first, then the team discovers that the architecture has to be reworked before adding serious business features. At that stage, it is sometimes better to start over cleanly rather than patching things layer after layer.
The difference that matters: intent, control, and proof
Vibe coding starts from a vague intention: “build me an app that lets you…” Agentic engineering starts from a framework: requirements, business rules, security constraints, execution environment, testing strategy, and acceptance criteria.
This difference seems theoretical. It is not. If a GitHub Copilot agent works in a secure GitHub Actions environment, as GitHub described in May 2025, it can handle an issue, run the tests, push a branch, and request a review. The human no longer checks only “does it work on my screen?” but “does the change comply with our rules and can it be delivered without breaking the rest?”
Google Jules, announced in public beta in May 2025, follows the same asynchronous logic: reading code and carrying out tasks such as writing tests or correcting bugs. Claude Code, for its part, added background tasks via GitHub Actions and native integrations with VS Code and JetBrains. Cursor 1.0 also announced in June 2025 BugBot, access to Background Agents, and one-click MCP installation.
MCP, or Model Context Protocol, is specifically used to connect AI agents to context sources: files, databases, internal tools, documentation. To understand this building block, a detour through the role of MCP in connecting AI agents to data helps distinguish a simple chatbot from an agent integrated into the information system.
| Approach | Relevant use case | Realistic timeline | Indicative budget in France | Main risk |
|---|---|---|---|---|
| Vibe coding alone | Prototype, demo, disposable tool | 1 to 5 days | Around €500 to €3,000 depending on support | Code difficult to maintain |
| Supervised AI assistant | Accelerated traditional development | 2 to 8 weeks | Often €5,000 to €30,000 for a simple MVP | Variable quality if review is weak |
| Agentic engineering | Scalable product, team, debt to keep under control | 4 to 12 weeks to define and deliver an initial foundation | More like €15,000 to €60,000 depending on scope and requirements | Poor framing of constraints |
What this changes for your budget and timelines
Vibe coding gives the impression of reducing the budget because it quickly produces something visible. That is true at the exploration stage. Honestly, to test an idea in front of investors or validate a user journey, this approach can be very cost-effective.
The limitation appears as soon as the software becomes a company asset. A business application, a client portal, or an e-commerce platform must survive changes: a new billing rule, a new payment provider, a mobile redesign, GDPR requirements, correction of a vulnerability. If the code was accepted without a strategy, every change becomes slower.
Agentic engineering costs more at the start because it requires planning. You define what the agent can modify, how it must test, which commands it can execute, who validates, and what records remain available. This work can represent anywhere from a few days to two weeks before the first visible features even appear.
In return, delivery becomes more predictable. Agents can handle isolated tasks while developers focus on complex trade-offs: architecture, security, user experience, critical dependencies. The gain is not magical, but it can be significant for repetitive corrections, writing tests, and bringing small modules up to date.
The guardrails to require before entrusting code to an agent
An agent that can modify files is useful. An agent that can modify files, access secrets, and deploy to production without oversight is dangerous. The distinction is fundamental for an SMB.
- Limit access: no production keys, no real customer database, no broad default permissions.
- Work on separate Git branches, with mandatory pull requests and human review.
- Require automated tests: unit, functional, or at minimum non-regression tests on sensitive user flows.
- Document constraints: GDPR, user roles, payment rules, data retention, logs.
- Track decisions: which issue was handled, by which agent, with which files modified, and which tests were run.
- Provide an isolated environment, for example via GitHub Actions, a Docker container, or dedicated cloud infrastructure.
These precautions align with the orientations of recent work on agentic engineering. The arXiv paper “Agentic Agile-V,” published in May 2026, notably emphasizes the value of requirements, constraints, traceability, independent verification, and human approval. Put simply: the more AI acts, the more explicit the framework must be.
Security must not be treated as an afterthought. A poorly configured agent can copy a vulnerable dependency, expose a token (secret key), or modify an access control without understanding the business impact. For an SMB, the risk is not only technical: it affects conformité, reputation, and sometimes business continuity. The same reflexes apply to broader AI topics, especially those covered by AI Act compliance for SMBs using ChatGPT and Claude.
When vibe coding remains the right choice
Not everything deserves a factory of tests and agents. A landing page mockup, a one-off import script, or a disposable prototype can very well be produced with vibe coding, provided you accept that they will not be industrialized as-is.
The wrong decision would be to automatically transformer a prototype into a product. It’s tempting, because you already have something that works. And yet, that’s often where the trouble begins: no robust data model, approximate error handling, minimal security, dependencies chosen at random.
To get started properly without overinvesting, a reasonable approach is to separate two phases. First, explorer quickly with AI, possibly in VS Code or Cursor. Then decide what deserves a proper rewrite. If you want to frame this first phase, a methodical start to vibe coding with VS Code already helps avoid the most obvious mistakes.
How to choose for a web or mobile project
The right trade-off depends less on the technology than on the level of risk. An internal application used by five people does not call for the same requirements as a SaaS platforme with subscriptions, personal data, and customer support.
On the agency side, the reflex is to classify the project according to three questions: what happens if the software breaks down, what happens if the data leaks, and how much will an evolution cost in six months? These answers orient the level of control to put around the agents.
For a WordPress showcase site, AI can speed up the production of components, structured content, or integration scripts, but the value still lies in SEO, performance, accessibility, and maintenance. For a React Native, Flutter, or native iOS/Android mobile application, agentic engineering becomes more interesting as soon as tests must be maintained, APIs managed, and multiple versions tracked.
The choice of technical foundation still carries weight. An agent does not compensate for poor JavaScript architecture, a poorly chosen runtime, or accumulated debt. If your project relies on Node.js, Bun, or Deno, the trade-offs described in choosing a JavaScript runtime in 2026 still applies, with or without AI.
Another point that is often overlooked: hosting. OVHcloud, Scaleway, AWS, or Google Cloud do not raise the same questions about costs, data location, logging, and environment isolation. Cloudflare can also play a role in DNS protection, caching, or certain security rules. The agent must work within this framework, not outside it.
Defining this type of project upfront helps avoid most unpleasant surprises: unclear scope, a prototype that is impossible to maintain, an overly free agent, or missing tests. This is often when an outside perspective saves time, because it transformes an AI promise into a controllable delivery method.
FAQ on agentic engineering and vibe coding
Will agentic engineering replace developers?
No, it mostly shifts their role toward framing, verification, architecture, and product decisions. Agents perform better at borned tasks than at ambiguous business trade-offs.
Is vibe coding dangerous for an SME?
Not if it is used to prototype or test an idea. It becomes risky when the generated code is put into production without review, without testing, and without access controls.
Which tool should you choose between Codex, Claude Code, Jules, Cursor, and Copilot?
The choice mainly depends on your environment: GitHub, VS Code, JetBrains, Google Cloud, or internal workflows. Compare permissions, test integration, traceability, and ease of review before the perceived quality of the responses.
How long does it take to implement an agentic approach?
For a small team, often allow one to two weeks to define the rules, isolate the environments, connect the tests, and train the developers. A complex product will instead require several iterations.