My Experience “Vibe Coding” an AI Chat Bot

“Vibe coding” was originally coined to describe the practice of building software using AI-generated code without formal training or software engineering skills. However, I’m increasingly seeing seasoned developers use the term to describe how they incorporate prompt engineering into their development workflows. 

I’ve been using AI to help with coding projects since 2022 and still have mixed feelings about it. I feel like the quality of AI generated code has not improved that much over the years–it still remains very inconsistent, and I feel like it’s only been helpful to me about 50% of the time. But I’m also optimistic that it will eventually get better, and I’m willing to acknowledge that I might be part of the reason why I’m not getting better results.

As a way to practice prompt-engineering, I decided to try to “vibe code” a content-aware chatbot that could answer questions about my website. Below I outline my goals of the project, how I set up the project, what I was able to accomplish and the pitfalls I came across.

Content-Aware Chat Bot using Claude AI

I built an AI chatbot WordPress plugin using Claude AI to help generate the code. Although it took some debugging—since this was new territory for me—I was able to create a working prototype in about three hours, after roughly 10 rounds of prompt iterations. Building it from scratch would’ve likely taken several more hours.

Project Setup

Before diving into development, I set up the project environment to give Cursor the context it needed to generate more accurate and relevant code. I added a .cursorrules file using a WordPress-specific template from cursor.directory, which outlines custom rules tailored to the project’s structure and coding standards. To further guide the AI, I included key documentation—such as WordPress plugin and theme development guides—so Cursor could reference best practices throughout the coding process.

The Results

You can view the source code, but if you plan to use for yourself, please continue reading and note the potential security risks of this code.

The goal of this chatbot was to generate answers based solely on content from my website. While the code generated by Claude AI worked as expected functionally, it lacked proper security measures. I had to spend several additional hours guiding it to produce code that aligned with best practices: securing the Claude API key, excluding sensitive database fields, and sanitizing input fields to prevent SQL injection attacks.

Even after addressing the known security issues, I’m still hesitant to deploy the plugin to a production environment. I’ve read accounts of AI behaving unpredictably—generating unauthorized responses or drifting from its intended purpose. I don’t yet feel confident that I fully understand the potential risks or have the expertise to catch everything that could go wrong.