AI coding agents have evolved dramatically in just 12 months—from experimental "vibe coding" to autonomous swarms. But with greater capability comes greater cost and security risks. Here's what you need to understand about the current state of the game.
At QCon London, Birgitta Böckeler from Thoughtworks delivered a keynote that every development leader should pay attention to. Her assessment of the AI coding landscape over the past 12 months paints a clear picture: the technology has matured rapidly, but so have the challenges that come with it.
The shift from "vibe coding" to autonomous coding agents is significant. A year ago, developers were experimenting with AI-assisted suggestions in a relatively hands-on way. Today, we're seeing swarms of agents operating with increasing independence — handling tasks, making decisions, and generating code at a scale that wasn't practical just months ago.
One of the most important technical developments highlighted was **context engineering**. Rather than relying on a single monolithic rules file loaded at the start of each session, tools like Claude Code now support a more modular, "lazy loading" approach — pulling in only the relevant rules and conventions based on the specific task at hand. This sounds like an implementation detail, but it's actually a fundamental shift in how AI coding agents operate and deliver consistent, high-quality output.
But here's where the conversation gets critical for teams and organisations considering deeper investment in this space:
**The cost curve is real.** Agent-based development consumes significantly more tokens and compute than simple code completion. As autonomous agents take on longer, more complex tasks, the financial overhead scales accordingly. Teams need to plan for this — both in budgeting and in defining clear boundaries for when agents should be deployed.
**The security landscape is worsening.** Greater autonomy means greater attack surface. Agents that can read files, execute commands, and interact with external systems introduce risks that traditional code review processes weren't designed to catch. Security can no longer be an afterthought in AI-assisted workflows.
For organisations navigating this shift, the message is straightforward: the productivity gains are real, but they require deliberate governance, clear cost controls, and a security-first mindset from day one.
What's your team's experience with AI coding agents so far? Are you seeing the benefits outweigh the costs and security concerns? Share your thoughts in the comments—let's discuss the real-world implications.