Vibe Coding Isn't Software Development
Vibe coding feels magical in demos, then breaks on contact with real systems.
What AI Changed About Software IP
6 min read
AI Did Not Kill Software IP
24.04.2026, By Stephan Schwab
Leaders are right to worry about developers pasting sensitive material into consumer AI tools. Customer confidentiality, security details, and contractual obligations did not vanish when code generation got cheap. What did vanish is the old illusion that every private codebase is a strategic moat. AI forces a distinction many companies avoided for years: between what is genuinely sensitive and what is merely expensive to rewrite.
The fear is not stupid.
If your company handles regulated data, signed statements of work, unreleased product plans, or security-sensitive infrastructure, careless use of public AI tools creates real exposure. A breach of confidentiality is still a breach of confidentiality, whether the disclosure happens in an email, a Slack message, or a prompt window.
The nonsense starts when that reasonable concern expands into something bigger and lazier: the belief that the entire repository is sacred because the entire repository is the moat.
That story was already weak before AI. Now it is harder to maintain with a straight face.
Closed Source Was the Old Religion
Closed source used to signal seriousness. Often it just hid ordinary software behind expensive silence.
There was a time when open source was treated as unserious. Closed source was the adult position. If you published code, people assumed you had surrendered your advantage.
That belief shaped contracts, company culture, and a lot of executive paranoia. NDAs were handed around like holy water. Private repositories felt like vaults. Architects talked about proprietary algorithms as if every internal rules engine were the second coming of Bell Labs.
Some of that caution made sense. Most of it bundled together very different things:
- customer confidentiality
- trade secrets
- copyrighted source code
- undocumented operational knowledge
- ordinary business logic
Those are not the same asset.
They do not deserve the same level of protection, and they certainly do not create the same level of strategic advantage.
Copyright Protects Code, Not Magic
Novelty is patent language. Copyright asks whether the code is original expression, not whether the idea is new.
Lawyers have spent years arguing about software and copyright, often with one unhelpful detour: novelty.
Novelty is mostly the language of patents. It is not the core test for copyright.
For software, the more useful question is originality.
In the United States, source code can be protected by copyright as expression. In Europe, computer programs are protected by copyright as literary works. German law says a computer program is protected when it is the result of the author’s own intellectual creation. The EU directive uses the same basic standard.
That sounds technical. The practical point is simple.
The concrete expression in code can be protected. The underlying idea cannot. Logic, methods, principles, and algorithms as such are not protected by copyright.
That matters because companies routinely talked about proprietary algorithms when what they actually had was one part copyright, one part trade secret, and three parts mythology.
If you built something genuinely patentable, fine. Most companies did not. They had software. Some of it good. Some of it ugly. Most of it inseparable from years of changing requirements and late-night compromises.
AI Changed the Economics, Not the Obligations
AI collapsed the distance between intent and implementation. That changes how fast teams can produce code. It does not change contractual duties, confidentiality obligations, or trade-secret law.
You still have to protect customer data.
You still have to protect security details.
You still have to protect truly differentiated methods that would damage the business if handed to a competitor.
What AI changed is the credibility of the old claim that the code itself was usually the moat.
When a capable developer can recreate ordinary scaffolding, routine CRUD, and standard integration code in hours, the strategic value of keeping that code secret looks smaller than many executives were taught to believe.
That does not make code worthless. It makes lazy talk about IP easier to expose.
Vendor Risk Is Real, but Specific
The first question is not “AI yes or no.” The first question is “consumer tool or commercial contract?”
This is where the conversation gets serious.
If you read the public terms instead of recycled panic on LinkedIn, you find a split that leaders should have classified long ago.
Consumer tools and commercial offerings are not governed the same way.
GitHub’s public terms say data collected from GitHub Copilot Free may be used for model training where permitted and allowed in settings. GitHub also makes clear that Copilot may collect prompts, suggestions, code snippets, and usage data depending on the service and settings. Business and Enterprise use are handled under separate product-specific customer terms and governance controls.
Anthropic draws a similar line. Its consumer terms allow use of materials to improve services and train models unless the user opts out, with feedback and safety review as important exceptions. Its commercial terms say customer content from Team, Enterprise, and API services is not used to train models by default. Claude Code documentation follows the same split between consumer and commercial use.
That is not legal trivia. That is the difference between competent governance and cargo cult bans.
If your policy says only “do not use AI,” your policy is lazy. If your policy says “consumer tools are prohibited for confidential work, approved commercial tools require review of training, retention, telemetry, and processor terms,” now you are behaving like adults.
That is governing without control.
What Still Deserves Protection
Confidential is not the same as differentiating. Some things must stay secret even when they are not your moat.
This is where sober leadership matters.
Some information deserves strong protection because disclosure would violate trust, contracts, or law. Some information deserves protection because it creates genuine economic advantage. Those are overlapping categories, not identical ones.
Protect these things with discipline:
- customer data and customer-specific workflows
- unreleased pricing, deal terms, and acquisition plans
- security architecture, credentials, and incident details
- novel methods tied to proprietary data and repeatable learning loops
- internal datasets that competitors cannot easily recreate
- prompts, artifacts, or evaluation suites that encode scarce domain judgment
And yes, use NDAs where they fit.
But an NDA does not turn mediocre software into a moat. It creates obligations. It does not create strategic differentiation by magic.
What Never Was Much of a Moat
Ordinary application code.
Framework wiring.
Validation logic.
Glue code between a database and an API.
Routine business workflows that any competent developer can understand once the domain is explained.
None of that becomes impressive because it sits behind a login screen and a nervous legal department.
Many companies mistake replacement cost for strategic value. Those are not the same thing.
It may take months to rebuild your system from scratch. That does not mean the system contains months of unique advantage. It may simply contain months of accumulated work.
There is a difference.
The Better Question for Leaders
The old question was: how do we stop competitors from copying our code?
The new question is: how do we stop sensitive material from leaking into systems we do not control?
Both questions matter. Neither should be answered with nostalgia.
If your competitive edge disappears because a model vendor might have seen your CRUD handlers, configuration files, and standard service layer patterns, your edge was never in the code alone. It was in customer access, proprietary data, domain judgment, speed of learning, and the ability to ship useful software repeatedly.
That is the uncomfortable point. It is also the useful one.
Read the contracts. Classify the information. Separate consumer AI from commercial AI. Separate confidential material from routine implementation. Separate real trade secrets from the memory of a time when closed source felt like enough.
Protect what is genuinely sensitive.
Stop pretending every private repository is a crown jewel.
Contact
Let's talk about your real situation. Want to accelerate delivery, remove technical blockers, or validate whether an idea deserves more investment? I listen to your context and give 1-2 practical recommendations. No pitch, no obligation. Confidential and direct.
Need help? Practical advice, no pitch.
Let's Work Together🎭 This Week's Episodes
Telenovelas show what we can't say in client meetings. The drama is heightened, but the patterns are real.
El Juicio
Bruno presents his evidence of sabotage to the board, demanding the developers be fired and Stefan expelled. But Stefan has prepared his own presen...
The Search for Help
Katja's network responds within the week. Three different people recommend the same name: Stefan Richter. Developer Advocate. Short engagements. Em...
Technical Consultancy
Embedded Delivery Partner
Embedded into your team as an active contributor, reducing delivery friction and helping important work move cleanly.
Technical Advisor
Peer-style technical assessments before far-reaching decisions; reduce architectural and product risk early.
Product & Delivery
Ship working software to real users earlier. Measure impact and adapt based on evidence rather than assumption.
Custom Software Development
High quality, maintainable software. Short-term augmentation that leaves lasting capability in your own team.
Recent Articles
- What AI Changed About Software IP (24.04.2026)
- Pull Requests Were Never Meant for Your Team (20.04.2026)
- Tests Beat Instructions for AI Coding Agents (17.04.2026)
- Vibe Coding Isn't Software Development (13.04.2026)
- The Concept Document Was a Workaround (10.04.2026)