The vibe coding revolution has a hangover, and it is measured in millions of lines of unreviewed code.

The New York Times reports that a financial services company using Cursor, the AI coding tool that has taken Silicon Valley by storm, went from producing 25,000 lines of code per month to 250,000. That is a 10x increase in output. It sounds like a productivity miracle until you hear the next number: a backlog of one million lines of code that need to be reviewed for security vulnerabilities, bugs and compliance issues.

"The sheer amount of code being delivered, and the increase in vulnerabilities, is something they can not keep up with," said Joni Klippert, CEO of security startup StackHawk, which works with the firm.

This is the dirty secret of the AI coding boom that nobody in Silicon Valley wants to talk about. The tools are spectacular at generating code. They are not spectacular at generating code that is secure, maintainable or correct. And the faster the code flows, the wider the gap between production and review.

Think about what 10x code output actually means in practice. Every department downstream gets hit. QA teams that were sized for 25,000 lines now face 250,000. Security auditors who could keep pace with manual development are now buried. Sales, marketing and customer support teams have to absorb the pace of constant feature releases. As Klippert put it: "a lot of stress."

The pattern is emerging everywhere. Anthropic says 90% of its code is written by Claude. OpenAI claims GPT was "instrumental in creating itself." But those companies have world-class engineering teams reviewing every line. The financial services firm in the NYT story does not. Neither do the thousands of startups and mid-market companies that have adopted Cursor, Claude Code and GitHub Copilot over the past year.

We have been tracking this tension for weeks. Apple is killing vibe coding apps in the App Store. Bloomberg warned that vibe coding FOMO would burn out the workforce before it helped. Enterprise security teams flagged AI-generated code as a trust bottleneck. Now we are seeing the inevitable result: companies are drowning in their own output.

The fix is not to slow down. That ship has sailed. The fix is to build review infrastructure at the same pace as generation infrastructure. AI code reviewers, automated security scanning, continuous compliance testing. The companies that figure this out will thrive. The ones that just crank the code generation dial to maximum without matching it with review capacity are building technical debt that will take years to unwind.

One million lines of unreviewed code at a financial services company. Let that sink in. In an industry where a single vulnerability can move billions of dollars, that number should keep every CTO in banking up at night.