itstargetnews
Before Claude Code wrote the first line of code, Vercel is already in the vibe coding space with v0 service.
The basic idea behind the original v0, launched in 2024, should be version 0. That is, the very first version of an application, helping developers solve the blank canvas problem. Developers can instigate their way into user interface (UI) scaffolding that looks good, but the code is disposable. Getting prototypes into production requires rewriting.
More than 4 million people have used v0 to build millions of prototypes, but the platform lacks the elements needed to enter production. The challenge is familiarity with vibe coding tools, as there is a gap between what tools are provided and what business founders need. Claude Codefor example, creating backend logic and scripts effectively, but not deploying production UIs within existing company design systems while enforcing security policies
It created what Vercel CPO Tom Occhino called "the world’s biggest IT problem." AI-enabled software development is already happening within every business. The credentials are copied to the prompts. Company data flows to unmanaged devices. Apps are deployed outside the approved infrastructure. There is no audit trail.
Vercel has rebuilt v0 to address this gap in production shipping. The new version, generally available today, imports existing GitHub repositories and automatically pulls environment variables and configurations. It generates code in a sandbox-based runtime that maps directly to real Vercel deployments and enforces security controls and proper git workflows while allowing non-engineers to deploy code to production.
"The great thing about v0 is that you still have the code to see and review and manage," Occhino told VentureBeat in an exclusive interview. "Teams end up collaborating on the product, not PRDs and so on."
This shift is important because most enterprise software work happens on existing applications, not new prototypes. Teams need tools that integrate with their current codebases and infrastructure.
How v0’s sandbox runtime connects AI-generated code to existing repositories
The original v0 created UI scaffolding from prompts and let users make changes through conversations. But the code lives in an isolated v0 environment, which means moving it to production requires copying files, rewriting imports and manually wiring everything up.
The rebuilt v0 fundamentally changes this by directly importing existing GitHub repositories. A sandbox-based runtime automatically pulls environment variables, deployments and configurations from Vercel, so each prompt generates production-ready code that already understands the company’s infrastructure. The code lives in the repository, not a separate prototyping tool.
Previously, v0 was a separate prototyping environment. Now, it’s connected to the actual codebase with a full VS Code built-in interface, which means developers can edit code directly without switching tools.
A new git panel handles proper workflows. Anyone on a team can create branches from within v0, open pull requests against main and deploy to merge. Pull requests are first-class citizens and preview maps directly to real Vercel deployments, not remote demos.
This is important because product managers and marketers can now send code to production through proper git workflows without the need for local development environments or providing code snippets to engineers for integration. The new version also adds direct integrations with Snowflake and AWS databases, so teams can wire apps to production data sources with the right access controls built in, instead of requiring manual work.
Vercel’s experience with Next.js explains the deployment infrastructure of v0
Before joining Vercel in 2023, Occhino spent a dozen years as an engineer at Meta (formerly Facebook) and helped guide that company’s development of the widely used React JavaScript framework.
Vercel’s claim to fame is that its company founder, Guillermo Rauch, is the creator of Next.js, a full-stack framework built on top of React. In the era of coding vibe, Next.js has become a more popular framework. The company recently published a list of React to best practices specifically designed to help AI and LLM agents work.
The Vercel platform incorporates best practices and learnings from Next.js and React. That decade of building frameworks and infrastructure together means v0 outputs production-ready code that deploys the same infrastructure that Vercel uses for millions of deployments every year. The platform includes agentic workflow support, MCP integration, web application firewall, SSO and deployment protections. Teams can open any project in a cloud dev environment and push changes with one click to a Vercel preview or production deployment.
With no shortage of competitive offerings in the vibe coding space, including Replit, Lovable and Cursor among others, this is the core foundational infrastructure that Occhino sees standing out.
"The biggest difference for us is Vercel’s infrastructure," Occhino said. "It has been building managed infrastructure, framework-defined infrastructure, now driving its own infrastructure for the last 10 years."
Why vibe coding security requires infrastructure control, not just policy
The problem with shadow IT is not that employees are using AI tools. These are the majority of vibe coding tools that operate outside of enterprise infrastructure. Credentials are copied to the prompts because there is no secure way to connect the generated code to enterprise databases. Apps are deployed to public URLs because the tools don’t integrate with company deployment pipelines. Data leaks occur because visibility controls are not in place.
The technical challenge is that securing AI-generated code requires controlling where it runs and what it can access. Policy documents are of no help if the tooling itself cannot enforce the policies.
This is where infrastructure is important. When vibe coding tools operate on different platforms, businesses face a choice: Block the tools entirely or accept the security risks. If the vibe coding tool is running on the same infrastructure as the production deployments, security controls can be automatically implemented.
v0 runs on Vercel’s infrastructure, which means businesses can set up deployment protections, visibility controls and access policies that apply to AI-generated code in the same way they can to handwritten code. Direct integrations with Snowflake and AWS databases allow teams to connect to production data with proper access controls rather than copying credentials across prompts.
"IT teams are comfortable with what their teams are building because they have control over who has access," Occhino said. "They have control over what applications have access to from Snowflake or data systems."
Generative UI vs. generative software
In addition to the new v0 version, Vercel recently introduced a generative UI technology called json-render.
v0 is what Vercel calls generative software. It differs from the company’s json-render framework for true generative UI. Vercel software engineer Chris Tate explained that v0 builds full-stack apps and agents, not just UIs or frontends. In contrast, json-render is a framework that enables AI to generate UI components directly at runtime by outputting JSON instead of code.
"AI doesn’t write software," Tate told VentureBeat. "It plugs directly into the rendering layer to create powerful, personalized interfaces on demand."
The difference is important for business use cases. Teams use v0 when they need to build complete applications, custom components or production software.
They use JSON-render for dynamic, personalized UI elements within applications, dashboards that adapt to individual users, contextual widgets and interfaces that respond to changing data without changing code.
Both use the AI SDK infrastructure built by Vercel for streaming and structured outputs.
Three lessons businesses have learned from adopting vibe coding
As businesses have adopted vibe coding tools over the past couple of years, several patterns have emerged regarding AI-generated code in production environments.
Lesson 1: Prototyping without production deployment creates faulty development. Businesses have seen teams create impressive demos in early v0 versions, then hit a wall moving demos into production. The problem is not the quality of the generated code. This is so that the prototypes live in remote environments disconnected from the production infrastructure.
"While demos are easy to generate, I think most of the iterations that happen in these code bases happen in real production applications," Occhino said. "90% of what we need to do is make changes to an existing code base."
Lesson 2: The software development life cycle has changed, whether businesses plan for it or not. Domain experts build software directly instead of writing product requirements documents (PRDs) for engineers to interpret. Product managers and marketers ship features without waiting for engineering sprints.
This shift means businesses need tools that maintain code visibility and management while allowing non-engineers to deliver. The alternative is to create bottlenecks by forcing all AI-generated code through traditional development workflows.
Lesson 3: Blocking vibe coding tools doesn’t stop vibe coding. It simply pushes the activity outside of IT’s visibility. Businesses that try to prevent AI-driven growth find employees using the tools anyway, creating the shadow IT problem at scale.
The practical implication is that businesses should focus less on whether to allow vibe coding and more on ensuring it happens within an infrastructure that can enforce existing security policies and deployments.
