Before Claude Code wrote its first line of code, Vercel was already in the vibe coding space with its v0 service.
The basic idea behind the original v0, which launched in 2024, was essentially to be version 0. That is, the earliest version of an application, helping developers solve the blank canvas problem. Developers could prompt their way to a user interface (UI) scaffolding that looked good, but the code was disposable. Getting those prototypes into production required rewrites.
More than 4 million people have used v0 to build millions of prototypes, but the platform was missing elements required to get into production. The challenge is a familiar one with vibe coding tools, as there is a gap in what tools provide and what enterprise builders require. Claude Code, for instance, generates backend logic and scripts effectively, but does not deploy production UIs within existing company design systems while enforcing security policies
This creates what Vercel CPO Tom Occhino calls "the world's largest shadow IT problem." AI-enabled software creation is already happening inside every enterprise. Credentials are copied into prompts. Company data flows to unmanaged tools. Apps deploy outside approved infrastructure. There's no audit trail.
Vercel rebuilt v0 to address this production deployment gap. The new version, generally available today, imports existing GitHub repositories and automatically pulls environment variables and configurations. It generates code in a sandbox-based runtime that maps directly to real Vercel deployments and enforces security controls and proper git workflows while allowing non-engineers to ship production code.
"What's really nice about v0 is that you still have the code visible and reviewable and governed," Occhino told VentureBeat in an exclusive interview. "Teams end up collaborating on the product, not on PRDs and stuff."
This shift matters because most enterprise software work happens on existing applications, not new prototypes. Teams need tools that integrate with their current codebases and infrastructure.
How v0's sandbox runtime connects AI-generated code to existing repositories
The original v0 generated UI scaffolding from prompts and let users iterate through conversations. But the code lived in v0's isolated environment, which meant moving it to production required copying files, rewriting imports and manually wiring everything together.
The rebuilt v0 fundamentally changes this by directly importing existing GitHub repositories. A sandbox-based runtime automatically pulls environment variables, deployments and configurations from Vercel, so every prompt generates production-ready code that already understands the company's infrastructure. The code lives in the repository, not a separate prototyping tool.
Previously, v0 was a separate prototyping environment. Now, it's connected to the actual codebase with full VS Code built into the interface, which means developers can edit code directly without switching tools.
A new git panel handles proper workflows. Anyone on a team can create branches from within v0, open pull requests against main and deploy on merge. Pull requests are first-class citizens and previews map directly to real Vercel deployments, not isolated demos.
This matters because product managers and marketers can now ship production code through proper git workflows without needing local development environments or handing code snippets to engineers for integration. The new version also adds direct integrations with Snowflake and AWS databases, so teams can wire apps to production data sources with proper access controls built in, rather than requiring manual work.
Vercel's React and Next.js experience explains v0's deployment infrastructure
Prior to joining Vercel in 2023, Occhino spent a dozen years as an engineer at Meta (formerly Facebook) and helped lead that company's development of the widely-used React JavaScript framework.
Vercel's claim to fame is that its company founder, Guillermo Rauch, is the creator of Next.js, a full-stack framework built on top of React. In the vibe coding era, Next.js has become an increasingly popular framework. The company recently published a list of React best practices specifically designed to help AI agents and LLMs work.
The Vercel platform encapsulates best practices and learnings from Next.js and React. That decade of building frameworks and infrastructure together means v0 outputs production-ready code that deploys on the same infrastructure Vercel uses for millions of deployments annually. The platform includes agentic workflow support, MCP integration, web application firewall, SSO and deployment protections. Teams can open any project in a cloud dev environment and push changes in a single click to a Vercel preview or production deployment.
With no shortage of competitive offerings in the vibe coding space, including Replit, Lovable and Cursor among others, it's the core foundational infrastructure that Occhino sees as standing out.
"The biggest differentiator for us is the Vercel infrastructure," Occhino said. "It's been building managed infrastructure, framework-defined infrastructure, now self-driving infrastructure for the past 10 years."
Why vibe coding security requires infrastructure control, not just policy
The shadow IT problem isn't that employees are using AI tools. It's that most vibe coding tools operate entirely outside enterprise infrastructure. Credentials are copied into prompts because there's no secure way to connect generated code to enterprise databases. Apps deploy to public URLs because the tools don't integrate with company deployment pipelines. Data leaks happen because visibility controls don't exist.
The technical challenge is that securing AI-generated code requires controlling where it runs and what it can access. Policy documents don't help if the tooling itself can't enforce those policies.
This is where infrastructure matters. When vibe coding tools operate on separate platforms, enterprises face a choice: Block the tools entirely or accept the security risks. When the vibe coding tool runs on the same infrastructure as production deployments, security controls can be enforced automatically.
v0 runs on Vercel's infrastructure, which means enterprises can set deployment protections, visibility controls and access policies that apply to AI-generated code the same way they apply to hand-written code. Direct integrations with Snowflake and AWS databases let teams connect to production data with proper access controls rather than copying credentials into prompts.
"IT teams are comfortable with what their teams are building because they have control over who has access," Occhino said. "They have control over what those applications have access to from Snowflake or data systems."
Generative UI vs. generative software
In addition to the new version of v0, Vercel has recently introduced a generative UI technology called json-render.
v0 is what Vercel calls generative software. This differs from the company's json-render framework for a true generative UI. Vercel software engineer Chris Tate explained that v0 builds full-stack apps and agents, not just UIs or frontends. In contrast, json-render is a framework that enables AI to generate UI components directly at runtime by outputting JSON instead of code.
"The AI doesn't write software," Tate told VentureBeat. "It plugs directly into the rendering layer to create spontaneous, personalized interfaces on demand."
The distinction matters for enterprise use cases. Teams use v0 when they need to build complete applications, custom components or production software.
They use JSON-render for dynamic, personalized UI elements within applications, dashboards that adapt to individual users, contextual widgets and interfaces that respond to changing data without code changes.
Both leverage the AI SDK infrastructure that Vercel has built for streaming and structured outputs.
Three lessons enterprises learned from vibe coding adoption
As enterprises adopted vibe coding tools over the past two years, several patterns emerged about AI-generated code in production environments.
Lesson 1: Prototyping without production deployment creates false progress. Enterprises saw teams generate impressive demos in v0's early versions, then hit a wall moving those demos to production. The problem wasn't the quality of generated code. It was that prototypes lived in isolated environments disconnected from production infrastructure.
"While demos are easy to generate, I think most of the iteration that's happening on these code bases is happening on real production apps," Occhino said. "90% of what we need to do is make changes to an existing code base."
Lesson 2: The software development lifecycle has already changed, whether enterprises planned for it or not. Domain experts are building software directly instead of writing product requirement documents (PRDs) for engineers to interpret. Product managers and marketers ship features without waiting for engineering sprints.
This shift means enterprises need tools that maintain code visibility and governance while enabling non-engineers to ship. The alternative is creating bottlenecks by forcing all AI-generated code through traditional development workflows.
Lesson 3: Blocking vibe coding tools doesn't stop vibe coding. It just pushes the activity outside IT's visibility. Enterprises that try to restrict AI-powered development find employees using tools anyway, creating the shadow IT problem at scale.
The practical implication is that enterprises should focus less on whether to allow vibe coding and more on ensuring it happens within infrastructure that can enforce existing security and deployment policies.
