Spec-driven development: From vibe coding to intent engineering

Generative AI (GenAI) and agentic AI are transforming the economics of software development at a remarkable speed. Now that startups are launching products powered by code that are mostly AI-generated, organizations can meet delivery timelines faster than ever. However, speed alone doesn’t guarantee quality, security, compliance, or business alignment. Organizations still struggle with output precision, and the ability accurately steer code remains underdeveloped.  

This gap between speed and strategic control is becoming one of the defining challenges for technology leadership, and spec-driven development (SDD) is emerging as the structured solution. It puts formal specification back at the center of the software development lifecycle (SDLC).

What is spec-driven development?

SDD is an approach where teams define clear requirements before writing or generating code. These specifications guide development from start to finish, ensuring quality, control and alignment with business goals.

With SDD, AI-generated code is guided by clear business intent, and its implications are redefining how strategy becomes software.

Before we explore SDD further, it’s worth examining its less structured counterpart.

Vibe coding explained: Benefits and enterprise risks

Vibe coding is a concept coined by Andrej Karpathy that describes the practice of explaining what you want in plain language instead of writing code line by line and letting AI generate it. This approach accelerates prototyping and dramatically lowers the barrier to software building by allowing smaller teams to create products faster, validate ideas earlier, and explore new directions with surprising agility.

On the downside, challenges can surface when this process is applied indiscriminately and without additional structure. When instructions are vague or incomplete, AI will sometimes fill the gaps by making unreviewed architectural choices and selecting unsuitable dependencies. It can even introduce new assumptions. Sometimes these choices are sound. At other times, they can create hidden AI vulnerabilities (the accumulation of flawed assumptions encoded into specifications), performance constraints, or compliance risks. These are discussed further in our podcast From AI to ROI: Beyond the hype – Reimagining software delivery for real business value.

Studies suggest that AI-assisted code produced without structured oversight can carry higher vulnerability rates. Even more concerning, perceived speed gains can conceal slower progress on complex, real-world enterprise systems.

In other words, powerful tools still require operating discipline. The risk isn’t with AI writing the code. The risk is writing code without structured guardrails. And this is where SDD shines.

Transforming the SDLC with structured specifications

SDD provides the structure and governance missing from vibe coding. With this process, teams usually start by formalizing what the software needs to do: defining its intent, constraints, interfaces and requirements; outlining definitions of success; and clarifying compliance requirements and performance thresholds. All of this is done before the first line is written. 

These structured specifications become the single source of truth across the entire SDLC. Furthermore, humans control the ‘what and why,’ while AI executes the ‘how’ within clearly defined boundaries.

This approach can transform every stage of the enterprise software delivery process.

• Requirements: Specifications replace ambiguous feature requests with machine-readable intent. 
• Design: Provide AI with clear architectural guardrails instead of open-ended freedom.
• Implementation: Validate generated code against formal specifications.
• Testing: Turn specifications into automated verification and quality assurance.
• Maintenance: Ensure future changes remain traceable back to the original business intent.

These five steps build quality assurance into the SDD process rather than bolting it on at the end. For regulated industries such as financial services, healthcare and life sciences, this process supports governance and compliance requirements.

How AI development tools are adopting spec-driven workflows

Major technology platforms are already embedding SDD into AI development tools.

GitHub’s Spec Kit, released in late 2025, formalizes intent before code generation. AWS integrates spec-first workflows directly into its Kiro IDE. JetBrains and Cursor introduced planning modes to structure AI interactions. Additionally, frameworks like Breakthrough Method for Agile AI-Driven Development (BMAD) push this even further with teams of specialized AI agents that mirror analyst, architect, developer and QA roles across the SDLC. The result is a development pipeline where spec-driven discipline extends from analysis through to delivery.

Some may worry that adding more structure means slowing down software teams with waterfall-type processes, but it really depends on the situation. In reality, these approaches are not inherently opposed. For lightweight tasks and early-stage exploration, vibe coding remains the right tool, while complex or regulated systems need clearer blueprints. It’s up to leaders to decide when vibe coding or SDD applies and to embed that judgment into team processes.

Accelerating toward an intent-driven software lifecycle

Software is evolving from code-centric thinking to intent-centric design. Increasingly, maintaining systems will mean shifting specifications, with code serving as an expression of those specifications within a language or framework. AI agents are also becoming more autonomous. Recently, AWS introduced autonomous agents capable of working for hours or even days as extensions of human teams.   

Additionally, they can operate as agentic swarms—groups of agents that collaborate like a coordinated team—each handling specific tasks while working toward a shared goal. As these capabilities mature, the conversation is shifting from using agents to enabling agentic orchestration, where they can operate within clear guidelines to stay aligned with business goals and expectations. This evolution signals a shift in human roles within software delivery. 

Roles are increasingly shifting toward the strategic side of the lifecycle, focusing on:

• Defining intent and constraints 
• Setting success criteria
• Establishing governance
• Validating outcomes 

At CGI, we’re embracing SDD early in enterprise software delivery. Our enterprise-grade framework is built on industry SDD models (e.g., BMAD), enhanced with custom modules and workflows. We're beginning to roll this out across select business units through dedicated training and workshops, giving early adopters hands-on fluency with spec-driven methods. As these capabilities mature and expand internally, we see a meaningful opportunity to build lasting advantage. Organizations that develop spec-first practices today will be better positioned as delivery expectations continue to rise. 

How SDD is transforming enterprise capabilities

As SDD introduces new core competencies, the implications for organizations are profound. These include: 

• Evolving from writing code to architecting intent by formalizing complex requirements unambiguously.
• Creating auditable specifications that link board-level strategy to technical implementation.
• Strengthening governance and compliance through built-in traceability.
• Translating business intent into verifiable specifications that drive competitive advantage.

However, there is a caveat. Specifications are only as strong as the understanding behind them. If teams rush from business idea to formal specifications without investing in design thinking, architecture and user experience, they risk embedding AI vulnerabilities.

Turning AI speed into secure, scalable enterprise software

While GenAI and agentic AI can write software faster than human teams, the value of its output depends entirely on the precision of the instructions it receives. In short, while AI assists in the generation of code, human supervision is essential. For technology leaders, these three priorities help ensure successful outcomes:  

• Assess exposure: What percentage of your codebase is AI-generated without any formal specification? This volume represents hidden SDLC risk.
• Pilot SDD strategically: Test spec-driven workflows on a complex, real-world project and measure quality, maintainability, security and delivery speed.
• Invest in intent competency: Develop your team’s ability to formalize requirements with the precision that AI demands. This is both a technical skill and an organizational capability that connects strategy directly to execution.

Harnessing AI speed to deliver enterprise advantage

Speed without structure creates risk. As GenAI and agentic AI reshape software development, SDD provides the governance framework enterprises need to maintain code alignment with business requirements, security standards and compliance across the SDLC.

The competitive advantage will belong to those who define intent with precision. Organizations that embed structured specifications today will be the ones to build tomorrow’s secure, scalable and strategically aligned digital platforms.