From Vibe to Vexing.

Hello H.A.I.R. Community,

The promise of "vibe coding" - where recruiters and HR professionals build their own tools using no-code/low-code platforms like Lovaeable, Replit, n8n etc. - is an exciting vision of speed and innovation. The idea of bypassing IT and Procurement bottlenecks, which slow down adoption of new systems, to create an automated job matching dashboard or a JD bias checker sounds like a talent leader's dream. But for every gain in speed, there's a serious compromise in governance, risk, and compliance (GRC) that HR leaders must acknowledge.

This isn’t innovation; it’s the institutionalisation of shadow IT, and it's creating a minefield of legal and operational risks. While the intention is to move faster, the reality is that "vibe-coded" solutions can lead to "vibe chaos" and that's not just a cute phrase, it's a threat to your organisation.

Let’s dive into it.

The GRC Red Flags You Can't Afford to Ignore

1. Automated Dashboards Are Not a GRC-Free Zone: The line between a simple productivity tool and a legally-regulated one is perilously thin. A recruiter "vibe-coding" an "automated job-matching dashboard" might see it as a benign way to visualise the talent pipeline. However, if that dashboard uses an algorithm to assign a "fit score," a ranking, or a recommendation for a candidate, it could very well be classified as an Automated Employment Decision Tool (AEDT). Laws like New York City's Local Law 144 require independent bias audits for AEDTs before they are used. An unvetted, homegrown dashboard, lacking this essential audit, puts the company at significant legal risk, with the potential for massive fines and legal action for discriminatory outcomes.

2. Data Security Is a Day-One Problem: When employees build their own tools, they bypass established IT and security protocols. This creates a hidden network of unsecured data storage, making sensitive candidate and employee information vulnerable to data breaches. The promise of "Day-0 creation" ignores the critical "Day-1 maintenance" and security needs. Without a formal GRC framework, you're opening back doors for hackers and violating global data privacy laws like GDPR and CCPA.

3. Governance Is an Extinction-Level Event: Vibe coding thrives in a governance vacuum. Without central oversight from HR, legal, or IT teams, there's no audit trail. You can't track how these tools are built, what data they use, or how their decisions are made. This lack of transparency makes it impossible to defend hiring practices in court or respond to regulatory audits. What happens when a hiring decision is challenged? You won't be able to provide the necessary documentation to justify your process.

4. Vendor Vetting Is Not Optional: These no-code platforms, while powerful, have not been vetted by your procurement and legal teams. The employee who deploys a new platform to "vibe code" a solution isn't performing a security assessment or negotiating a data protection agreement. They're introducing a new layer of unmanaged vendor risk that could have serious consequences for data privacy, ownership, and reliability.

The future of HR technology is about building systems that are fast, effective, and resilient. That requires rigour, not just a vibe. The most successful HR teams will be those who empower their people with the right tools, but within a robust governance framework that protects the company from unnecessary risk.

Here's how H.A.I.R. can help you put the AI in HR:

1. H.A.I.R. Newsletter: get authoritative, pragmatic, and highly valuable insights on AI in HR directly to your inbox. Subscribe now.

2. EU AI Act QuickScore Assessment: understand your organisation's EU AI Act Readiness in minutes and identify key areas for improvement. Take your QuickScore here.

3. Advisory Services: implement robust AI Governance, Risk, and Compliance (GRC) with our 12-month programme designed for HR and Talent Acquisition leaders. Contact us for a consultation.

4. H.A.I.R. Training Courses: enhance your team's AI literacy and readiness with our practical training programmes. Explore courses.

5. Measure Your Team's AI Readiness with genAssess: stop guessing and start measuring your team's practical AI application skills. Discover genAssess.

Until next time,

Martyn

H.A.I.R. (AI in HR) 

Putting the AI in HR. Safely.