On a quiet morning at the Massachusetts Institute of Technology, inside a secure facility monitored by researchers from the MIT Lincoln Laboratory, a United States Air Force cadet sat before a laptop with no software development tools installed. He had no command-line interface open, no integrated development environment configured, and no background in writing code. Instead, he had three standard browser tabs active: Anthropic’s Claude, OpenAI’s ChatGPT, and Google’s Gemini.
The task before him was absurdly ambitious. He wanted to build an advanced, functional military application capable of automated target recognition, tactical reconnaissance management, and autonomous strike coordination. Under traditional defense procurement cycles, a software suite of this caliber would require a multi-million-dollar contract, a team of specialized defense contractors, and three to five years of bureaucratic review.
The cadet was attempting to build it in twelve weeks. His method was "vibe-coding"—a modern development paradigm where a creator writes absolutely no syntax, relying entirely on natural language prompts to direct artificial intelligence models to write, debug, and assemble complex codebases.
Sponsored by the Department of the Air Force–MIT AI Accelerator Phantom Program, this experiment sought to answer a critical national security question: Can a non-technical service member bypass the Pentagon’s notoriously slow software acquisition pipeline to build a viable, mission-ready AI tool?
The answer, as revealed by a trail of empirical data, technical roadblocks, and surprising security vulnerabilities, is both a stunning validation of the democratization of technology and a cautionary tale about the limits of prompt-based software.
The Acquisition Crisis and the Phantom Program
For decades, the Pentagon has wrestled with a software crisis. The military's traditional acquisition system was built in the mid-20th century to purchase physical hardware—aircraft carriers, tanks, and fighter jets. Applying this same slow-moving, multi-stage approval process to software has left American forces using outdated, clunky computer systems. By the time a custom military application is specified, contracted, coded, tested, and deployed, the underlying technology is often obsolete.
Enter the Department of the Air Force–MIT AI Accelerator's Phantom Program. The fellowship embeds active-duty airmen and guardians directly into MIT’s academic and research environments, pairing them with world-class computer scientists to solve real-world defense challenges using cutting-edge artificial intelligence.
Cadet Joshua Lynch was one of these Phantoms. With zero formal training in computer programming, Lynch represented the ultimate target demographic for the democratization of ai app development. If a cadet could build a functional tactical application on their own, it would prove that the military's software bottleneck is no longer a matter of engineering capacity, but of human imagination.
To oversee the experiment, the Air Force paired Lynch with Laura Niss, a technical staff member in the Embedded and AI Systems Group at MIT Lincoln Laboratory. Niss’s objective was twofold: monitor the capabilities of consumer-grade chatbots in executing complex programming tasks, and scientifically track how Lynch’s perception of AI changed as he wrestled with the technology over three months.
"The Phantom student wanted to see if he could create a useful application through self-identified vibe-coding, without any previous experience," Niss said. "Within this project, I wanted to understand how his perception of AI changed over time with use. We both wanted to understand better where and how AI could be used by nontechnical users in the military."
From TACP to ROMAD-AI: The Vision
Lynch’s inspiration came directly from the specialized, high-risk world of Tactical Air Control Parties (TACP). Historically, enlisted TACP airmen have operated in close proximity to the battlefield, acting as Joint Terminal Attack Controllers (JTACs) who coordinate air support for ground forces. In military parlance, the entry-level members of these teams were historically referred to as ROMADs (Radio Operator, Maintainer, and Driver).
A ROMAD’s job is stressful and information-heavy. They must simultaneously monitor multiple communication nets, track the positions of friendly forces, read analog and digital maps, identify hostile targets, and calculate potential collateral damage before calling in kinetic airstrikes.
Lynch wanted to automate these workflows. He envisioned a comprehensive, digital tactical assistant named the Remote Operating Modular Augmentation Device—or ROMAD-AI.
[Target: Hostile Armor] ──> [ROMAD-AI (VLM Analysis)] ──> [Collateral Damage Math] ──> [Strike Approval]
│
└───> [Local Tactical Map Overlay]
In its initial, highly ambitious blueprint, ROMAD-AI was designed to feature:
- AI-Assisted Target Recognition: Real-time ingestion and analysis of drone reconnaissance feeds to automatically tag hostile combatants and vehicles.
- Modular ISR (Intelligence, Surveillance, and Reconnaissance): Integration of multi-spectral sensor data to map the tactical environment.
- Autonomous Striking Capabilities: Algorithmic calculation of weapon release parameters to recommend optimal strike options.
- Communication Management: Automated formatting and transmission of standardized military target briefs (such as 9-Line briefs) to friendly aircraft.
In previous years, attempting this caliber of ai app development would have required an army of specialized data scientists, computer vision experts, and software architects. Armed only with his understanding of the tactical problem and his browser tabs, Lynch set out to see if the LLMs could act as his personal engineering team.
Inside the Vibe-Coding Workflow
Vibe-coding is fundamentally conversational. It shifts the developer's role from writing syntax to acting as a project manager, system architect, and quality assurance tester.
For the first several weeks of the project, Lynch worked almost exclusively through the web-browser chat interfaces of three paid models: Anthropic’s Claude 3.5 Sonnet, OpenAI’s GPT-4o, and Google’s Gemini 1.5 Pro. He would describe the desired feature in plain English:
"Write a Python script that uses a vision model to look at an aerial map, identify any military-style vehicles, and plot their coordinates on a simple user interface using coordinate system overlay."
The chatbot would generate dozens of lines of code. Lynch would copy this output, paste it into his local environment, run it, and observe the results. If an error message flashed across his screen, he wouldn’t try to debug it himself. Instead, he would copy the raw error traceback, paste it back into the AI's chat window, and ask: "How do I fix this?"
[Cadet Prompts AI in English] ──> [AI Generates Python/HTML] ──> [Cadet Runs Local Code]
▲ │
│ ▼
[AI Debugs & Refactors] <─── [Cadet Pastes Error Message] <─── [Code Throws Error]
This rapid feedback loop allowed Lynch to assemble a working user interface and basic backend services in a fraction of the time a traditional developer would require. However, as the codebase grew, the limitations of raw, chat-based ai app development began to surface, exposing the fragile reality beneath the "vibe-coding" hype.
The first major hurdle was a phenomenon Niss describes as a lack of "hierarchical focus" in LLMs. When a human programmer writes software, they maintain a mental model of the entire system architecture—how a change in a frontend React component might affect a backend database schema.
Chatbots, however, process code sequentially and have a limited context window. As ROMAD-AI grew to encompass hundreds of lines of code split across multiple files, Lynch found that asking a chatbot to fix a minor layout bug on the frontend would often prompt the AI to rewrite a completely unrelated, critical function in the database logic.
"He often encountered difficulties because the AI chatbots lacked hierarchical focus and modified unrelated sections of code," Niss explained.
To overcome this, Lynch had to learn the discipline of "modular prompt engineering". He could no longer ask the AI to "add a feature." He had to meticulously decompose ROMAD-AI into microscopic, isolated sub-tasks. He learned to provide the AI with highly specific "guardrails," instructing it to only modify designated blocks of code while leaving the rest of the file untouched.
The Security Trap: A Silent Danger in the Code
As Lynch's code began to run and the ROMAD-AI interface took shape, the investigation took a turn. In the civilian tech sector, if an app works, it is generally considered a success. In the military, how an app works under the hood is a matter of life, death, and national security.
During routine code reviews, Niss and the Lincoln Laboratory team made a startling discovery in the software architecture generated by the chatbots.
To implement the "tactical map analysis" feature, the AI had confidently written a standard web-development integration: it packaged the uploaded map files and sent them via an API callback directly to a public, cloud-based LLM hosted on commercial servers over the open internet.
In civilian ai app development, this is standard operating procedure. If you want your app to analyze an image, you call OpenAI’s or Google's API.
But in a tactical military environment, this architecture is a massive, court-martial-level security violation. Sending a tactical map of an active battlefield, complete with troop locations, coordinate grids, and operational graphics, to a public, third-party commercial cloud server is a catastrophic data spill.
[Tactical Map Ingestion] ──> [AI-Generated Code] ──> [Public Internet/Commercial APIs] ──> (DATA LEAK RISK)
│
(MUST BE REWRITTEN)
│
▼
[Local, Air-Gapped Inference]
Because Lynch had no prior coding experience, he could not audit the syntax the AI generated. On his screen, the feature worked flawlessly: he uploaded a map, and the app successfully identified the targets. He had no way of knowing that the AI had built a pipeline that was silently exfiltrating potentially classified operational data.
"Key lessons include the importance of breaking problems into small steps, managing chatbot context drift, and the necessity of code review to catch security issues—such as documents being sent to a remote AI model instead of processed locally," research notes from the project emphasize.
This finding exposed a fundamental tension in vibe-coding military applications: AI models are trained on civilian software repositories. Consequently, they default to writing code that assumes a highly connected, SaaS-centric world with standard API calls. They do not naturally write secure, sandboxed, air-gapped code unless specifically instructed—and a non-technical user would never know to ask.
The Battle of the LLMs: Claude vs. ChatGPT vs. Gemini
As the project moved into its second month, the research team began analyzing the performance variance between the different AI models. Niss tracked Lynch’s qualitative experience with each chatbot over time, documenting how his trust and perception of the tools shifted.
The empirical data revealed fascinating differences in how these model families approach software generation:
| Metric | Anthropic Claude (Sonnet) | OpenAI ChatGPT (GPT-4o) | Google Gemini (Pro) |
|---|---|---|---|
| Architectural Stability | High – Retained code structure across prompts. | Medium – Prone to regression after model updates. | Medium – Tended to simplify complex logic overly. |
| Logic Consistency | Excellent – Avoided injecting magic numbers or duplicate files. | Moderate – Suffered from "forgetfulness" in long threads. | Good – Strong multimodal integration. |
| Anthropomorphism & Likability | High – Preferred by the cadet for structured instruction. | Moderate – Perceived as more clinical and erratic. | High – Best when paired with Google AI Studio. |
| Best Use Case | Writing robust backend structure and refactoring code. | Quick ideation and generating small UI elements. | Vision API integration and handling tactical imagery. |
Niss's metrics showed that Anthropic’s Claude demonstrated the highest stability and reliability across system updates. While ChatGPT occasionally suffered from "prompt drift"—where the AI slowly drifted away from the initial project constraints over a long conversation—Claude maintained a highly consistent, structured output.
However, when it came to deploying the final application, Google AI Studio App proved to be a highly effective ecosystem. It allowed Lynch to easily build a user interface that directly interfaced with the Gemini API, enabling the multimodal vision-language capabilities needed to process tactical imagery.
The Reality Check: A Necessary Rescope
By week eight, the hard technical limits of current AI models forced a major reality check on the project.
The original, highly kinetic vision of ROMAD-AI—an app that could autonomously coordinate strikes, process live surveillance feeds, and manage real-time combat communication—was simply not achievable using current consumer-grade LLMs and browser-based interfaces.
There were three main roadblocks:
- Latency and Determinism: Military targeting applications require 100% deterministic outcomes. An LLM's inherent stochastic (probabilistic) nature means it might process a target correctly 95 times out of 100, but make a hallucinated calculation on the 96th, resulting in friendly fire or civilian casualties.
- Compute and Connectivity: Running massive vision-language models requires extensive computing power. In a tactical field environment, internet connectivity is often contested or non-existent, making reliance on external cloud APIs impossible.
- Complexity of Sensor Fusion: Integrating live radar, thermal imaging, and radio communication into a single browser-based application was far beyond the structural capacities of "vibe-coding".
Rather than abandoning the project, Niss and Lynch decided to rescope ROMAD-AI. They shifted the focus from an active, kinetic battlefield targeting tool to a highly secure, offline document-processing and mission-planning application.
[Original Plan: ROMAD-AI]
- Real-time video target recognition
- Autonomous strike calculations
- Battlefield communication management
│
▼ (RE-SCOPED due to security, latency, and AI limitations)
│
[Final Prototype: ROMAD-AI]
- Map ingestion and analysis via Vision-Language Models
- Automatic generation of mission-planning briefs
- Local document processing interface
In its final form, ROMAD-AI became an administrative and tactical planning booster. A user could upload a static battlefield map containing standard military symbology (such as NATO Joint Military Symbology symbols). The application, powered by a local instance of a vision-language model, would parse the map, identify military units and geographical features, and automatically compile structured tactical reports and mission briefings.
While it wasn't the autonomous war-fighting tool Lynch had initially envisioned, the finalized ROMAD-AI was still a highly impressive, fully functional software prototype that solved a real military headache—built entirely by an Air Force cadet who, just twelve weeks prior, didn't know how to write a single line of Python.
The True Lesson of the Phantom Experiment
The success of Cadet Lynch’s project has sparked intense debate within the defense community. On one hand, advocates of AI democratization point to the project as proof that the era of traditional, multi-million-dollar software contracts is coming to an end.
If a non-technical cadet can construct a working, AI-driven tactical map analyzer in three months, why are we paying defense primes billions of dollars to build basic software utilities?
On the other hand, traditional software engineers and security experts urge extreme caution. The discovery of the API data leak in Lynch's early code demonstrated that "vibe-coding" is not a magic wand.
"For me, this project reinforced the expanse between experts in different fields," Niss said, reflecting on the experiment. "No matter how good AI gets, I think we'll always need to collaborate to get to the best solutions for the most important problems."
In the context of modern defense, this experiment reveals a clear evidence trail for how ai app development must evolve:
- The Democratization of Prototyping: The bottleneck of ideation and visualization has been shattered. A tactical air controller on the ground knows the problems of their job far better than a software engineer sitting in a laboratory in Virginia. Vibe-coding allows these domain experts to build "working clay models" of their ideas, rapidly showing developers exactly what they need.
- The Code Review Bottleneck: While generating thousands of lines of functional code is now trivial, verifying and auditing that code has become the new operational bottleneck. The military cannot deploy "vibe-coded" software to the field without professional software engineers auditing the code for memory leaks, structural integrity, and security vulnerabilities.
- The Necessity of Hybrid Teams: The future of defense software lies in a symbiotic relationship. Domain experts will use generative AI to write the initial prototypes. Professional software engineers will then step in to act as auditors, architects, and security hardeners, turning the "vibe-coded" prototype into a rugged, field-deployable weapon system.
What Lies Ahead
As the Department of the Air Force–MIT AI Accelerator looks to scale the lessons of the Phantom Program, they are laying the groundwork for a new kind of software pipeline. Rather than fighting the rise of vibe-coding, the military is exploring ways to embrace it safely.
One proposal currently being debated is the creation of a secure, "air-gapped" AI coding environment specifically for service members. This sandbox environment would run local, secure instances of models like Claude or Gemini on military servers, pre-configured with strict security guardrails that prevent the AI from generating code that makes insecure, external API calls.
Furthermore, the Flying Training Center of Excellence is already developing specialized chatbots, such as "IP GPT," designed to act as virtual flight instructors. This indicates a broader, systemic shift where the Air Force plans to put AI tools directly into the hands of operators across every echelon.
Ultimately, Cadet Joshua Lynch’s journey from a non-coder to the creator of ROMAD-AI has proven that the barriers to entry in software development have collapsed. The constraint is no longer the ability to memorize programming syntax; it is the clarity of vision and deep domain expertise.
But as the military marches into this new era of rapid, prompt-based software creation, it must remember that in war, a software bug is not just an inconvenience—it is a tactical failure. While the "vibe" may get an app built in a weekend, it is the rigorous, human-driven engineering that will ensure it survives the battlefield.
Reference:
- https://news.mit.edu/2026/how-novice-coders-can-develop-ai-programs-for-military-applications-0707
- https://hyper.ai/en/stories/9a64ffb6633a7e3db8e83cf640dc1641
- https://news.mit.edu/2026/how-novice-coders-can-develop-ai-programs-for-military-applications-0707
- https://imrankhani.medium.com/i-watched-someone-build-plantir-like-spy-dashboard-in-3-days-dfbe08a4b1b4
- https://daily.dev/posts/how-novice-coders-can-develop-ai-programs-for-military-applications-yvb1g9oph
- https://www.reddit.com/r/vibecoding/comments/1s8vd4d/i_just_vibe_coded_a_full_saas_app_using_ai_and_i/
- https://news.mit.edu/2026/agentic-ai-and-what-do-we-want-it-be-0630
- https://garymarcus.substack.com/p/dario-amodei-hype-ai-safety-and-the/comments
- https://www.ntconcepts.com/build-apps-fast-secure-jwcc-ready/
- https://www.airandspaceforces.com/air-force-developing-ai-chatbot-student-pilots/