Two Vibe Coding Prompts That Cut Hidden AI Coding Costs: First Principles and Adversarial Review

The AIHOT Case Study

On June 29, 2026, a Chinese developer behind AIHOT shared two prompts they now treat as mandatory for vibe coding: "reason from first principles" and "adversarially review this like a malicious user." The claim: the two-prompt loop helped catch structural bugs in an AI-built product now serving more than 10M weekly requests.

The details are interesting because they map directly to hidden AI coding costs. Most token budgets focus on model price. The bigger cost driver in real projects is rework — OOM loops, future-time data pollution, missing rate limits, wrong cache invalidation, or brittle routing logic that passes the first demo and fails under load.

Prompt 1: First Principles

The first prompt asks the agent to stop pattern matching and reconstruct the problem from base facts. A useful version:

Before coding, reason from first principles.
List the non-negotiable facts, constraints, and failure modes.
Do not use analogies to common apps unless they follow from those facts.
Then propose the smallest design that satisfies the constraints.

This matters because LLMs default to familiar templates. Ask for a crawler and you'll get a queue, a retry loop, and a database schema whether your workload actually needs them. Ask from first principles and the model is forced to identify what really constrains the system: request rate, source reliability, cache freshness, dedupe keys, and storage volume.

The cost saving is architectural. If a first-principles pass prevents one unnecessary subsystem, you save not just the initial generation tokens but every future debug turn that subsystem would have caused.

Prompt 2: Adversarial Review

The second prompt asks the model to attack its own implementation. A practical form:

Review this implementation adversarially.
Assume the user is malicious, the inputs are huge, clocks are wrong,
network calls hang, and external APIs return duplicated or future-dated data.
Find ways this code can OOM, loop forever, corrupt data, leak secrets,
or silently produce wrong results.

This prompt catches a different class of cost: defects that pass local tests and create production rework. OOM loops and future-time pollution are especially expensive for AI-coded systems because the agent will often debug symptoms rather than root cause unless you explicitly frame the search adversarially.

Cost Math: Why Two Extra Prompts Pay Off

Suppose your average Claude Sonnet 4.6 coding turn costs $0.08 and an adversarial review pass costs $0.20 because it reads more files. Running both first-principles and adversarial review on 50 meaningful changes costs roughly $10–15 in extra tokens.

One avoided production bug can easily save 10–20 debugging turns ($0.80–$1.60 in tokens) plus an hour of developer attention. If the bug involves data cleanup or incident response, the human time dominates. The prompt loop pays for itself if it prevents even one serious issue across a week of development.

When Not to Use This Loop

Do not run adversarial review on every trivial edit. A one-line copy change or a local CSS tweak does not need a threat model. The loop is cost-effective for code that introduces state, persistence, network calls, scheduled jobs, auth, billing, caching, or user-provided input.

The simplest rule: if a bug in this code can cause data loss, runaway cost, security exposure, or production downtime, run the two-prompt loop. If the failure mode is "button looks wrong," skip it.