43%

Last Wednesday I shipped an update to BigMoneyIdeas and the scoring algorithm broke within forty minutes. A user emailed me a screenshot of their result page showing "undefined" where their score should be. I fixed it in eleven minutes. Nobody else noticed. But for those eleven minutes, my product was broken in production and I was the only person who could do anything about it.

Lightrun published their 2026 State of AI-Powered Engineering report this week. The headline number: 43% of AI-generated code fails in production, even after passing QA. Georgia Tech's cybersecurity lab found something worse. They've been tracking vulnerabilities in vibe-coded applications and March 2026 alone produced 35 cases. More than all of 2025 combined.

None of this surprises me. I build four products with AI and something breaks every single week.

The honest version of building with AI looks like this. You describe what you want. The code appears and it looks right. You test it locally and it works. You ship it and something you didn't think to test fails in a way you didn't expect. Then you fix it. Sometimes that takes eleven minutes. Sometimes it takes two days and a complete rewrite of the feature.

Developers spend 38% of their week debugging AI-generated code according to that same Lightrun report. For me it's probably higher because I'm also the designer, the support team, and the person writing this newsletter. The $2,000 API bill I mentioned in Issue #2 happened because I let AI-generated code run without reviewing the prompt costs. Forty-three percent failure rate? I believe it. Some weeks I'd put my personal number closer to sixty — because I can't actually review the code myself.

Here's the thing nobody in the "AI will replace developers" conversation wants to admit. The tools are incredible. I went from idea to working product in a weekend with PadelCrews. I couldn't have done that two years ago. But the gap between "working locally" and "working in production for real users" is still enormous, and AI doesn't close that gap. You do. By testing. By watching. By being the person who gets the email at midnight and fixes it before anyone else wakes up.

A Georgia Tech researcher said something that stuck with me. "When an agent builds something without authentication, that's not a typo. It's a design flaw baked in from the start." That's the real risk. Not that AI writes buggy code. It's that it writes confidently wrong code and you ship it because it looked right.

I'm not writing this to scare anyone off building with AI. I'm writing it because every LinkedIn post about shipping a product in a weekend leaves out the part where you spend the following week patching what broke. Or worse — not knowing you've left a backdoor wide open for someone to walk through.

Last year one of the investors at Music Health called to ask where I thought AI was heading. My answer then, which gets more obvious every week, was security. Look at the disclosures piling up. Even the labs building these tools keep shipping code with basic holes in it. If they can't catch it, what chance does a solo founder with Cursor and a deadline have?

Their Vibe Security Radar is worth bookmarking if you ship AI-generated code: Bad Vibes: AI-Generated Code is Vulnerable, Researchers Warn

What's the most expensive thing AI broke for you? A feature, a bill, a deadline, a customer's trust? Hit reply. I'll share the best ones next week (anonymously if you want).

🎵 LCD Soundsystem — All My Friends Seven minutes of something building and building and never quite arriving where you expect. That's shipping code in 2026.

— Nicc

One text a week.No pitch, no fluff.

One text a week.
No pitch, no fluff.