𝙸𝚟á𝚗 𝚂𝚝𝚊𝚕𝚢𝚗

🇪🇨🇺🇸 An Ecuadorian Air Force A-29B Super Tucano flies alongside a U.S. Navy F/A-18E Super Hornet, attached to the “Kestrels” of Strike Fighter Squadron (VFA) 137, above the USS Nimitz (CVN 68) during a bilateral maritime engagement in the Pacific Ocean, April 8, 2026. (📸/U.S. Navy photo by Lieutenant William Shortal)

I am a full-stack developer. I have been a full-stack developer for eleven weeks. Before that I was a marketing coordinator at a mid-size SaaS company in Denver. I made slide decks. I A/B tested subject lines. I earned $67,000 a year. Now I build apps. I watched a YouTube video in January. I don't remember which one convinced me. The thumbnail had a guy pointing at a laptop with his mouth open. The title said "I Built a $10M App in One Weekend (No Coding Experience)." It had 2.3 million views. I bought a course. $997. It was called "Ship It: Zero to Full-Stack in 30 Days with AI." The instructor was a former growth marketer who'd been a full-stack developer for four months. He had 47,000 followers. He had a Discord. I opened Cursor on a Tuesday night at 11:47 PM. By 3:52 AM Wednesday I had a working real estate listing app. Full search. Filter by price. Map integration. User accounts. I called it HouseVibe. I don't need to understand the code. That's the whole point. I shipped it. The course taught me that shipping is the only metric that matters. "Reading code is legacy behavior." That was Week 2, Module 4. The Discord pinned it. I printed it out and taped it above my monitor, next to a sticky note that says BUILDER in green marker. I have built fourteen apps in eleven weeks. I know this because I keep a spreadsheet. Column A is the app name. Column B is the build time. Column C is whether it's deployed to production. Twelve of the fourteen are deployed. The average build time is 4.6 hours. The shortest was HouseVibe. Three hours, forty-seven minutes. The longest was an AI-powered personal finance tracker that connects to your bank account. That one took nine hours. To build a thing that connects to people's bank accounts. I showed it to my friend Marcus. Marcus is a software engineer. Has been for eight years. He looked at my code for about forty-five seconds and then made a sound I can only describe as medical. He said, "Your JWT signing key is hardcoded in the frontend." I said, "What's a JWT?" He said the letters stood for JSON Web Token and that it was the mechanism that proves a user is who they say they are. And mine was visible to anyone who opened the browser console. For the app that connects to their bank account. I said, "But it works." He said, "Define works." I don't need to understand the code. That's the whole point. I should explain the ecosystem. There are 5,600 of us. That's how many vibe-coded apps researchers scanned in the March 2026 audit. They found 2,000 vulnerabilities. 400 exposed secrets. 175 cases of personally identifiable information sitting in plaintext. API keys. Database passwords. Authentication tokens. Just out there. In the code that we shipped. In apps that real people downloaded. We call ourselves vibecoding pioneers. There is a subreddit. I am a moderator. 45% of AI-generated code contains at least one exploitable security vulnerability. That's Veracode, 2026. The number for human-written code is 31%. The AI code is also 2.74 times more prone to cross-site scripting. I don't know what cross-site scripting is. I know it's in the top ten of something called OWASP. I don't know what OWASP is either. That's efficiency. I don't need to know what OWASP is to ship an app that violates it. Last month a fully vibe-coded SaaS application -- zero lines of human-written backend code -- leaked 1.5 million authentication tokens and 35,000 email addresses. The root cause was a hardcoded fallback secret key. The same thing Marcus found in my finance app. The same thing I still haven't fixed because I don't know what fixing it would involve and I've already moved on to my fifteenth app. That's velocity. My fifteenth app is a health tracking platform. It stores user medications, dosages, and physician notes. I built it in six hours. It is deployed. It has eleven users. I do not know where the data is stored. Somewhere in the cloud. The AI set it up. I said "store it securely" in the prompt. That's the same as doing it. In the vibe coding paradigm. Marcus stopped looking at my apps after the finance one. He said, "You are going to hurt someone." I said, "PCMag literally wrote an article called 'I Used Vibe Coding to Build My Own Zillow in Just a Few Hours.' If it's in PCMag, it's legitimate." He made the medical sound again. I don't need to understand the code. That's the whole point. Amazon mandated 80% weekly usage of their AI coding assistant. These are real engineers. People who went to school for this. Who have eight years of experience like Marcus. They mandated the vibes. The result was a six-hour outage that knocked out checkout, login, and product pricing. 6.3 million orders lost. The junior and mid-level engineers accepted AI-generated code without catching the flaws. Amazon's fix was to require senior engineer sign-off on all AI-assisted production deployments. My apps do not have senior engineer sign-off. My apps do not have any engineer sign-off. My apps have me. A marketing coordinator who has been a full-stack developer for eleven weeks. I sign off on everything. I sign off by pressing Accept on a screen full of code I cannot read, in languages I cannot identify, using frameworks I have never heard of. Sometimes the language changes between files. I asked about this in the Discord. Someone said, "That's polyglot architecture." Everyone agreed. We are pioneers. Collins English Dictionary named "vibe coding" the Word of the Year. Merriam-Webster named "slop" the Word of the Year. These are descriptions of the same phenomenon. I am on both sides of this coin and I have never turned it over. 28% of vibe-coded APIs have broken access control. Mine probably do. I don't know what access control is. I know what it sounds like it means. I set it to "true" in a config file the AI generated. That felt right. I should also mention: the code we ship is now being used by scammers. People are building spam with it. Phishing emails that look professional because the AI that built them is the same AI that built my real estate app. The spam has the same aesthetic. The same chrome and color and rounded corners. My legitimate apps and their scam emails are design twins. Born in the same model. Shipped with the same confidence. Gartner says 60% of all new software in 2026 will be AI-generated. The projected security debt is $1.5 trillion by 2027. That's not my problem. That's an infrastructure conversation. I'm a builder. The Linux Foundation just announced a $12.5 million initiative to address the open-source security crisis driven by AI-generated code. Anthropic, AWS, GitHub, Google, Microsoft, and OpenAI are all backing it. The companies that make the tools I use to build the apps that create the crisis are now funding the cleanup of the crisis that the tools created. That's ecosystem maturity. I've already moved on. I'm building AI agents now. Autonomous systems that take actions, call APIs, access databases, and execute commands on behalf of users. I'm building them the same way I build everything. I describe what I want. I accept what the AI generates. I ship. One of my agents manages customer data for the health tracking platform. It has access to medication records. Dosages. Physician notes. Eleven people's most private medical information, handled by an autonomous system built from code I've never read, accessing a database I can't locate, with security practices I can't name, deployed by a man whose previous professional achievement was increasing email open rates by 3%. I told it to "handle things securely" in the system prompt. My portfolio is on my LinkedIn. It says "Full-Stack AI Developer | 14 Apps Shipped | Zero Code Written." I've received three job offers. One is from a health tech startup. They want me to build their patient portal. Eleven weeks ago I A/B tested subject lines. Now I build systems that store medical records, connect to bank accounts, and manage personal data for real human beings who assumed that someone who understood what they were doing built them. Someone did build them. Something did. In four hours. While I supervised from my IKEA desk chair at 3 AM, pressing Accept, in languages I can't name, with security I can't verify, for people I will never meet who are trusting me with everything. I shipped it. That's the democratization of technology. I don't need to understand the code. I don't need to understand the code. I have never needed to understand the code. I am the 60%.

Bueno, probamos la app con los pibes en el asado de hoy y gusto. Un par arrancaron de atrás jaja. Entre algún bug q me dijieron y feedback de Twitter + los in-app.. se los mande a claude via el channel de telegram para ver si lo arregla.

we ruined such a good thing