Your AI coding agent deleted 2.5 years of customer data in minutes. Here's why an experienced engineer couldn't stop it — and the 5 habits that would have + 5 prompts.

There’s a pattern in technology that repeats so reliably you could set a clock by it: a tool arrives that democratizes something powerful, thousands of people do genuinely impressive things with it, and then a quiet wave of disasters follows because nobody thought to teach the new users the boring operational skills that keep the impressive things standing.

It happened with WordPress in the mid-2000s. Suddenly anyone could publish a website, which was extraordinary, until the sites started getting hacked because nobody knew what a security update was. It happened with AWS a few years later. Suddenly anyone could spin up server infrastructure, which meant suddenly anyone could accidentally leave a database open to the entire internet. The pattern is always the same: the creative leap comes first, the operational knowledge comes later, and the gap between the two is where people get hurt.

We are in that gap right now with vibe coding.

Over the past twelve months, a new class of builder has emerged. These are people who describe what they want to an AI agent, watch it write the code, ship the result, and get real customers. They are building SaaS products, internal tools, marketplaces, apps that people pay for and rely on. Many of them have never written a line of code by hand. And for the first time in the history of software, that hasn’t stopped them from building software that works.

I want to be careful not to overstate the analogy, but what’s happening right now genuinely reminds me of early desktop publishing. When the LaserWriter and PageMaker arrived in 1985, anyone could produce a printed newsletter. The technology was real and the output was real. But the first generation of desktop publishers learned something painful: making a page that prints is not the same as making a page that reads. Typography, layout, hierarchy, whitespace — these were skills the technology didn’t teach you, because the technology didn’t need them to function. Your newsletter would print whether or not it was readable.

Vibe coding works the same way. Your app will run whether or not it’s maintainable, secure, or recoverable from disaster. And right now, thousands of builders who did the hard part — who had the idea, described it clearly enough for an AI to build it, found customers, proved demand — are hitting a wall. Their apps are breaking in ways that better prompting can’t fix. Their agents are ignoring instructions, overwriting working features, making the same mistakes session after session. And the worst part is that the failures feel random, when they’re actually predictable and preventable.

The skills that get you over this wall have nothing to do with learning to code. They have everything to do with learning to manage the thing that codes for you. That’s a genuinely different skill set, and this piece is my attempt to lay it out as clearly as I can.

Here’s what’s inside:

• The time machine you don’t have. Why the single most common vibe coding disaster has a solution that takes an afternoon to learn and that would have prevented the worst AI agent incident of the year.

• Why your agent turns stupid halfway through. The architectural reason your AI agent deteriorates mid-conversation, and the counterintuitive fix.

• The file that makes your agent stop freelancing. How to give your agent persistent memory across sessions using a tool most builders don’t know exists.

• The skill that prevents 80% of agent disasters. A concept called blast radius, and the rhythm that makes AI-assisted building actually safe.

• What your agent will never warn you about. The security, reliability, and scale problems your agent is not designed to raise on its own, illustrated by a real incident that exposed nearly 19,000 user records including student data.

• Five prompts to start tonight. A diagnostic that scores your project across all five skills, a rules file generator built from your actual mistakes, a task decomposer that turns risky changes into safe sequences, a security audit for everything your agent missed, and a briefing generator for when it’s time to bring in an engineer.

Let me start with the story that makes all of this concrete.