Ivan Turkovic

Copy and Paste from AI: $20

Actually Knowing What’s Going to Work: $150,000

Knowing Where to Place It: Priceless

The rise of AI-powered tools has made it easier than ever for people to generate code, write content, and create designs with minimal effort. Platforms like ChatGPT, Copilot, and other AI-driven assistants can spit out working solutions in seconds. But while AI can provide fast results, there’s an undeniable gap between “having code that runs” and “having code that works in the real world.”

Just because something compiles, doesn’t mean it scales. Just because it executes, doesn’t mean it’s secure. And just because AI gives you a function, doesn’t mean it’s the right one for your specific problem.

This is the difference between merely copying and pasting code and actually knowing what will work—and more importantly, where to place it.

In this post, we’ll explore why experience is irreplaceable, the hidden costs of not knowing what you’re doing, and examples of how things can go wrong when you rely solely on AI without the expertise to back it up.

The Trap of “It Works, So It’s Fine”

One of the biggest pitfalls for beginners relying on AI-generated code is assuming that if something works, it must be correct. AI can generate code that runs, but without experience, it’s easy to overlook issues like:

• Security vulnerabilities
• Performance bottlenecks
• Maintainability nightmares
• Scalability limitations
• Legal and compliance risks

Here are some real-world examples where blindly trusting AI (or generic code from the internet) can lead to disaster.

Example 1: SQL Injection – The Classic Security Oversight

Let’s say you ask an AI to generate a login system in Python using Flask and SQLite. You get something like this:

@app.route('/login', methods=['POST'])
def login():
    username = request.form['username']
    password = request.form['password']
    query = f"SELECT * FROM users WHERE username = '{username}' AND password = '{password}'"
    result = db.execute(query).fetchone()
    if result:
        return "Login successful"
    return "Invalid credentials"

It works! You enter a username and password, and it checks if they exist in the database. But here’s the problem—this code is vulnerable to SQL injection. Anyone with basic knowledge of security can enter a malicious string like:

' OR '1'='1' --

And suddenly, they’re logged in as an admin.

An experienced developer would know that SQL queries should always use parameterized statements:

query = "SELECT * FROM users WHERE username = ? AND password = ?"
result = db.execute(query, (username, password)).fetchone()

But if you don’t know what to look for, you wouldn’t even realize there’s a problem—until it’s too late.

Example 2: “Just Use This AI-Generated Smart Contract”

With blockchain and smart contracts becoming more popular, AI can generate Solidity contracts for you. But Solidity is tricky—one wrong move and you could introduce vulnerabilities that cost millions.

For example, imagine an AI generates this Solidity contract:

contract SimpleBank {
    mapping(address => uint256) public balances;
    
    function deposit() public payable {
        balances[msg.sender] += msg.value;
    }
    
    function withdraw(uint256 amount) public {
        require(balances[msg.sender] >= amount);
        payable(msg.sender).transfer(amount);
        balances[msg.sender] -= amount;
    }
}

It looks fine, right? But this contract is vulnerable to reentrancy attacks. A malicious actor can drain the contract using a recursive function call before the balance updates. An experienced blockchain developer would immediately see this issue and fix it by using the checks-effects-interactions pattern or a reentrancy guard.

Example 3: The Nightmare of Scaling Bad Code

An AI can generate a sorting algorithm for you. But let’s say you need to process millions of data points efficiently. An AI might give you something like:

def sort_list(lst):
    return sorted(lst)

For small datasets, this works fine. But what if you’re sorting billions of records? An experienced developer would ask:

• What’s the computational complexity of this approach?
• Is there a more efficient algorithm like Merge Sort, Quick Sort, or even a parallelized approach?
• How does this impact memory usage?
• Should I use a database index instead of sorting in memory?

AI won’t always make those considerations for you. Without experience, you might not even realize there’s a problem—until your system grinds to a halt under real-world loads.

Why Experience Is Priceless

The AI tools available today are powerful, but they are not a replacement for deep expertise. The ability to:

• Anticipate edge cases
• Understand security implications
• Optimize for performance and scalability
• Write maintainable code
• Know the right architecture for the problem

…is something that only comes with experience. AI can be an incredible assistant, but it won’t teach you intuition. It won’t tell you what’s actually going to work in production. It won’t warn you when something is subtly broken.

Artificial Intelligence (AI) has revolutionized software development, making it faster and more efficient. However, many developers still struggle with AI coding tools, often making mistakes that lead to frustration, inefficiencies, and broken codebases. In this guide, we’ll explore the best practices for AI-assisted coding, focusing on the most common mistakes and how to improve your workflow.

1. No Planning

Jumping straight into coding without a plan is a recipe for disaster. A well-thought-out plan can save hours of debugging and restructuring later.

My Planning Hack

I turn on ChatGPT voice and have a one-on-one conversation about what I want to build. After 15 minutes, I ask:

“Write me a well-structured draft on all the things we’ve finalized in this conversation.”

This way, I use AI as my:

• Brainstorming buddy
• Critique
• Web researcher
• Draft writer

The result? A one-page document outlining the core features of my MVP.

Don’t build blindly. Plan before you hunt.

2. No Knowledge Base for AI Models

AI coding models work best when they have a reference point. Reducing hallucinations and irrelevant code generation requires a structured knowledge base.

How to Build a Knowledge Base for AI Coding Models

After drafting my idea, I create structured documentation:

• Product Requirements Document (PRD) – What the app does
• App Flow Document – How users interact with the app
• Tech Stack Document – The technologies being used
• Frontend Guidelines – UI/UX rules
• Backend Structure – API architecture and database schema

This documentation acts as a reference, ensuring AI models generate relevant and accurate code. Learn more about AI Documentation

3. Not Picking the Right Tools

Every AI coding tool has its own superpower. Choosing the wrong tool can lead to inefficiencies.

AI Coding Tool Comparison:

Check out the best AI coding tools

4. Not Picking the Right Tech Stack

AI models are trained on specific programming languages. Using the right tech stack leads to better quality code with fewer errors.

AI-Friendly Tech Stacks

Frontend

• Next.js
• Vite
• Flask (for Python-based projects)

Database

• Supabase (PostgreSQL)
• Firebase

Authentication

• Clerk.dev
• Supabase
• Firebase

AI Models

• OpenAI
• Claude
• Gemini

Best AI-Compatible Programming Languages

5. Not Building Step by Step

Letting AI plan the entire development process often results in messy, unstructured code.

The Fix: My 60-Step Implementation Plan

Instead of letting AI decide everything, I am creating a step-by-step execution plan with 60+ checkpoints to ensure nothing gets skipped. AI should only be used to execute the plan, not to decide what to do next.

6. No Debug Prompting

Debugging AI-generated code can be painful. Use these techniques to improve debugging:

• Attach the error and say: “Use chain of thought reasoning to find the core issue first and then plan step by step to fix the issue.”
• Ask AI to “follow best coding practices. Search the web and find the fix for this issue.”
• Only attach relevant files to improve AI’s focus.

7. Not Using Multiple AI Models

No single AI model can do everything. Use different models for different scenarios:

In Cursor/Windsurf:

• Claude Sonnet 3.5 → Best for writing and executing code
• GPT-4 o1/o3-mini-high → Best for debugging complex errors
• Gemini Flash 2.0 → Best for scanning and updating entire codebases

8. Not Using Starter Kits

Why start from scratch every time? Use boilerplates to speed up development and reduce errors.

I am preparing 4+ pre-built boilerplates specifically designed for AI coding to reduce token usage and avoid unnecessary errors.

9. Quitting Too Early

AI coding is exciting at first, but frustration kicks in when errors start piling up. Expect hundreds of build issues and AI mess-ups.

The Solution:

• Strong Foundation → Build rules and documentation to keep AI coding structured
• Version Control → Use Git to manage source code changes effectively Learn more about Git version control

Final Thoughts

AI-assisted coding is powerful, but only if used correctly. By avoiding these common mistakes and applying structured workflows, you can build faster, smarter, and more efficient applications.

Plan before you code. Structure before you execute. Debug with intelligence. Adapt and improve.

The rapid advancement of AI has sparked an ongoing debate in software development: Should companies replace junior developers with AI-powered tools and a few senior engineers, or should they invest in training juniors to become future seniors while leveraging AI to enhance their productivity?

While both perspectives have merit, the ideal solution is often a balance. A well-structured team that combines the fresh enthusiasm of junior developers with the experience of senior engineers, amplified by AI, can outperform any one-dimensional approach.

The Case for AI Replacing Junior Developers

AI-powered coding assistants like GitHub Copilot, Tabnine, and ChatGPT have dramatically improved code generation, debugging, and even architectural decision-making. These tools allow senior developers to move faster and reduce the need for a large number of junior developers.

Real-Life Example: Stripe

Stripe, a leading fintech company, experimented with reducing its reliance on junior developers by leveraging AI-powered development tools. They streamlined their engineering teams, allowing senior engineers to complete tasks in half the time with AI assisting in boilerplate code, debugging, and automated testing. This helped Stripe reduce costs while maintaining high-quality output.

Pros:

• Lower payroll costs
• Faster development cycles
• Fewer mistakes and more consistent code quality

Cons:

• No pipeline for future senior developers
• Loss of diverse perspectives and innovation
• Higher risk if the senior developer leaves

The Case for Training Junior Developers

On the other hand, investing in junior developers creates long-term sustainability and cultivates a strong company culture. AI should be seen as a tool to accelerate their learning rather than a replacement.

Real-Life Example: Shopify

Shopify has a strong internal development culture that emphasizes mentorship and junior developer growth. They implemented a program where junior developers used AI tools to assist with coding, debugging, and understanding best practices. Within two years, many juniors had transitioned to mid-level roles, reducing hiring costs and increasing team loyalty.

Pros:

• Builds a pipeline of future senior engineers
• Encourages innovation and fresh perspectives
• Creates a collaborative and diverse work environment

Cons:

• Higher initial training costs
• Slower development speed in the short term
• Risk of juniors making mistakes early on

The Ideal Team: A Mix of Juniors, Seniors, and AI

The best-performing teams strike a balance between juniors, seniors, and AI tools. Here’s why:

• Juniors bring fresh ideas and enthusiasm but lack deep experience.
• Seniors provide technical leadership and decision-making skills.
• AI accelerates productivity and helps fill knowledge gaps.

Example: The Hybrid Approach at Supercell

Supercell, a gaming startup, faced a dilemma: Hire more juniors, bring in an expensive senior team, or leverage AI? They opted for a hybrid approach:

• A few senior developers focused on core architecture and mentoring.
• Juniors were onboarded with structured training programs and AI-powered coding tools.
• AI helped automate repetitive tasks, reducing junior mistakes.

After a year, productivity was up 40%, and juniors were significantly more skilled.

How to Start Implementing This Approach

1. Invest in AI Tools – Provide teams with AI-powered coding assistants, but don’t rely on them blindly.
2. Create a Structured Training Program – Develop mentorship programs where seniors guide juniors.
3. Encourage AI-Assisted Learning – Let juniors use AI for debugging and code explanations to accelerate learning.
4. Pair Programming and Code Reviews – Ensure juniors work alongside seniors to absorb knowledge.
5. Set Clear Growth Paths – Provide juniors with clear milestones for career advancement.

Conclusion

Rather than replacing junior developers with AI, the smarter approach is to use AI to enhance their growth. Companies that cultivate junior talent will be better positioned for long-term success, while AI can help both juniors and seniors become more productive.

By striking the right balance between automation and human development, teams can maximize efficiency, innovation, and sustainability in the ever-evolving tech landscape.

In the modern tech landscape, product owners often assume that software will “just work” safely. But security isn’t automatic, and a lack of foundational understanding can lead to serious vulnerabilities. While AI has become a valuable tool in development, it cannot replace the expertise of seasoned developers who can anticipate, diagnose, and resolve complex security flaws. In this article, we’ll explore why relying solely on assumptions—or even AI—can put users at risk, and how experienced developers have rescued failing projects from disaster.

The Illusion of Safety in Software Development

Product owners, especially those without technical backgrounds, often focus on features, user experience, and business objectives. Security tends to be an afterthought—if it’s considered at all. They might assume:

• “Our framework handles security automatically.”
• “AI-generated code must be secure.”
• “Hackers won’t target us because we’re a small company.”

These assumptions are dangerous. Security must be deliberately designed into a system, and failing to do so can lead to catastrophic breaches.

Real-World Examples of Projects Gone Wrong (And How Developers Saved Them)

1. The E-Commerce Disaster: Exposed Customer Data

A startup built an e-commerce platform using a popular low-code solution. The product owner assumed that security was baked into the platform. What they didn’t realize was that their database had been left publicly accessible, exposing thousands of customers’ personal and payment data.

How an Experienced Developer Saved It:

A senior developer was brought in after an independent security researcher exposed the vulnerability. The developer:

• Implemented proper authentication and access controls.
• Added encryption for stored customer data.
• Set up automated security testing to prevent future leaks.

Without this intervention, the company would have faced lawsuits and lost customer trust.

2. The AI Code Generator Mistake: Unsecured API Keys

A SaaS company decided to speed up development using AI-generated code. Their AI assistant provided clean-looking API integrations, but it didn’t consider security best practices. The AI-generated code stored API keys directly in the frontend, exposing them to anyone who inspected the browser’s developer tools.

How an Experienced Developer Saved It:

A security-conscious engineer audited the code and:

• Moved API keys to a secure environment variable setup.
• Implemented proper authentication (OAuth2) instead of static keys.
• Set up monitoring alerts for unusual API usage.

The fix prevented potential attackers from hijacking API calls and exploiting user data.

3. The Blockchain Nightmare: A Flawed Smart Contract

A startup launched a DeFi project, assuming that a popular AI tool could generate Solidity smart contracts with minimal oversight. The result? A flawed contract that allowed attackers to drain funds due to a reentrancy bug.

How an Experienced Developer Saved It:

After losing some initial funds, they hired a blockchain security expert who:

• Refactored the smart contract using best practices.
• Implemented reentrancy guards to prevent exploit attempts.
• Conducted thorough security audits before redeploying.

Without an expert, the project could have been completely compromised.

AI is a Tool, Not a Replacement for Expertise

AI-generated code can be helpful, but it lacks real-world context. AI doesn’t understand business logic, legal requirements, or evolving security threats. An experienced developer:

• Thinks critically about how code will be used (and misused).
• Understands regulatory compliance (GDPR, PCI-DSS, HIPAA, etc.).
• Can adapt and apply security measures based on the specific application.

The Takeaway: Invest in Expertise Before It’s Too Late

Security isn’t something that should be bolted on at the end of a project—it should be a core consideration from the start. Product owners must:

• Consult experienced developers early in the development cycle.
• Prioritize security just as much as features and user experience.
• Recognize that AI is a helpful assistant, but not a substitute for human expertise.

Ignoring security can lead to costly breaches, reputational damage, and legal consequences. But with the right developers involved, businesses can build not just functional, but also secure, reliable, and scalable software.

Have You Seen Security Mistakes Firsthand?

What’s the worst security oversight you’ve encountered in a project? Share your experiences in the comments!

Artificial intelligence has experienced an explosion of growth in recent years, with companies like OpenAI, Anthropic, and Google leading the charge in providing powerful foundational models. But despite their immense computational capabilities, these AI providers are increasingly finding themselves in a familiar position—one that resembles the fate of telecom giants in the past.

In the telecom industry, infrastructure providers built the backbone of communication networks, yet they eventually found themselves competing not on innovation but on price, reliability, and scale. Meanwhile, a new wave of companies emerged, offering user-friendly interfaces and value-added services on top of these networks, becoming the real consumer-facing brands. Today, a similar pattern is emerging in AI, where a new breed of AI wrappers is rapidly capturing market attention and customer loyalty.

AI Wrappers: The New Kings of the AI Economy

AI wrappers are companies or platforms that use existing AI models but differentiate themselves by offering improved usability, domain-specific expertise, or additional automation capabilities. They act as intermediaries between the raw power of foundational models and the end user, providing a tailored, more accessible experience. These wrappers often build agentic systems that extend AI capabilities beyond simple text generation, integrating AI into real-world workflows more seamlessly.

One of the most notable examples is Cursor, an AI-powered coding assistant that integrates deeply with software development environments. While OpenAI provides the underlying models, Cursor enhances them with context awareness, code-specific optimizations, and user-friendly interactions that cater specifically to developers. Similarly, Jasper has become a dominant force in AI-powered content creation, building atop existing LLMs but fine-tuning the experience for marketing and branding purposes.

Other examples include:

• Replit Ghostwriter: An AI-powered coding assistant built into the Replit platform, offering features customized for its user base.
• Notion AI: A productivity tool that integrates AI to help users generate content, summarize notes, and organize information in an intuitive way.
• Synthesia: A video generation platform using AI-powered avatars and voice synthesis, making it easier for businesses to create professional content without requiring actors or video production expertise.

These AI wrappers add convenience, improve user workflows, and tailor AI capabilities for specific needs—something foundational models alone struggle to do.

Why AI Providers Are Like Telecoms

Telecom providers built the infrastructure that powered the internet, but their value quickly became commoditized. Consumers didn’t buy “bandwidth”—they bought streaming services, social media, and communication apps that provided the real utility. The underlying networks remained essential but largely invisible.

AI is heading down the same path. Foundational model providers like OpenAI, Anthropic, and Google are in an arms race to create more powerful models, but they face two fundamental challenges:

1. Differentiation is difficult: At the model level, once competitors catch up in quality, the main differentiator becomes price and API access rather than unique features.
2. Customer experience is owned by wrappers: Just as customers interact with Netflix rather than their internet provider, most AI users will engage with AI wrappers rather than the underlying models.

Unless foundational AI providers can create a breakthrough that redefines the way AI is used, they will likely remain the equivalent of cloud computing providers—essential but invisible to end users.

Can AI Providers Compete?

AI model creators face a strategic dilemma. Do they continue improving their base models and risk becoming commodities, or do they move up the stack, integrating more directly with users?

There are a few potential paths they could take:

• Vertical integration: OpenAI, for instance, is already moving in this direction with ChatGPT, aiming to make its own application as sticky as possible. Google has integrated Gemini into its search products, while Anthropic is working on making Claude a more accessible assistant.
• Exclusive partnerships: By offering custom AI models for select partners, providers can maintain an edge. This strategy mirrors what Nvidia has done with its GPU dominance—selling to cloud providers while also enabling high-performance, exclusive partnerships.
• Fine-tuned solutions: Rather than offering general-purpose models, AI providers could develop industry-specific solutions for enterprise applications, ensuring they remain a step ahead of generic AI wrappers.

However, even with these efforts, the fundamental shift in value remains: users prefer tailored experiences over raw power, and AI wrappers are best positioned to deliver those experiences.

The Future of AI: Who Wins?

The current trend suggests AI providers will continue building the foundation, but the real profits and brand recognition will go to those who package and distribute AI in a way that users love. AI wrappers are already dominating certain verticals, and as agentic AI systems become more advanced, we will see an even greater separation between infrastructure and experience.

If AI providers fail to adapt, they risk becoming the “AT&T” of the AI age—powerful but replaceable. Meanwhile, the new kings of AI will be the platforms that understand user needs, integrate AI seamlessly, and create interfaces that feel indispensable.

The AI landscape is rapidly shifting, and while foundational models remain crucial, they are no longer the defining factor in AI’s success. The future belongs to those who can bridge the gap between raw AI power and user-friendly experiences. As we move forward, expect more AI wrappers to emerge, reshaping industries and pushing AI providers further into the background.

In the end, AI might power the revolution—but the wrappers will own the kingdom.

Artificial intelligence is revolutionizing software development, making it easier for less experienced developers to write code, generate solutions, and build applications faster than ever before. But as AI lowers the barrier to entry, it creates an unexpected challenge—an increasing burden on tech leads who must navigate a landscape filled with AI-assisted code that often lacks structure, scalability, and maintainability.

The Rise of AI-Assisted Development

Tools like GitHub Copilot, ChatGPT, and other AI-powered coding assistants have significantly boosted developer productivity. Junior and mid-level developers can now produce complex code snippets, automate repetitive tasks, and solve problems they previously struggled with. While this sounds like a win for the industry, the reality is more nuanced.

AI-generated code is often syntactically correct but semantically flawed. It may work in isolation but lack architectural integrity when integrated into a broader system. AI lacks the human intuition necessary to understand business logic, future scalability, and team-specific best practices. This means that while development velocity increases, so does the risk of accumulating technical debt.

The Burden on Tech Leads

Tech leads, already responsible for guiding teams, making architectural decisions, and ensuring high code quality, now face an additional challenge: reviewing and correcting AI-generated code. Here’s why AI can be a curse for tech leads:

1. Increased Review Workload

AI accelerates code production, but not always in the right direction. More code means more pull requests, more code reviews, and more debugging. Tech leads spend significant time analyzing whether AI-assisted code is functionally correct and adheres to best practices.

For example, a junior developer might use AI to generate an API endpoint for handling user authentication. The AI might produce working code but fail to implement essential security measures such as rate limiting, input validation, or proper session management. The tech lead must then review, refactor, and educate the team on why these aspects are critical.

2. Poor Architectural Decisions

Junior and even mid-level developers often rely on AI to solve immediate problems without considering the long-term architectural impact. AI doesn’t inherently enforce good design patterns, leading to monolithic structures, poorly optimized queries, or brittle integrations that tech leads must later refactor.

Imagine a situation where AI generates multiple SQL queries inside a loop instead of optimizing them into a single batch query. While the code functions correctly, it causes unnecessary database load, which can lead to performance bottlenecks in production. A tech lead must identify and correct such inefficiencies before they escalate.

3. False Confidence in AI Solutions

Developers using AI often assume the generated code is correct because it “works.” However, AI does not understand the nuances of business requirements, security concerns, or industry-specific regulations. This creates hidden bugs and vulnerabilities that tech leads must catch before they become production issues.

For instance, an AI-generated function might handle user passwords but store them in plaintext instead of hashing them properly. If a less-experienced developer deploys this code, it could lead to a serious security breach. A tech lead must not only fix the issue but also implement processes to prevent similar mistakes in the future.

4. AI-Driven Technical Debt

Without proper oversight, AI can rapidly generate unmaintainable code that accumulates as technical debt. Tech leads must dedicate additional time to reworking solutions, refactoring poor implementations, and ensuring code consistency across the codebase.

Consider a scenario where an AI tool generates dozens of functions across different files with inconsistent naming conventions and redundant logic. While the code technically works, it becomes difficult to navigate, update, or debug. A tech lead must step in to unify the code, remove duplication, and enforce better organizational practices.

The Future: More Tech Leads, Not Fewer

Paradoxically, as AI tools become more advanced, the need for strong technical leadership increases. More tech leads will be required to:

• Establish clear coding guidelines and best practices for AI-assisted development.
• Educate teams on AI’s limitations and how to critically assess its output.
• Enforce architectural principles to prevent the system from collapsing under its own complexity.
• Prioritize code quality and long-term maintainability over short-term gains.
• Introduce automated testing and linting rules to catch common AI-generated mistakes before they reach production.

How Tech Leads Can Adapt

To thrive in this AI-assisted environment, tech leads need to adjust their approach to leadership and mentorship. Some strategies include:

1. Establish AI Review Processes

Tech leads should implement specific review processes for AI-generated code, ensuring that every piece of code passes through a structured evaluation. Code review checklists should include:

• Security best practices (e.g., input validation, authentication measures).
• Performance optimizations (e.g., avoiding redundant queries or inefficient loops).
• Maintainability and readability (e.g., clear variable names, well-structured functions).

2. Promote AI Literacy Among Developers

Instead of discouraging AI use, tech leads should train their teams to use AI responsibly. This means educating developers on when to trust AI-generated code, how to refine prompts to get better results, and how to critically evaluate AI suggestions.

3. Use AI to Help, Not Replace, Thoughtful Engineering

Tech leads can leverage AI themselves—not just to generate code, but to automate tedious tasks like refactoring, documentation generation, and code linting. By integrating AI into CI/CD pipelines, tech leads can ensure AI-generated code is continuously checked for quality issues before deployment.

AI is undoubtedly a powerful tool for accelerating development, but it is not a substitute for experience, intuition, and thoughtful engineering. While junior developers benefit from AI assistance, tech leads bear the responsibility of ensuring that AI-generated code aligns with best practices and long-term business objectives. As AI continues to shape the industry, the role of tech leads will become even more critical—not just in fixing what has been done, but in guiding teams to use AI responsibly and effectively.

In the end, AI doesn’t replace the need for great engineering—it amplifies the need for strong technical leadership. The companies that recognize this will be the ones that successfully integrate AI into their development processes without sacrificing code quality, security, or scalability.