Harshit Dwivedi, Founder of Aftershoot, building AI products used by photographers worldwide.gettyMost mornings, I open X before I've done anything I'm actually meant to be doing. By the second cup of coffee, a post like this lands on my timeline: Somebody has built a full CRM over a weekend with AI, and is now posting screenshots of it. The replies are the same, too. Hundreds of comments agree that this changes everything. That SaaS is dead. That coding is a commodity now. That you'd have to be insane to start a company the old way in 2026.I have been seeing this post, in some form, every other day for about a year. The actual thing the founder built rarely matters. The lesson does. AI has changed how software gets built. The post wants you to believe it has also changed what kind of company is worth starting at all.​The X posts are right that the speed of building software has changed. They're wrong about what that means. You could build a CRM in a weekend ten years ago. Many of us actually did that. I built a WhatsApp clone in 27 hours at a hackathon in 2015. It demoed well, but never became a company. Looking back, that was the most predictable thing about it, and the argument those posts are making would have changed exactly none of it. Building something that runs has never been the hard part of building a software company. The X timeline is full of demos. It is much quieter about what happened to those demos a few months later.Why You Can't Vibe-Code TrustThree things are happening when you build a software company, and the discourse is conflating them. The project is the part that runs. The product is what survives contact with users. The company is most of the actual work. Support, billing, security, brand, the trust a customer extends when they hand over their data. AI has made the project stage much faster. It has not done the same for the other two. In several places, it has done the opposite.The numbers are starting to show up. In 2025, GitGuardian found 28.65 million hardcoded secrets exposed in public GitHub commits. API keys, database credentials, the things that let attackers walk into production systems. The number was up 34% from the year before. It was also the largest single-year increase GitGuardian has recorded since it began publishing the figure in 2021. According to their analysis, commits co-authored by Claude Code in 2025 leaked secrets at roughly double the baseline rate across public GitHub.​In April, a data breach at Lovable, a vibe-coding platform, came to light. A researcher had made five API calls from a free account on the platform and accessed the source code, database credentials, AI chat histories and customer data of every project created on Lovable before November 2025. The researcher had reported the flaw to Lovable's bug bounty program in March. The report had been closed without escalation. Lovable's first public response was that this was "intentional behavior," but has since reported that they have taken several steps to address the issue. ​​The Work That Doesn't Get Automated​Security is the failure that makes the news, but there are also slower failures that matter more.​ As the focus shifts from writing code to verifying it, a new set of challenges emerges, and with it, a significant cost. Onboarding becomes harder because new engineers are reading code that nobody on the team can fully comprehend. This leads to a longer bug-fixing process, because the people fixing them didn't write the code. Then there's everything that falls outside the codebase itself. The support engineer trying to find fixes at odd hours. The customer who handed you their data on the assumption you'd earned the right to hold it. The fraud team. None of that has been compressed by AI. There is now more of it to fail at, because every new AI feature is a new thing that can fail in a way nobody on the team has a runbook for.What the X posts are missing is this: Building the project was easy ten years ago and is easy now. Holding the company together got harder because the tool that built the CRM in a weekend may be the same tool generating leaked credentials. Pretending those two facts are unrelated is how companies eventually lose the customer.​The challenges will continue to arise and numerous companies will encounter them, often learning about these issues through difficult experiences.I'll probably read about it on X.​​​ Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. Do I qualify?