I remember the first time I watched The Matrix and heard it: “I know kung fu.” It was ridiculous and perfect – instant competence, downloaded in seconds, no awkward beginner phase, no months of practice bruising your ego.
Now swap kung fu for “build a web app that uploads files, calls an API, stores results, and has a half-decent UI.” Today you can type that sentence and watch a codebase appear. Not a tutorial. Not a weekend of wrestling with configs. A working thing, in front of you, while your coffee is still hot.
It feels like cheating. It also feels like the future.
And it’s exactly why we need to be a little careful about what we do next – because when “anyone can build anything” becomes true, the cost of building drops fast, but the cost of being wrong doesn’t.
A few years ago, “AI coding” mostly meant autocomplete. Helpful, but you were still driving. You had to know where you were going, what the road signs meant, and why the engine light came on.
Now it’s closer to downloading capability.
You describe the requirements – “I need a simple CRM”, “a dashboard that pulls from this API”, “a site that takes bookings” – and the tools don’t just suggest a snippet. They hand you a whole first draft: screens, database tables, workflows, even a login page if you ask nicely. It’s less “write code” and more “declare intent.”
That shift has a few ingredients:
1. Natural language is the plug
Instead of learning the tools first, you describe the outcome. You don’t even need to know what a “framework” is – you can ask for a login screen, a database, and a workflow, and get a working first draft back. The interface isn’t menus and documentation anymore. It’s intent.
2. The loop feels like bullet time
It’s not slower – it’s bullet time: you can see what’s coming, adjust mid-flight, and keep moving.
The old loop was: write, run, error, search, patch, repeat.
The new loop is: ask, run, adjust. You keep the direction, the tool keeps taking the next step. That’s why it feels like vibe coding: you steer with sentences and watch the details assemble themselves.
3. Cue the chair, jack in
You describe the system you want, and a full first draft appears: UI, database, workflows, integrations. That’s the “downloaded skill” moment – capability arriving faster than comprehension.
The result is the “I know kung fu” feeling: capability appears faster than understanding.
“This is the bit that doesn’t feel like kung fu. The tools can generate an end-to-end system, but they can’t automatically transfer the judgement that comes from operating one. And the moment your app touches real people, real money, or real personal data, “good enough for a demo” stops being a compliment.
And that’s where the danger sneaks in. When building gets this easy, it’s tempting to confuse “it exists” with “it’s safe”, “it’s correct”, and “it’s something you should run your business on”.
A friend of mine needed a CRM. They’re a fashion stylist, not a developer, and they used an online tool to generate one from a description. In minutes they had something that looked completely legit: contacts, a pipeline, reminders, a few automations, the lot.
I told them to stop and buy a proper CRM.
Not because I’m anti-building, or because it’s “not for them”, but because they were accidentally signing up for all the invisible bits:
– where the data lives.
– who can access it.
– how it’s secured.
– what gets logged.
– how it’s backed up.
– how it’s hosted.
– what happens when it breaks.
A CRM isn’t just screens. It’s sensitive customer data and the chain of trust around it.
This is the bit that doesn’t feel like kung fu. The tools can generate an end-to-end system, but they can’t automatically transfer the judgement that comes from operating one. And the moment your app touches real people, real money, or real personal data, “good enough for a demo” stops being a compliment.
So yes, this is empowering. It’s going to unlock a lot of creativity and remove a lot of needless friction.
But it also means we need to pair the new superpower with a few boring habits:
– clear boundaries on what the tool can access.
– basic security and privacy hygiene.
– treating generated code as a first draft, not a final answer.
With that in mind, here are the risks that show up most often – and the simple guardrails that keep the upside without inviting the worst surprises. We’ve basically unlocked the fun part: you can download kung fu. You ask for an app, you get an app. You ask for a CRM, you get screens, tables, workflows, integrations. The montage is sorted.
But then comes the part The Matrix was honest about: eventually you have to fight The Agent.
In our version, “The Agent” isn’t a person in sunglasses. It’s everything that shows up when software leaves the chat window and touches reality. And here’s the uncomfortable twist: unlike Neo, we didn’t download the understanding. We downloaded output. The instincts you earn from shipping, securing, and operating systems still take time.
Worse, like in the film, The Agent shape-shifts. It rarely looks scary up front. It looks like a working demo.
It shows up as unsafe defaults: wide-open permissions, missing auth checks, secrets in the wrong places, dependencies pulled in because they were convenient. Everything works… right up until it really, really shouldn’t.
It shows up as plausible code that’s subtly wrong. Happy paths pass. Edge cases rot. Business rules get interpreted with confidence. It’s not chaos, it’s quiet drift.
It shows up the moment real information enters the loop. Customer data in prompts. Sensitive fields in logs. “Test data” that is absolutely not test data. Even if your app is fine, your process can create risk.
“One important reality check: responsibility doesn’t get outsourced to the agent. You can download kung fu, but you’re still the one in the room when it gets used. If the system leaks data, makes the wrong decision, or falls over at 2am, “the agent wrote it” is not a rollback plan. The person who wrote it still owns the outcome.
It shows up a month later. Someone asks, “Who owns this?”, “How do we change it safely?”, “What happens if it breaks?”. The system exists, people rely on it, and nobody has the map.
This one turns up while you’re asleep. The app works, people use it, then something breaks and suddenly the only question that matters is: who can explain it, fix it, and keep it running?
It shows up when the tool can take actions, not just write code. Create PRs, run scripts, call APIs, push changes. The same speed that makes this magical also makes mistakes faster and bigger.
The point isn’t “don’t use it”. It’s this: if we’re going to download kung fu, we should also bring protective gear. A few boring habits keep it in check, and they don’t slow you down as much as you think.
The good news is you don’t need a 40-page policy to get most of the benefits safely. You need a few defaults that keep the speed, while stopping the obvious footguns.
One important reality check: responsibility doesn’t get outsourced to the agent. You can download kung fu, but you’re still the one in the room when it gets used. If the system leaks data, makes the wrong decision, or falls over at 2am, “the agent wrote it” is not a rollback plan. The person who wrote it still owns the outcome.
In other words, the tools can help you build faster. They don’t remove the run and own parts – security, monitoring, support, upgrades, and the boring work of keeping it trustworthy.
And it helps to borrow one more thing from The Matrix. Neo might be doing the moves, but he’s not alone. Someone’s in the chair watching the screens, keeping an exit open, and ready to unjack him when things go sideways. That’s the right mental model for agentic coding too: let it move fast, but don’t let it move unattended. Keep visibility, keep control, and keep a way out.
Blue pill zone: prototypes, internal tooling with non-sensitive data, boilerplate, docs, test generation, scripts that don’t touch production.
Red pill zone: auth, payments, PII, pricing logic, anything regulated, anything customer-facing without review.
If you only do one thing, do this: know which doors lead to the real world.
The workflow shouldn’t be “generate and ship”. It should be “generate, then verify”.
Minimum bar:
– someone reads it.
– tests exist (or get added).
– edge cases are considered.
– failure modes are explicit (what happens when the API is down, data is missing, a user does something weird).
The fastest way to accidentally create The Agent is to hand tools too much power.
Defaults that help:
– least privilege for any keys and tokens.
– separate environments (dev/test/prod).
– no production credentials in local scripts.
– secrets in a proper store, never in code or prompts.
Assume anything you paste into a tool might be stored somewhere.
Practical rules:
– don’t paste customer data, secrets, or proprietary configs into prompts.
– use synthetic data for examples.
– be explicit about logging and retention.
– know which tools are approved for which data types.
If it’s going to be used by humans, it needs an owner.
– who supports it.
– where it runs.
– how to deploy and rollback.
– where logs and alerts are.
– how to rotate secrets.
– what “done” means.
This is a genuinely exciting shift. More people can build, more ideas can be tested, and a lot of the friction that used to gate progress has just bent.
But “I know kung fu” is a feeling, not a qualification. The tools can generate code and even assemble systems end to end. They can’t automatically transfer the understanding that makes those systems safe, reliable, and maintainable.
So the aim isn’t to slow down. It’s to steer.
Jack in. Download the capability. Use the tools to move faster than you could before. Just make sure you know when you’ve stepped into the real world: where data matters, where trust matters, where customers and colleagues rely on what you ship.
Because the future isn’t “AI replaces developers”.
It’s “more of us can build” – and the ones who thrive are the ones who can fight The Agent when the demo meets reality.
This is my first blog post edited with the help of AI, because I too know kung fu.
Whatever your specialist area, wherever you are in your journey, we’d love to hear from you.
