HomeExperienceSkillsProjectsBlogContact
All posts

Why you should never ship code you don't understand

The temptation is real. You type a prompt and within seconds an AI agent spits out a complex class or algorithm that would normally take you an entire afternoon. But that's exactly where the problem starts. If you're using an agent for code that you, given enough time and the docs in front of you, couldn't have written yourself, then you're building on quicksand. You're trading fundamental understanding for speed. And in our world, that's a debt you always repay at a punishing interest rate the moment a bug surfaces.

The black box in your stack

The moment an agent writes code that's beyond your own reach, you create a black box in your own application. You're missing the insights into why certain decisions were made. Why this data structure? What does this do to your memory when you need to scale?

If you can't reproduce the logic yourself, you can't properly review it. Let alone maintain it. You become a passenger in your own codebase. The moment the AI makes a subtle mistake, you don't have the context to see where things go wrong. You're no longer programming. You're hoping the AI got it right. And hope is not a strategy.

The self-validating test trap

The biggest danger lies in your tests. There's a hard rule that many developers forget in their enthusiasm: never let the agent that wrote the code also write the tests. If you do, you get the classic case of the fox guarding the henhouse.

An LLM works on probability and patterns. If the AI makes a wrong assumption in the code, say by missing an edge case, there's nearly a 100% chance that same mistake ends up in the unit tests. Your tests turn a beautiful green, not because the code is correct, but because the test simply confirms the bug. You're automating your own blindness.

Where it goes wrong in practice

A few examples where that AI tunnel vision comes back to bite you:

The off-by-one error: The agent writes a filter but forgets the last element. The test the AI generates also expects that incomplete list. Everything seems to work, until you're missing data in production.

Security: An agent generates a SQL query that's wide open for injection. The test only checks the happy path and sees no problem, because the AI "thinks" it's secure enough.

Business logic: The AI invents a discount rule that runs just fine technically, but completely violates the business rules. Your test confirms the calculation, but your business model no longer holds up.

Take back control

A coding agent is a fine assistant, but a terrible architect. Use it for your boilerplate or as a rubber duck, but keep the pen in your own hand when it comes to core logic.

If you can't explain the code to a colleague without saying "the AI wrote that", it doesn't belong in your repo. Stay the boss of your own stack.