“I built it myself in an afternoon…”
It’s the proudest sentence I hear from SME owners these days.
It should also be the most frightening.
Welcome to the age of vibe coding — where anyone can conjure an app simply by describing it. No training. No code. We’re calling it the democratisation of technology. And it is.
But it’s also a false dawn.
Here’s the psychology nobody wants to confront: the person who creates something is the worst-placed person to spot its flaws. We fall in love with our own work. We see the elegance, never the cracks.
So the proud SME owner is precisely the wrong person to ask, “Could this be hacked?”
Because it can.
The first version of any app — and the second, and the third — is riddled with vulnerabilities. Invisible to the maker. Obvious to those who hunt them for a living. Hackers aren’t impressed by your enthusiasm. They’re interested in the gap you didn’t know you’d left open. This isn’t an argument against democratisation. It’s an argument for maturity.
We test drivers before we hand them keys. We inspect food before it’s sold. Yet we release self-built apps onto an unsuspecting public with no scrutiny whatsoever. The fix is simple: every self-built app should pass an independent security check before launch — ideally a proper certification process. So that “I built it myself” is always followed by “and it’s been checked.”
I help SMEs harness AI safely. If you’ve built something brilliant, let’s make sure it’s secure too.
