Everybody loves AI right now. Not everybody understands what they're actually building with it. That gap is where most of the risk in this moment is sitting, and it's growing faster than most businesses' governance is catching up to it.
What vibe coding actually is
Vibe coding is describing what you want in plain English and watching an AI tool build it — no code, no logic flows, just conversation. It's become the fastest on-ramp into building with AI that's ever existed, and it deserves the credit it gets. A marketer can build a content tool in an afternoon. A support agent can stand up a feedback analyzer without touching a line of code. That's real, and it's not going away.
The problem isn't the tool. It's the assumption that comes with it: that because something was fast to build, it's also ready to hold real weight.
The line that actually matters
Here's the test I use with clients, and it holds up in every case I've seen: if you closed the chat window, would the thing still run?
If the answer is no — if it only works while someone is sitting there prompting it, step by step — it's still a prototype, no matter how many APIs it's connected to. That's true even when it's touching something real, like a CRM or a payment processor. Connecting to a real API doesn't make the thing around it real. It just makes the demo more convincing.
The moment that distinction actually matters is when real data enters the picture — specifically, other people's data.
Why live connections are the real risk
Say a chat-based AI tool is wired directly into a live CRM. Every time it runs, it's pulling fresh data straight from that system — and any of that data could be carrying more than it appears to. A form field, a customer note, a synced message: all of it is just text to the model, and text can contain hidden instructions. This is called prompt injection, and right now, there is no reliable way to fully guard against it. It's an open problem across the entire AI industry, not a gap in any one platform's engineering.
If that live-connected tool also has any ability to act — update a record, send something, trigger a workflow — a single manipulated input can turn into an action nobody authorized. When the data behind that connection includes financial information or personal details for real customers or members, the exposure isn't hypothetical anymore. It's the kind of event that costs real money and real trust to clean up.
The fix is simpler than people expect
The solution isn't "don't use AI." It's "don't connect it live to production data without a gate in between."
For a recent client — a membership-based business holding real financial and personal data for hundreds of members — the actual fix was almost anticlimactic: pull the CRM data out on a routine schedule into a private, access-controlled location. A static snapshot, not a live feed. Let the AI tool read from that snapshot. No live connection, no write access back into the source system — nothing for a hidden instruction to reach, because there's no door left open.
That one decision solved three problems simultaneously. It gave the business a genuine backup of its own data. It surfaced where the real risk and gaps actually were. And it gave the team a safe, fast way to keep working with AI — which was the goal all along. Nobody needed the live connection specifically. They needed speed. The static version delivers that just as well, without the exposure.
The law is already catching up
New York enacted a law this year requiring a conspicuous disclosure whenever an advertisement includes an AI-generated human likeness — and it applies to material already circulating, not just new content going forward.
Violations carry real civil penalties.
There's also an existing state law requiring reasonable data security safeguards, a law governing AI chatbots that simulate ongoing relationships, and multiple bills moving through the legislature that would require any customer-facing AI to disclose itself and hold businesses accountable for what it tells people. This is the direction New York — and likely other states behind it — is heading, and it's cheaper to build to that standard now than to retrofit compliance later.
The real standard is higher than the law
Even where the law only requires a disclosure, that's often not enough. If your business is built on being real — real people, real relationships, real service — an AI-generated image of a person, disclosed or not, works against the thing you're actually selling. The legal floor and the right business decision aren't always the same line.
Vibe coding should stay fun. It's one of the best tools available for finding out fast whether an idea holds up before you commit real infrastructure to it. The discipline is knowing where that testing phase ends — and building the real thing, deliberately, before real data and real people are riding on it.