Skip to content
← Joining The Dots
Insights5 min read

When to build custom AI (and the vibe-coding trap)

AI makes building software feel effortless, and that's the danger. Veracode found 45% of AI-generated code carries security flaws. Here's when building custom AI is worth it, and how to avoid the vibe-coding trap.

AI has made building software feel almost effortless. Describe what you want, and a working app appears. That speed is real, and it is exactly why the trap is so easy to fall into.

In 2025, Veracode tested AI-generated code from more than a hundred models and found that 45% of it contained security flaws, with 2.74 times the vulnerabilities of human-written code (Help Net Security). The code runs, the demo works, and the holes don't show up until someone goes looking, or worse, until someone finds them for you. In the same vein, 58% of developers admit to trusting AI output without testing it. Fast and fragile is a bad combination for anything your business depends on.

The vibe-coding trap

"Vibe coding" is the name for building software by describing a vibe to an AI and accepting what comes back, without defining how it should handle security, data or the awkward edge cases. For a throwaway prototype, it is wonderful. For anything real, customer-facing, handling data, sitting in the middle of your operations, it quietly accumulates risk you cannot see. The tool optimises for "looks like it works", which is not the same as "is safe to run".

The problem isn't using AI to write software. We use it constantly. The problem is using it instead of the engineering judgement that decides what good and safe actually mean. AI is a brilliant accelerator on top of that judgement, and a liability without it.

When custom is worth building

Most of the time an off-the-shelf tool is the right answer, and you should reach for custom only when it genuinely doesn't fit. Building is worth it when:

  • The process is a real source of advantage, and a generic tool would make you merely average at it.
  • Your needs are specific enough that no product fits without awkward compromise.
  • The data is too sensitive to hand to a third party, and control matters more than convenience.
  • You will use it enough, for long enough, to justify owning and maintaining it.

When those are true, custom AI can be transformative. When they aren't, it is usually a more expensive route to something you could have bought.

Build it properly, or don't build it

If it is worth building, it is worth building properly: with the security, data architecture and testing that vibe coding skips. That is the difference between software that quietly does its job for years and software that becomes a liability the moment it matters. We build custom AI the way production software should be built, with AI very much in the toolkit and never in sole charge.

If you're weighing up whether to build or buy, the free AI Maturity Assessment can help you see which way your needs actually point.

Want to know where your team actually stands?

Start Your Assessment