Let’s say you run a small or medium-sized business. Perhaps it’s retail or manufacturing for custom designs. You’ve got process problems: it takes too long to turn around quotes, keep on top of inventory, forecast sales, and let customers visually design custom solutions. All the core processes that generate revenue involve manual effort. The spreadsheets your processes rely on are scattered across different work groups, and understanding how the pieces work together relies on tribal knowledge.

You’ve looked at custom software before, but the estimates are always high, and your gut says the total cost is ultimately exponentially more. So you keep nursing the spreadsheets, duct-taping formulas, and hoping Bob in engineering never leaves.

This has been the reality for millions of small businesses and independent professionals for decades. Software development is expensive because it’s hard, and it’s hard because computers are fundamentally stupid. They do exactly what you tell them, nothing more, nothing less. The problem is that “telling them” requires speaking their language. Whether that’s Python, JavaScript, SQL, or a dozen others, each has its own grammar, quirks, and ways of punishing you for a misplaced comma.

AI-assisted development looks to help fix this problem. The question is can AI toolsets be trusted in production?

Claude Code, released by Anthropic in early 2025, is a different kind of tool. It’s AI lives in the command line (the text-based interface developers use to talk to their computers). It reads and understands entire software projects, and can plan, write, test, and fix code autonomously. You describe what you want in plain language. It builds it.

Now, if you’re not a developer, you might be tempted to tune out right here. Command line? Codebases? I need to go back to my spreadsheets. Fair enough.

But here’s why you should keep reading. Claude Code is a product built for developers. But the pattern it represents is coming for many professions. Understanding what it can do today tells you something important about what your job, your industry, and your competitive position will look like in two or three years.

This is not really a product review. Not a tutorial. I’m exploring Claude Code because once I started using it, I started to see more of the possibilities. And I’d like to share some of these thoughts.

Ok, so what is Claude Code?

The basics. Claude Code is a tool made by Anthropic, a San Francisco-based AI company that developed the Claude chatbot. If you’ve used AI chat (e.g., ChatGPT, Claude, Gemini, etc.) to answer questions or help with writing, you’ve met the polite, conversational version. Claude Code is its more capable sibling.

You install it on your computer, point it at a folder full of code (or an empty folder, if you’re starting from scratch), and give it instructions using natural language.

The critical difference between a chatbot and Claude Code is that it can act. It is an agent (it can do things on your behalf). It reads your files and writes new ones. It runs commands. It tests whether things work. When something breaks, it reads the error message, figures out what went wrong, and tries a fix. This loop of plan-execute-test-fix can be repeated dozens of times without your intervention.

As I started working with it, I asked for help to do something pretty simple. I pointed Claude Code at my CISSP Study Resources GitHub project, and asked it to identify errors and inconsistencies and automatically fix them. This obviously wasn’t an actual development assignment. I simply wanted to see how it worked in reviewing files, identifying problems, and providing automated solutions. I was pleasantly surprised to find that it identified several types of issues (a few wrong terms and better groupings for certain concepts), created updates, and successfully installed patches.

Agent vs. assistant. Earlier AI coding tools, like GitHub Copilot, work more like aggressive autocomplete. You’re writing code, and the AI suggests the next few lines. Helpful, sure. But you’re still all the driving.

Claude Code is closer to handing the keys over entirely. It doesn’t just suggest. It can plan a sequence of steps, execute them, evaluate the results, and adjust course when things go sideways. If Copilot is a GPS that helps you find faster routes while you drive, then Claude Code is more like the potential Robotaxi service (assuming Robotaxi actually works at some point).

So, why should you care?

Let’s say you’re convinced Claude Code is impressive. You still don’t write code, and you don’t plan to start. So why should you care?

Because the idea underneath Claude Code is leaking into many professions, and the speed of that leak is accelerating.

Last year, Andrej Karpathy (a well-known AI researcher and former head of AI at Tesla) used the term “vibe coding” to describe a different approach to software development. The idea is that you describe what you want in natural language, the AI writes all the code, and you mostly just steer and test the results. You don’t need to understand the code itself. You just need to know what you want and whether the output meets your needs.

This sounds gimmicky until you look at what people are actually building this way. Non-programmers have used tools like Claude to build powerful projects, including browser extensions, personal finance trackers, client scheduling tools, and even full-blown SaaS applications. Projects that would have cost thousands of dollars in freelance developer fees a year and a half ago.

If building custom software becomes as easy as creating a slide deck (we’re not there yet, but trending in that direction), the market dynamics in many industries will change in ways that weren't obvious not long ago.

Consider a marketing analyst at a mid-size company. In the past, if he needed a custom dashboard that pulls data from multiple sources with a specific visualization scheme, he submitted a request to the IT or marketing department. Maybe that request sat in a queue for a while. With tools built on the Claude Code model, he could describe what he needed and have a working prototype the same afternoon. He’s still not a programmer, and he doesn’t need to be. He just needs to articulate the problem clearly and evaluate whether the output solves it.

This means that the person who understands what to build and why starts to matter as much as the person who knows how to build it. That’s a significant reordering of professional value.

A growing number of tech leaders have been arguing that the ability to direct AI agents is becoming a baseline professional skill. Comparable perhaps to spreadsheet literacy in the 1990s. There’s something to this, and the gap between “technical” and “non-technical” roles is genuinely narrowing. Tools like Claude Code are a primary reason.

But we’re not there yet, and we need to separate out the marketing hype from the potential. That’s one of the reasons why I’ve been spending more time with these tools. I started my career as a developer, and I’ve been involved in IT, leadership, and security for a long time. My bias is skepticism for replacing human intelligence with Large Language Model (LLM) prediction-based tools. And I am concerned about the security implications of relying entirely on these tools.

But if you take a step back, tools like Claude Code seem to be improving on a curve measured in months. If you still think of AI based on your last frustrating experience with ChatGPT, it’s time for an update.

The trust problem

So far, the story sounds pretty good. Were’ talking about an AI toolset that can build software from plain language instructions. Non-programmers creating functional tools. Retail and manufacturing companies are designing custom solutions for a fraction of the cost.

I think this is true to a point. But every powerful tool comes with potential problems, and Claude Code’s are worth understanding clearly because many articles don’t spend much time on them.

The fundamental tension is that the thing that makes Claude Code useful is also what makes it risky. It can read your files, write new ones, run commands, and modify your system. That’s not a chatbot generating text in a sandbox. That’s AI with real access to real things on your real computer.

The risk isn’t necessarily that Claude Code will “go rogue” in some sci-fi sense (although there are examples of it making some catastrophic mistakes). The risk is more mundane and, honestly, more likely.

Consider prompt injection, a class of attack that security researchers have been talking about for several years. The basic idea is that an attacker hides malicious instructions inside content that the AI tool will process. If a developer points Claude Code at files that contain a cleverly hidden instruction (say, buried in a comment or a README file), it might follow that instruction without realizing it came from an adversary rather than the user.

Another problem is AI's tendency to hallucinate. In a chatbot conversation, a hallucination is when the model confidently states something that is false, such as a made-up citation, a nonexistent historical event, or a plausible-sounding but wrong answer. It’s annoying, but usually catchable.

In code, hallucination takes a different and more difficult form. Say Claude generates code that looks correct, follows proper syntax, uses the right function names, and seems logically sound. But it contains a subtle bug. Maybe it handles edge cases incorrectly. Maybe it introduces a security vulnerability by failing to validate user input. Maybe it uses an API function that was deprecated two versions ago and will fail silently under specific conditions.

And there is the supply-chain problem. When Claude Code writes your software, you’re not just trusting the code it produces. You’re trusting the entire chain behind it, largely based on open-source software. When you use a package someone else wrote, you’re trusting that person’s competence, security awareness, and good intentions. The catastrophic Log4j vulnerability in late 2021 showed what happens when a widely used library contains a critical flaw. Note that software developers have been dealing with supply chain risk in open-source libraries for a long time. But left on its own, without supervision, Claude Code could amplify this risk.

For enterprises and organizations handling sensitive data, these issues create a governance challenge that existing software auditing practices may not have been designed to address. How do you audit code whose “author” is a statistical model? How do you assign responsibility when something goes wrong? These questions don’t have easy answers yet, although with a bit of irony, AI tools may also be part of the solution.

At present, tools like Claude Code act like a confident junior developer. They are exceptionally fast and knowledgeable about syntax, but they lack the professional judgment, strategic foresight, and security intuition of a senior architect. Agents can struggle with large-scale architectural changes across multiple services, often creating "spaghetti code" or technical debt if not guided by a human who understands the entire system's long-term roadmap.

And while Claude can run automated security reviews, it often misses nuanced flaws like broken business logic, authorization escapes, or zero-day vulnerabilities that don't match its training patterns. Humans still serve as a critical failsafe, intercepting risky commands or unintended actions before they reach production.

Claude Code is improving at reviewing software to identify and fix security issues. I’ll have more to say about that in future articles as I continue to explore.

So, where does that leave us?

I’m just scratching the surface of AI tools and toolsets that can help accelerate development work. Claude Code is a tool that dramatically accelerates software development while introducing a new category of risks that the industry is still learning to manage. I don’t think it’s a scam. It works, often impressively. But “it works” and “you can trust it blindly” are very different statements.

The fact that it’s possible at all for a person without years of programming training to describe a problem in plain language and get functional software back represents a genuine shift in who gets to build things with computers. Not a complete shift. Not a frictionless one. But a real one.

And I think there is a real, positive impact for retailers and manufacturers who want software and functionality tailored to their unique needs at a reduced cost.

Ultimately, however, there is a greater need for enterprise-level software security governance. And these tools still benefit from architect-level software engineering oversight, people who understand the business’s needs and can guide the development process.

The question remains, can your AI toolset be trusted in production?