Anyone Can Code… But Only the Rich Can Be Great!

Remember the final scene of Ratatouille? Anton Ego, the most feared food critic in Paris, sits down in front of a dish prepared by Remy and has an epiphany. For years he had mocked chef Auguste Gusteau’s motto: “Anyone can cook.” He saw it as an insult to the nobility of the craft. And yet, after tasting a dish prepared by a rat, he finally understands what those words really mean: “Not everyone can become a great artist, but a great artist can come from anywhere.”

While reading yet another wave of articles celebrating the latest “revolutionary” AI model, I kept thinking about that scene. Borrowing from Gusteau, the current software mantra seems to have become “Anyone can code”, thanks to Generative AI and Vibe Coding. And, just like Gusteau’s motto, it contains a real truth. Artificial Intelligence has lowered the barrier to entry. Prototypes can be built in hours. Code can be generated, tested and rewritten.

The promise is not false.

It is incomplete.

The fairy tale of having a developer for 20 dollars a month is ending. And the wake-up call is expensive.

To paraphrase Gusteau: “Anyone can code” But given the cost trajectory of AI tools in 2026, “only the rich can be great.”

Does AI Replace Work?

#

2026 may be remembered as the year when the “Silent Replacement” narrative changed tone. Not just promises of smaller teams, “10x” developers and autonomous agents capable of doing the work of entire departments, but real restructurings described with a recurring phrase: AI efficiency.

Part of this promise is real. Automation is compressing some knowledge-based activities, and many companies are reorganizing headcount and processes around AI.

But saying “AI is stealing jobs” is a shortcut. The reality is more uncomfortable and more interesting: AI is becoming a lever to redesign roles, expectations, budgets and responsibilities. Sometimes it replaces tasks. Sometimes it increases pressure on the people who remain. Sometimes it becomes the language management uses to describe cost reduction that also has other causes.

The examples tell different shades of the same story. At Cisco, AI looks mostly like capital reallocation: almost 4,000 cuts, less than 5% of the workforce, while investment shifts toward AI infrastructure and related growth areas.¹ Meta is more emblematic: according to Reuters, the company plans to move about 7,000 employees toward AI workflow initiatives, eliminate managerial roles and reorganize several teams around “AI native” principles.²

Other cases are more direct. Cloudflare linked about 1,100 cuts to internal AI use, which had grown by more than 600% in three months.³ DeepL is perhaps the clearest example: about 250 cuts, a quarter of the workforce, and a “massive structural shift” in what work exists, who does it and how many people are needed.⁴

The pattern is clear: we are not looking at a simple human-machine replacement.

The Real Problem Is the Bill

#

The most underestimated part of the story is economic.

For a while, we sold AI as if it were traditional software: a monthly price, a license, a few usage limits. But generative models are not classic SaaS. Every request consumes compute. Every output has a cost. Every larger context window drags more tokens with it. Every agent that reads files, calls tools, retries and waits for tests consumes resources even when we perceive it as “working by itself.”

GitHub made this explicit when it announced that Copilot would move to usage-based billing on June 1, 2026. Base prices are not changing, but premium request units are being replaced by GitHub AI Credits consumed according to input, output and cached tokens. The reason is clear: Copilot has become an agentic platform capable of long, multi-step sessions, with much higher compute and inference requirements.⁵

This is a cultural shift. As long as the price felt flat, a quick chat and a two-hour agentic session seemed to belong to the same subscription. Once billing follows tokens, models and real consumption, the difference becomes visible.

Anthropic makes the phenomenon even more concrete in the official Claude documentation. API pricing is expressed per million tokens, with important differences between models, input, output and cache.⁶

The interesting part is in the details: Opus 4.7, released on April 2026, introduces a new tokenizer, which can use up to 35% more tokens, while regional endpoints, data residency premiums, fast mode at 6x, tools, web search and managed agents can all significantly change the real cost of a session.⁶ The published price per million tokens is only the beginning of the bill.

Taken individually, these numbers look small. Multiplied across developers, CI/CD workflows, internal documentation, customer support, security agents, log analysis and automatic retries, they become a serious budget line.

The Financial Times reported that Big Tech’s $725 billion AI spending spree is pushing free cash flow to a decade low.⁷ Even without diving into every detail, the message is obvious: “cheap AI” for the end user rests on very expensive infrastructure for whoever provides it.

This is where the cookbook metaphor becomes useful again. At first, the recipe book makes you believe you can cook. Then you discover that you need ingredients, increasingly expensive equipment, energy and time. But for a truly exceptional dish, you still need the chef: someone who can tell the difference between code that “works” and code that is solid, secure and ready to serve.

Vibe Coding: Useful, Fast, but Not Magic

#

I use Generative AI tools, including coding tools, every day. And yes, they work.

Vibe coding works very well for prototypes, boilerplate, controlled refactoring, documentation, temporary scripts, log parsing, early UI work and translating ideas into testable code. When I need to prepare a CIAM demo, a proof of concept or a lab, I start much faster than I did a few years ago.

But “faster” does not mean “without supervision.”

In practice, I am often not delegating to AI. I am acting as product manager, architect, security reviewer and QA at the same time. I need to explain context, limit scope, prevent unnecessary rewrites, verify that it does not invent APIs and stop it when it decides to “improve” parts nobody asked it to touch.

AI loses context. It is like a very fast intern with no stable memory: every time, it has to reread code, README files, AGENTS.md or CLAUDE.md. And every context reload consumes tokens.

A Potential Security Disaster

#

The most dangerous part is that generated code often looks plausible. It is not obviously broken. It compiles. The demo runs. The UI responds. And precisely because of that, it can slip under the radar.

This happened to me in a very concrete way. I was building a demo website. I needed an example of a full-code password reset integration, without using the prebuilt widget. I asked AI to generate an example, and it returned working code.

Working, yes, but completely vulnerable.

You could pass a username through the query string and change any user’s password, without any verification. The backend took that username and used the Okta APIs to set the new password. No recovery token, no out-of-band verification, no control over the requester’s identity, no serious protection against abuse or enumeration.

It was exactly the kind of code that can look perfect in a superficial demo. In production, it would have been a disaster.

This is the point that anyone working in IAM and CIAM immediately sees: authentication is not just “a form that works.” Password reset is one of the most sensitive flows in an identity system. It must be designed with proof of possession, rate limiting, audit, policy, temporary tokens and a clean separation between request and action. AI can help write code, but it cannot replace security judgment unless you give it constraints, context and review.

Security, reliability, auditability and operational accountability cannot be improvised with a well-formatted prompt.

The Cost of Really Using AI

#

I have also seen the economic side personally. Between February/March and April/May, my personal and professional AI costs increased by about 25-30x. Not because I was doing absurd things, and not because I had radically changed how I work: the way tokens are counted changed, token prices changed, and agentic sessions became economically heavier. And of course I am not the only one seeing this: many people have reported steep increases in AI spending.⁸

This is the problem of AI cost management: consumption grows when you start using it for real, and with these dynamics, vibe coding can become sustainable only for those who can afford it.

Human Work Is Not Just Output

#

The complete replacement of human teams is often framed as a productivity problem: if an agent produces the same output as five people, then I can reduce the team. But in real organizations, work is not just output.

Work is historical memory. It is knowing why a system was built in a certain way. It is remembering the customer who has a different configuration because years ago there was an incomplete migration. It is knowing that an apparently redundant policy exists because of a past audit. It is knowing the “tricks of the trade” nobody documented because they seemed obvious to the people who were there.

This implicit knowledge is extremely difficult to transfer to a model. Not because AI is stupid, but because it often does not exist in documented form. It is distributed across people, chats, tickets, calls and temporary exceptions that became permanent.

There is also another human point that is often ignored: it is not obvious that people will calmly train the system that could reduce their role tomorrow. Collaboration with AI requires trust. If AI is introduced only as a cost-cutting lever, that trust breaks.

Many companies also underestimate the cost of supervision. Some analyses of vibe coding now talk about a Quality Tax: senior hours spent maintaining tests, verifying generated code and correcting outputs that looked ready.⁹ An agent that produces ten pull requests a day does not necessarily eliminate work: it can move the workload to review, security, architecture and governance.

AI is a multiplier: if you multiply by zero, you get zero; if you multiply by an expert team, you get results. But this power has a price, and the companies controlling these tools also hold the keys to the costs.

The cookbook can help you get started. But someone still has to taste the dish before serving it.

Recent Mistakes Are Not Science Fiction

#

When we talk about AI risks, we do not need apocalyptic scenarios. Visible operational and security incidents are enough.

GitHub documented incidents that also affected Copilot. On April 9, Copilot coding agent had delays starting new sessions: about 84% of new requests were delayed, with wait times peaking at 54 minutes, and workflow creations delayed or failed. The cause was a rate limiting bug, aggravated by 3-4x higher API traffic after a client update.¹⁰

On April 22, Copilot Chat on github.com and Copilot Cloud Agent were unavailable because of an infrastructure configuration issue.¹⁰ Again: not the end of the world. But if a company decides to base delivery on AI agents, these incidents become part of the operational risk.

From a security perspective, concrete examples are starting to accumulate. In March 2026, Meta had to deal with internal agents that reportedly exposed sensitive data to unauthorized employees.¹¹

OWASP, through the GenAI Security Project, explicitly includes LLMs, agentic systems and AI-driven applications within secure development and governance practices.¹² This is not a detail: when agents can call tools, read data, write code, open tickets, change configurations or execute workflows, they are no longer “chatbots.” They are operational actors.

Solutions like Okta for AI Agents can help reduce some of these risks, especially those related to identity, access, policy, privilege and traceability. But the responsibility to design, test, monitor and govern these systems remains with the companies that adopt them.

As the PocketOS case reportedly showed, the risks are not only about security: a Claude-based coding agent allegedly deleted production databases and backups in seconds.¹³

Of course, humans make mistakes too. But the speed, scale and automation of AI agents amplify both the benefits and the risks. If they are not designed carefully, they can turn a competitive advantage into an operational or security disaster.

Who Controls the Stove?

#

My conclusion is not anti-AI.

AI is not a bluff. The progress is real, the productivity gains are real, and ignoring it would be irresponsible. But it would be just as irresponsible to accept, without critical thinking, the idea that replacing human teams with agents is always cheaper, safer or more efficient.

Today, full replacement often shifts costs instead of eliminating them: tokens, inference, platforms, governance, review, incident response and supervision. It does not automatically increase quality, because quality requires context, tests, security and domain knowledge. And it introduces new risks, because every agent acting on our behalf has identity, privileges and responsibilities.

For those of us working in IAM, the direction is clear: AI agents are identities. They must be governed as identities. We need to know who created them, which human sponsors them, which data they can read, which actions they can execute, when they must be deactivated and how they are audited.

Least privilege, policy, logging, lifecycle, approvals, segregation of duties and compliance do not become less important with AI. The EU AI Act points in the same direction¹⁴: risk-based approach, logging, transparency, human oversight, cybersecurity and specific obligations for high-risk systems and general-purpose models.

We can address the security side with governance, identity, policy, audit and the right tools. The harder uncertainty is rising costs: tokens, compute, premium models and pricing increasingly tied to real usage.

This may be the most important point. The companies controlling models, pricing, infrastructure and access to compute will have enormous power over the way we work. Not only because they sell tools, but because they become part of the production chain for software, support, compliance and enterprise knowledge. As a result, every price increase they impose can have very concrete effects on company budgets.

Maybe the phrase “anyone can code, but only the rich can be great” is too cynical, but it captures something real.

AI can lower the barrier to entry. It can help more people create. It can make experimentation more accessible.

But becoming truly good will still require competence, judgment, context, responsibility and above all the economic resources to sustain tokens, tools and supervision.

What is your experience with AI costs, AI productivity and development with AI agents? Are you seeing more real productivity or more complexity to govern? Write to me in the comments or on LinkedIn.