Three weeks instead of six months. That's how long it took M.T. Taggart, a cybersecurity instructor who runs The Taggart Institute, to build a certificate generation app in Rust using Claude Code with Sonnet 4.6. The app works. It's in production today. And Taggart describes the experience of building it as "miserable" and "excruciating."
His essay, published on his personal blog, is one of the most honest accounts I've read of what daily AI-assisted coding actually feels like from someone who knows what they're doing.
The App Works Better Than Expected
Taggart needed a certificate generator for migrating his online learning platform from Teachable to Discourse. Nothing off the shelf fit. He didn't have time to build it himself between his day job and parenting. So he tried Claude Code as an experiment.
The results were genuinely impressive. The finished Rust app with a Svelte frontend includes audit logging, GDPR data deletion, cryptographic verification, and optional HMAC webhooks - features Taggart says he wouldn't have implemented on his own. During a security audit pass, the model caught a path traversal vulnerability in template management, a Typst template injection issue, and a timing side-channel in Argon2 password hashing that Taggart himself had missed.
"The code is more secure because of the audit pass," he writes. That's a strong endorsement from someone who teaches security for a living.
The Process Felt Like Watching Someone Else Work
Here's where it gets uncomfortable. Taggart describes his role during development as mostly "reading proposed code changes and pressing the 1 key to accept them, which I almost always did." He compares it to Homer Simpson's drinking bird - mechanically accepting changes without deeply engaging with the code.
The normal process of building software involves constructing what Taggart calls "an elaborate house of cards" in your head - a mental model of how every piece connects. With AI writing most of the code, that mental model never forms. After the project shipped, he had to reverse-engineer his own codebase to understand it.
The model did hallucinate non-existent struct methods several times, and during one security fix it introduced a denial-of-service vulnerability that was "obvious from the perspective of how the code would be deployed, but not from the code itself." These are exactly the kinds of bugs that slip through when you're in accept-accept-accept mode.
The Skill Atrophy Problem Nobody Wants to Talk About
Taggart's sharpest observation lands on the long-term consequences: using AI coding tools requires expertise to validate the output, but using the tools prevents developing that expertise. For experienced developers, the risk is atrophy. For new developers, it's worse - they may never build the foundational understanding needed to catch the model's mistakes.
"How will they gain the hard-won experience that allows a human in the loop to be a useful safeguard?" he asks. It's a question the industry hasn't answered.
He also describes a persistent psychological pull after the project ended - "a voice in my head telling me how much easier it would be" to use the tool again. He compares it to an addictive substance that alters cognition.
What makes this essay worth reading is that Taggart refuses to simplify it. He doesn't conclude that AI coding tools are bad, or that people who use them are bad. He shipped a better, more secure application than he would have built alone, in a fraction of the time. He also felt like a passenger in his own project and worries about what happens when the people reviewing AI output have never written code without it.
Both things are true at the same time, and that's exactly what makes the current moment so difficult to navigate.