Close Menu
Actionable Strategic Planning
  • Home
  • Business Strategy
  • Action
  • Business
    • Business Planning
  • Cycle
  • Invest
  • Vision
    • Steps
  • Shop

Subscribe to Updates

Subscribe to our newsletter and never miss our latest news

Subscribe my Newsletter for New Posts & tips Let's stay updated!

What's Hot

Your team can build anything. that's the problem

July 7, 2026

Beyond Pay Premiums: More Than One AI Talent Market

July 6, 2026

What The SEC’s Proposed New Filer Framework Could Mean For Executive Compensation Accountability

July 6, 2026
Facebook X (Twitter) Instagram
  • Home
  • About Us
  • Advertisement With US
  • Contact US
  • DMCA Policy
  • Privacy Policy
  • Terms of Service
Facebook X (Twitter) Instagram Pinterest Vimeo
Actionable Strategic Planning
  • Home
  • Business Strategy
  • Action
  • Business
    • Business Planning
  • Cycle
  • Invest
  • Vision
    • Steps
  • Shop
Actionable Strategic Planning
Home » Your team can build anything. that's the problem
Business Strategy

Your team can build anything. that's the problem

adminBy adminJuly 7, 2026No Comments9 Mins Read2 Views
Share Facebook Twitter Pinterest LinkedIn Tumblr Email WhatsApp Copy Link
Follow Us
Google News Flipboard Threads
Share
Facebook Twitter LinkedIn Pinterest Email Copy Link


A few months ago, I was training a RoboCFO client's finance team on the cutting edge of what Claude can do. And then we reached the realm of vibe coding, where everyone learns how to build and deploy their own apps. We just talked about the NetSuite MCP server, role-based access, and the guardrails that Oracle already has built in. These types of rails allow you to pass your tools to your controller and sleep comfortably. Then I said the part that has been spinning around in my head ever since.

Anyone can bring AI to their company’s finances. It takes about 2 minutes and literally requires no training. But if you can't reliably distinguish between EBITDA and net income, or if you can't explain why operating income is between net income, you won't understand when and at some point the model is definitely wrong. that would be a mistake In a way that looks good to the untrained eye. You need domain expertise to know what you're looking at.

The same thing applies to the app you just vibecoded. If you're not an engineer or a security professional, you don't have the expertise to know which guardrails are missing, and you can't install ones you've never heard of. A security expert would look at the same app and ask whether the database login it uses can read a single table or the entire table, whether the password is present in plain text in the code, whether the app is exposed to the internet without signing in, or whether someone would know that the app was run. You didn't ask any of them because you didn't know they existed. I told a room of smart, technology-forward people that what I had just taught them was something they were not equipped to do safely, and I saw it land.

Here's the part I didn't say: Both of my insurance policies were due for renewal in the same week. Cyber ​​liability occurs when a client's data ends up somewhere it shouldn't be, and errors and omissions occur when a client decides to put their advice there.

I was estimating my own downside and giving it to others during the same week.

That juxtaposition stung a little.

So I slowed down my training. I've been slipping through warnings all week without really noticing. Use fake data for now and don't connect anything to your real system. Don't loop IT and direct it to the live ledger before this gets close to production. I taught them the declawed version because the full version felt like putting them in a Ferrari and driving them off to a test track without seatbelts. And I was actually the only guardrail in the room, and after the coffee disappeared, I stood in front hoping everyone remembered the precautions.

There is no guarantee that you will escape a fire that you see coming. Sooner or later someone has to move the match.

(I noticed that I was mixing metaphors again, but I hope you get the idea.)

The critic is gone

In May, I took a body count. Israeli researchers scanned some 380,000 apps built with AI coding tools and found about 5,000 pieces of leaked company data, internal financial records, sales files, and strategic materials on the open web available to anyone who entered a URL. Finance was on the verge of explosion. In case you missed it, the app was published by default and no one changed any settings.

It's not that scan that's stuck with me. That's the symptom of the scan.

Anyone who discovers security issues before shipping is designed to be removed from the process. These tools are very good at creating executable software, but pretty bad at creating secure software. and they are do not have Same skills. Veracode tested over 100 models and found that 45% of AI-generated code had OWASP top 10 hole types. And even though the model's coding improved dramatically, the pass rate remained flat at nearly 55%. Bigger model, same hole. At Fortune 50 scale, things get even worse. AI-assisted developers ship 3-4 times faster, and monthly security findings jump approximately 10 times. The shipping rate will increase and the defect rate will further increase. Same curve, two measurements.

Failure modes are also becoming more creative. There's a new thing called slop squatting: The model hallucinates a non-existent software package, the attacker registers its exact fake name and loads the malware, and the person who then runs the AI's code installs it without looking twice. Socket's head of research warned in late June that AI agents were ingesting dependencies faster than any scanner could monitor, and that the first half of 2026 had already seen more than four times as many package compromises as all of last year. Even Microsoft had its open source projects compromised twice in a matter of weeks when password-stealing malware slipped into tools developers were running alongside their AI assistants. Even if Microsoft's supply chain could take a hit, the dashboard a financial analyst built over the weekend isn't a tough target here.

Why specifically is it your problem?

Marketing vibe-coded app leaks campaign calendar. Finance vibe-coded apps reach operating accounts, AP subledger, AR subledger, and payroll. Same tool, different explosion radius – and yours is the one with the balance sheet connected.

The prototype works, but the problem is everything around it. There are no access reviews, no logs of who touches the data, no version control, and no idea if you're reading from a sandbox or a live ledger. For public companies, this is a compliance issue with a blown fuse. SOX already requires a designated owner for anything involving access control, audit trails, documented data processing, and financial reporting, but an uncertified app that displays ERP data in a browser window will miss all of that the moment an auditor spots it. The high-risk provisions of the EU AI law will come into force on August 2nd, and citizen-created tools could be tripped up by them if they fall below the line where someone is looking. IBM is charging a premium of around $670,000 for Shadow AI on top of its already ugly breach.

Cloud Security Alliance said the quiet part loud in June: Risk committees cannot approve controls within an application that cannot even be listed. Consistent with the Escape.tech scan I flagged in May: Of the 5,600 apps they checked, not a single app had basic access coverage. You can't manage what you can't see, and most of it isn't visible at this point.

So I made a harness.

The only guardrail in that room was me, and I wouldn't climb up. Warnings stop working the moment the session ends. So I stopped bolting the rails together one by one and instead made something that runs inside the rails. it's called trustWard. A harness for the apps your team builds.

This idea is boring in a good way. Your team continues to use the AI ​​coding tools they already love. Trustward sits between its tools and the actual system, passing only a slice of cleared, masked, and logged data to each app through credentials that reach nothing else. During the build, the tool works on synthetic data, so nothing is leaked by dodgy pasting into external models. Every app they ship is displayed on a map that you can read in plain English, including who owns it, what data they access, whether it's been cleared, and when it was last run. And if you need to stop one of them, stop it. One switch.

You don't read a single line of code. You get the part that has always been your job: knowing what's running and being able to turn it off.

5 years later

If you play it in order, the training room I was standing in is no longer a training room. Because no one needs to teach them anymore. This very concept seems as outdated as teaching a roomful of analysts how to search for something on Google or attach a file to an email. Everyone on your team runs your personal automation platform the same way they run email today. The end-of-month closing happens automatically overnight, with small agents connecting subledgers and creating commentary for humans to drink coffee. Analysts don't create a single dashboard over lunch. She runs 12 agencies, has built and restructured 40 of them, and has retired agents who have lost income. Organizational charts stop looking like pyramids with a wide range of juniors doing menial tasks and start looking like diamonds, thinner at the bottom and thicker in the middle, where people direct the machines. PwC is already seeing its shape.

Many do not arrive on time. Gartner predicts that more than 40% of agent AI projects will be obsolete by 2027And the ones who die will mainly be ungovernable pilots, pilots who couldn't prove what they did or couldn't trust anything close to actual data. That's the part worth sitting through. The teams that will win over the next five years will be the ones that build inside something, put walls around their work, and leave a record of what they touch. So speed came not through prayer but through paper trails.

Everyone on your team will soon be building like this all day long, whether you're ready for it or not. The only real choice is to keep the rails and build, or to build without putting anything under the rails.

The next time you run that workout, you're not going to soften anything. There's no need for that.




Source link

Share. Facebook Twitter Pinterest LinkedIn Tumblr Email WhatsApp Copy Link
admin
  • Website

Related Posts

Business Strategy

How CFOs can turn talent into financial strategy

July 2, 2026
Business Strategy

Why CFOs Must Master Capital Allocation with Rachita Sundar

June 26, 2026
Business Strategy

The next five years will change healthcare more than the past 50 years.

June 26, 2026
Business Strategy

Impact of AI on M&A

June 25, 2026
Business Strategy

Enterprise leaders can use Quantum now

June 24, 2026
Business Strategy

What it means to be “CFO Plus”

June 22, 2026
Add A Comment
Leave A Reply Cancel Reply

Top Posts

Apple Mission and Vision Statement

April 7, 2023620 Views

Understanding the Industry Lifecycle: Phases and Examples

December 13, 2023532 Views

Nike Mission Statement | Vision | Values ​​| Strategy (2024 Analysis)

March 20, 2024471 Views

Apple's Mission Statement | Vision | Core Values ​​| Strategy (2024 Analysis)

March 22, 2024439 Views
Don't Miss

Profit with purpose: How women-inclusive business practices drive small business success

By adminJuly 18, 20240

Can inclusive investments boost local private sector growth? Small businesses are powerful engines of economic…

Building Business Partnerships Fit for the Future: A Renewed Vision for Business Action on Poverty, Inequality and Climate Change – Partnerships

June 13, 2024

City launches new business promotion program | Department of Commerce

June 11, 2024

12 Tips for Building an Effective Business Website

June 7, 2024

Subscribe to Updates

Subscribe to our newsletter and never miss our latest news

Subscribe my Newsletter for New Posts & tips Let's stay updated!

About Us
About Us

Welcome to Actionable Strategic Planning!

At Actionable Strategic Planning, we believe in empowering businesses to thrive through effective strategic planning and execution. Our mission is to provide valuable insights, tools, and resources that enable organizations to develop actionable strategies and achieve their goals with confidence.

Facebook X (Twitter) Pinterest YouTube WhatsApp
Our Picks

Your team can build anything. that's the problem

July 7, 2026

Beyond Pay Premiums: More Than One AI Talent Market

July 6, 2026

What The SEC’s Proposed New Filer Framework Could Mean For Executive Compensation Accountability

July 6, 2026
Most Popular

Nissan unveils Arc business plan to drive value, increase competitiveness and profitability | Corporate Finance

March 25, 20243 Views

The business plan software market is poised for potential growth

July 22, 20244 Views

Business plan contest by students for students

October 3, 20235 Views
© 2026 actionablestrategicplanning. Designed by actionablestrategicplanning.
  • Home
  • About Us
  • Advertisement With US
  • Contact US
  • DMCA Policy
  • Privacy Policy
  • Terms of Service

Type above and press Enter to search. Press Esc to cancel.