Collab365

AI makes building easier. It also makes sleeping harder.

Q: Why does AI make building software harder despite speeding it up?

AI accelerates both defenders and attackers, exposing vulnerabilities faster, turning occasional security into daily defense for small teams.

Q: Who do hackers target first in the AI era?

Low-hanging fruit like small businesses, inexperienced AI coders, and those shipping without security reviews, not hardened enterprises.

Q: What is the most valuable skill for surviving AI-driven development?

Security judgment: reviewing AI-created code for risks like bad secrets, insecure packages, and ensuring 'it works' means 'it's safe to ship'.

M

Mark JonesAuthorPublished May 8, 2026

19

At a Glance

Target Audience: Small business developers, M365 Power Platform builders
Problem Solved: Rising security vulnerabilities and exhaustion from defending AI-accelerated development against faster hacker exploits in small teams.
Use Case: Securing AI-generated apps and dependencies in a two-person M365/Power Platform business amid constant vuln patches.

Helen said something on our walk this morning that I have been turning over ever since.

Technology anxiety is not always a sign that someone is incapable.

Often, it is the opposite.

It hits capable people because they used to know what they were doing.

They had their tools. They had their judgement. They knew where the dangerous bits were.

Then AI came along and made everything faster, stranger and much harder to trust.

I felt that properly last night.

At about midnight, I woke up needing a wee, made the terrible mistake of picking up my phone, and ended up popping on X and saw this:

Minimize image

"Multiple security vulnerabilities affecting React Server Components and Next.js have been disclosed. We strongly recommend updating your applications immediately."

Oh the Joy I feel seeing yet another security issue with some of the most used libraries on the planet. (It feels like these are becoming way more common now).

For anyone who does not live in developer land, modern software is built on "packages".

Think of these as little chunks of code that other people maintain.

You will be using them daily, probably hourly, without even knowing.

React. Libraries. Dependencies. Tools. The stuff most applications quietly sit on top of.

That has always been true.

But AI changes the pressure.

The same AI models that help developers find and fix bugs can also expose vulnerabilities at a speed humans cannot match.

That is brilliant when you are defending.

It is less brilliant when the same kind of capability gets into the hands of people attacking.

Currently, Anthropic have released Mythos (their god-level model) to a few companies to make sure they're patched before the likes of me and you get our mits on it.

So there I was, half asleep, updating packages, testing, deploying and thinking:

This is going to become normal, isn't it?

Not occasional security work.

Daily defence.

Because AI is not just helping people build faster.

It is helping everyone move faster (including hackers)!

The people building useful things. The people shipping scrappy prototypes. The people who do not know what they do not know. And the people looking for the easiest open window.

Helen put it bluntly.

If you are a hacker, who do you go after first?

Probably not the big, hardened enterprise team with security reviews, monitoring, audits and people whose entire job is to shut windows.

You go after the low-hanging fruit.

The tiny business. The inexperienced builder. The new AI coder who hasn't seen that security alert. The person who asked a model to "just make the thing work" and shipped it before they understood what had been left exposed.

That is the bit I think a lot of small (and medium) businesses are not ready for.

AI makes it possible for one person to build more than ever.

That is exciting.

It is also a bit terrifying.

Because building the feature is only one part of the job.

You still have to think about security. Performance. Authentication. Dependencies. Data. Backups. Permissions. Monitoring. Privacy. Abuse. Updates. (yeah, GULP!)

All the boring stuff that decides whether the exciting thing survives contact with the real world.

And for small teams, that is exhausting.

At Collab365, there are two of us.

Helen and me.

We are building Collab365 Spaces, supporting customers, creating content, thinking about marketing, handling sales, shaping courses, and trying to keep the whole thing moving without turning back into the over-complicated business we used to have.

Then security sits there too.

Quietly.

Heavy.

Because if a small business gets properly hacked, it is not an inconvenience.

It can be business over.

That is why I think one of the most valuable people in the AI era may not be the fastest prompt engineer or the flashiest vibe coder.

It may be the person who can look at AI-created work and say:

"Hang on. Is this safe?"

The person who understands where things can go wrong.

The person who uses AI, but does not blindly trust it.

The person who knows that "it works" is not the same as "it should be shipped."

Because AI will do what you ask.

If you ask it to store secrets badly, it will do that.

If you ask it to pull in a package that hacker just made on Github or that you do not understand, it will do that too.

If you ask it to build fast and never mention security, speed is what you will get.

That does not make AI bad.

It makes judgement more important.

And this is where Helen's point comes back.

Technology anxiety is not always fear of learning.

Sometimes it is the weight of knowing enough to see the risks.

I feel that more than I probably admit.

To survive as a small business now, you have to keep your head in the game.

You have to watch where the industry is moving. You have to understand the tools. You have to see what is changing before it hits you.

But the cost of keeping your head in the game is that you expose yourself to everything that is changing.

And some nights, you definitely take it to bed with you.

You worry about the business.

Then you worry about your children.

Katie's job. Hannah's future. What work even looks like in five years.

The strange thing is that knowing more does not always make you feel more in control.

Sometimes it just gives you a clearer view of the cliff edge.

Helen admitted she sometimes wants to put her head in the sand.

Not because she does not care.

Because she does.

Because if you think too far ahead, the possible outcomes feel too big to carry.

I understand that.

There are days when I think it might almost be easier not to know or to war game what's inevitablity coming when AI takes over too much of our lives.

But that is not where we are.

AI is here.

The money has been invested.

The tools are getting better.

The attackers will use them.

The builders will use them.

The small businesses will use them because they have to.

So the question is not:

"Can AI help us build faster?"

Of course it can.

The better question is:

"Can we defend, review and think clearly fast enough to survive what we are building?"

Because the next few years will not just reward people who can create.

They will reward people who can keep creating without leaving every window open.

And honestly?

That is the bit that keeps me awake.

P.S. If you're a developer, I'd definitely consider specialising into cyber security as that will be the one of the most in-demand skills on the planet!