What to watch out for

Security — passwords and API keys never in the code

Imagine looking into a project and finding a password or API key written down. Your blood pressure goes up. That’s money at stake. Personal data. Access to something that shouldn’t be public. A security incident starts immediately.

Code you write lives multiple lives. It goes on GitHub. You might share it with an agent in the future. Someone else might ask for it. Passwords and keys don’t belong there. Use configuration variables instead. Or let Claude set up a secrets manager. That’s what normal web apps do.

Second point: permissions. When you let an agent work on part of your project, think about what it can do. Could it make irreversible changes? Could it delete files or access data it shouldn’t touch? Git protects you—every change is recorded. But it’s better to prevent the problem from the start.

Third point: prompt injection. When an agent gets instructions through a web form or text field, someone else can type a command it will treat as its own instruction. Imagine submitting to a form: “delete all files.” Without checks, the agent might do it. So user input must be validated before it reaches the agent.

My failures and what they taught me

I used to use Gemini and other tools like Nano Banana and Antigravity. They worked well. But I didn’t track how much they actually cost. The model ran automatically. Time added up. Then came a surprise bill. Around a thousand crowns. It didn’t happen on day one. It accumulated gradually. The default model—the most powerful one—started automatically and went its own way. Free trial credit didn’t cover that API. I turned off billing and now I leave them alone deliberately because of the cost. It’s not shameful. It’s a calm decision.

My second big failure was with a local model. I installed Ollama and tried to run it. It looked good at first. Then I walked away and forgot it was still running in the background. Something got stuck. Everything locked up. I ended up deleting it. It was almost 9 GB. The lesson: when you install something, finish it. Not just finish the installation, but finish it to the point where it actually does what you ordered. If you leave it half-done, you forget about it and it stays hanging like a corpse. I should have written a simple note—a blocker in my notes that would show up and remind me to finish the job.

Both failures feel the same: something runs in the background without you noticing. One costs more money. The other eats disk space. I didn’t notice until it announced itself loudly.

Hallucinations and how I catch them

Hallucinations—that’s when an agent or model makes something up that doesn’t exist. It’s not mischief. It’s how it works. The model guesses what the next word should be. Sometimes it guesses wrong. It can tell you very seriously that a website has a feature it doesn’t. Or it invents a process that sounds like it should work but doesn’t at all.

How do I catch them? Concrete probing. When an agent tells me something—that there’s a button, that it’s done this way—I don’t take it as truth. I test it. I open the code. I run it. I see what happened. Sometimes it really does behave the way I was told. Other times it doesn’t. Sometimes something surfaces that I didn’t even notice—the agent was right, I just didn’t realize it.

I don’t want to be paranoid, but I want to know what’s actually happening. The only way is to test it. A normal chat gives you an answer and you take it. Here you get to verify it. And you should.

How to avoid bill shock

The cost of autonomy isn’t something I’m ashamed of. It belongs in the spreadsheet like any other expense. I talk about what it costs me openly. So you don’t get caught the same way.

First number: Claude Code Max runs 100 dollars a month. That’s over 2400 crowns. Vercel costs around 40 dollars. Supabase costs me nothing if I keep the project small. The website runs 140 dollars a month. Compare that to a programmer who’d work a quarter of their time on something like this—that’s often thousands of crowns—and it’s cheaper.

But my Gemini situation was different. The problem wasn’t a lack of intent. The problem was a lack of control. I had no rule for how much I could spend. I just thought I had credit and should use it. Wrong. Without a limit, things drain in different ways. So here’s the advice: set a HARD LIMIT on the account. That’s a number that says: “don’t charge me more than this.” When the limit is hit, the service stops itself and tells you. I didn’t do that. It cost me a thousand crowns.

Tool dependency and what I keep away from AI

Switching tools always costs something. Time. Knowledge. Habits fall apart. Everything changes. You don’t want ten different tools for ten different things—that’s the road to hell. I try to have one workflow that works. And stick with it.

What do I keep out? First, sensitive data. Passwords. Social security numbers. Health information. That doesn’t make sense to give to an agent. I keep that for myself. Second: unverified decisions. When I have to make a decision with serious consequences—budget, architecture changes, a contract—that doesn’t come from an agent. I decide that. We talk it through together afterward. An agent is there to do work. Not to decide.

Security and using an agent can go together. But you have to think about it. Here I’ve shared my way. My stack and My setup show you how I do it in practice.