AI Gave Me Code. I Threw Half of It Away. Here's Why That's a Good Thing.

In the world of software development, there’s a tempting but dangerous fantasy being sold: the idea that you can simply tell an AI to “build an app” and it will spit out perfect, secure, production-ready code.

This is a myth. And believing it is the fastest way to build an application that is insecure, buggy, and impossible to maintain.

I use AI every single day. It has fundamentally changed how I work, making me faster and more effective. But the key is understanding its role: AI is a brilliant, tireless copilot, not the autopilot. It can draft a flight plan and handle the straightaways, but a human expert absolutely needs to be at the controls for takeoff, landing, and navigating turbulence.

To show you what this actually looks like, let’s walk through the realistic, multi-step process of building a single feature with AI.

The Task: A New API Endpoint

Let’s say a client needs a new backend feature: an API endpoint that allows users to submit feedback. Simple enough. Here’s how we leverage AI correctly.

Step 1: Strategic Prompting (The Expert’s Question)

The process doesn’t start with a vague request. It starts with a precise, expert-level prompt. I don’t ask the AI to “make a feedback feature.” I ask it to generate a specific piece of the puzzle.

My Prompt: “Generate a boilerplate API endpoint in Rust using the Axum framework. It should handle a POST request at /api/feedback. The request body must be a JSON object containing a user_id (string) and a message (string, max 500 characters). Use the sqlx library to insert this data into a PostgreSQL table named feedback, ensuring you use parameterized queries. Include basic error handling.”

The expertise here isn’t just knowing the tech stack; it’s about defining the constraints: the framework, the database library, the security requirement (parameterized queries), and the data structure. This is how you guide the AI to a useful starting point.

Step 2: The First Draft (The 80% Scaffolding)

In about 30 seconds, the AI generates 50-70 lines of code. This is the “magic” part that saves hours of manual typing. It creates the function signature, parses the JSON, sets up the database connection, and writes the SQL query.

This code is impressive. It’s also fundamentally untrustworthy. It’s a rough scaffold, not a finished building.

Step 3: The Human Audit (Where the Real Work Begins)

Now, I put on my developer hat and begin the critical process of review and refinement. I systematically challenge every line of code the AI wrote.

• Security Hardening: The AI used a parameterized query as requested—good. But did it sanitize the message input to prevent Cross-Site Scripting (XSS) if that data is ever displayed on a web page? No. I add server-side sanitization. Is the user_id being properly authenticated against an active session? The AI doesn’t know our app’s authentication system, so I need to manually integrate that middleware.

• Robust Error Handling: The AI’s error handling is generic. It might return a vague “500 Internal Server Error” for any database issue. That’s not helpful for debugging or for the user. I replace it with specific, logged error states: Is the database down? Is the user_id invalid? Was there a unique constraint violation? Each case needs to be handled and logged differently.

• Refactoring for Reality: The AI’s code works in a vacuum. It doesn’t know about our project’s shared modules or coding conventions. I refactor the database logic into our existing data layer, move the data structure (struct) into our shared models file, and ensure the code style is consistent with the rest of the project. This is crucial for long-term maintainability.

• Edge Case Testing: What happens if the message is exactly 501 characters? What if the JSON is malformed? What if the request comes from an unauthorized IP? I write unit tests to cover these scenarios—a step the AI will never think to do on its own.

The Result: From Flawed Draft to Finished Feature

After this process, perhaps only half of the original AI-generated code remains. But that’s the point.

The AI didn’t build the feature. It gave me a massive head start. It eliminated the tedious grunt work and allowed me to spend 100% of my time on what a client is actually paying for: security, reliability, and quality.

This is the responsible and effective way to use AI in development. It’s not a “spray and pray” button for generating code. It’s a powerful tool that, in the hands of a discerning expert, transforms the development lifecycle from a marathon of manual typing into a sprint of strategic refinement.

If you’re looking for a development partner who understands both the power and the pitfalls of modern tools, let’s connect and discuss your project.