Why AI-First Development Is Going to Cost You More in the Long Run

There’s a narrative taking hold right now that goes something like this: AI can write all the code, you don’t need as many developers, and the ones you do keep just need to be fast with a prompt. Fire your senior engineers. Hire a junior and an AI subscription. Ship ten times faster at a fraction of the cost.

It’s a compelling story. It’s also wrong — and the companies betting their futures on it are about to find out why.

I’m not saying this as someone who’s afraid of AI. We use it at Clevyr every single day, and our teams are genuinely better because of it. But after sixteen years of building software for clients across every kind of business, we know the difference between a tool that makes good teams great and a shortcut that makes bad decisions faster. What I’m seeing in the market right now is a whole lot of the second one, and the consequences are already showing up.

We know the difference between a tool that makes good teams great and a shortcut that makes bad decisions faster.

Let me show you what I mean.

In December 2024, a Canadian developer named Wes Winder fired his entire engineering team and replaced them with AI. He called himself a “100x developer.” Within weeks, he was back on LinkedIn, hiring new engineers [21].

In March 2025, a founder named Leo Acevedo shipped a SaaS app built with “zero hand-written code” in Cursor. It was dead within a week — no authentication, API keys exposed in the frontend, database wide open [12].

In February 2026, a company called StrongDM published what they called the “Dark Factory” — a three-person team building production security software in which no human writes code and no human reviews it. Their benchmark for making it work? $1,000 per engineer per day in token costs [7].

Three different bets on the same idea: AI can replace developers. Three very different outcomes. And they all share one thing in common — the economics and the risks underneath were never what they appeared to be.

Last week, the bill started coming due.

The Free Ride Is Over

On May 13, Anthropic quietly announced that starting June 15, Claude subscriptions will no longer cover programmatic usage — Agent SDK, claude -p, Claude Code GitHub Actions — under their subsidized subscription pool. Instead, you get a separate, unsubsidized credit bucket. $20 for Pro, $100 for Max 5x, $200 for Max 20x. Once it’s gone, you’re paying full API rates [1].

A few weeks before that, they doubled their own published cost estimates for Claude Code without telling anyone. Just edited the docs page. $6/developer/day became $13/developer/day. The 90th percentile jumped from $12 to $30/day [2].

If you’re not paying attention to this stuff, I get it — pricing changes don’t sound like a big deal. But this one is, because it tells you something important about the economics underneath every AI-first development operation: you were never paying the real price.

We’ve Seen This Movie Before

Here’s the thing nobody building on top of AI coding tools wants to hear: every token you’ve consumed has been sold to you at a loss.

OpenAI’s inference costs run around $7 billion a year. Anthropic burned through $2.7 billion in costs against $800 million in revenue in 2025 [3]. These companies are not profitable. Not even close.

They’re running the same playbook we watched Uber and Lyft run a decade ago. Subsidize the product with venture capital. Get everyone hooked on below-cost pricing. Build dependency. Then, once you own the market, start charging what it actually costs.

We know how that story ended. Rides got expensive. The “disruption” turned out to be temporary. And the companies that had restructured their operations around cheap rides had to restructure again.

Anthropic’s version of this story has a number attached to it. Their own internal data showed that a single full-day autonomous agent session could rack up $1,000 to $5,000 in actual compute costs — against a $200 monthly subscription. Analysts described it as a roughly 175x subsidy on the heaviest users [4]. For every dollar Anthropic collected, they were shipping two hundred dollars worth of compute.

Dario Amodei said the quiet part out loud in a Fortune interview back in February: “If I’m just off by a year in that rate of growth, or if the growth rate is 5x a year instead of 10x a year, then you go bankrupt.” [4]

That’s the CEO of the company your codebase depends on, publicly talking about bankruptcy scenarios.

So of course the pricing is changing. In April, both OpenAI and Anthropic gutted their flat-rate plans within two weeks of each other. Heavy users saw 2-3x cost increases. Some agentic workloads — the autonomous, compute-hungry stuff that AI-first shops depend on — saw 10-50x amplification [5].

Then on May 13, Anthropic went further. But watch both hands: the same day they separated programmatic credits, they also raised weekly Claude Code limits by 50% through July 13. More capacity for interactive use with one hand. Subsidy removal for autonomous workloads with the other [20]. That’s not generosity. That’s a company steering you toward the usage pattern that doesn’t bankrupt them while quietly metering the one that does.

Gartner puts capital investment in AI data centers between 2024 and 2029 at roughly $6.3 trillion. To avoid writing that down, providers need to generate close to $2 trillion in AI revenue by the end of that window [6]. That money has to come from somewhere. It’s coming from your token bill.

The Math Nobody’s Running

Every pitch deck and LinkedIn post about AI-first development leads with speed. Nobody leads with cost. Let’s look at what “cheap” actually means.

Anthropic just told you what Claude Code costs: $13/developer/day on average, $30/day for the top 10% [2]. At the low end, that’s $260/month. At the high end, $600-$900. And they already doubled that estimate once without announcing it.

But that’s the subscription-tier math — one developer, interactive use, not pushing the limits. The moment you start doing what “AI-first” actually means — letting agents run autonomously, writing and deploying code with minimal human oversight — the numbers blow up.

StrongDM, a company that publicly documented its all-AI development approach, set its benchmark at $1,000 per engineer per day in token costs. That’s $20,000/month per developer in inference alone — before salaries, before infrastructure, before anything else [7].

Meanwhile, a fully loaded mid-level developer costs $12,000-$16,000/month. And that developer learns your business, catches bad architectural decisions before they ship, mentors the rest of the team, reviews code for security holes, and gets more valuable every single month they stay.

The AI-first shop at unsubsidized rates? Token costs north of $20K/month per engineer equivalent. You still need humans for architecture, review, and deploys — so add those salaries on top. Zero institutional knowledge carried between sessions. And the prices are going up, not down [8].

When Winder fired his team, when Acevedo shipped without authentication, when StrongDM set their $1,000/day benchmark — every one of those decisions was made against today’s subsidized rates. That math is about to invert.

The Part That Keeps Me Up at Night

But here’s the thing — even if the pricing somehow stayed cheap forever, I’d still be worried. Because cost isn’t the real problem. Judgment is.

The pitch for AI-first development usually involves a junior developer — or no developer at all — using AI tools to ship fast. And they do ship fast. Y Combinator co-founder Garry Tan said in March 2025 that roughly 25% of companies in that batch had codebases that were 95% or more AI-generated [11]. That’s real. That speed is real.

But speed without experience is dangerous. A junior developer using AI tools doesn’t have enough reps to know why the choices being made are bad ones. They don’t know the auth pattern the AI just generated is the same one that’s been exploited in half a dozen breaches this year. They can’t tell you the database schema is going to create cascading performance problems the moment they hit real scale. They don’t realize the API key the AI helpfully hardcoded into the frontend JavaScript is visible to literally anyone who opens their browser’s DevTools.

They can’t catch these things because they’ve never been burned by them. That’s not a knock on anyone — it’s just what being junior means. Experience is the scar tissue from mistakes you survived long enough to learn from.

And a fully autonomous AI agent? It has even less context than the junior. It’s not thinking about the business. It’s not weighing tradeoffs. It’s predicting the next token.

Veracode tested over 100 LLMs and found that 45% of AI-generated code introduced OWASP Top 10 vulnerabilities. That number hasn’t budged in two years of model releases — while syntax correctness climbed past 95% [9][10]. The models got really, really good at writing code that runs. They haven’t gotten any better at writing code that’s safe.

The enterprise data is scarier. Apiiro tracked AI-assisted developers across Fortune 50 companies: they commit code at 3-4x the rate of their peers, but introduce security findings at 10x the rate. Privilege escalation paths up 322%. Architectural design flaws up 153% [11].

When I hear someone say “we’re shipping 10x faster with AI,” I hear something different now. You’re not shipping faster. You’re manufacturing vulnerabilities at scale — and nobody in the room has enough experience to notice.

People Are Already Living This

This isn’t theory. There’s a pattern forming, and it starts small and gets bigger every time.

It starts with solo founders. Acevedo’s EnrichLead — the “zero hand-written code” app I mentioned at the top — is the clearest version of the story. No authentication. API keys in the frontend. Database wide open. When attackers found it all within days of launch, Acevedo tried to use Cursor to patch the holes. It “kept breaking other parts of the code.” He couldn’t fix the thing because he hadn’t built the thing [12]. That’s the fundamental problem with letting AI write code nobody understands — the moment something goes wrong, there’s no one in the building who can fix it.

But it’s not just solo founders making this mistake. The platforms themselves are generating insecure code at scale. Lovable, one of the most popular AI app builders, had a CVE disclosed that exposed over 170 production applications with completely accessible databases. The AI had been generating Supabase configs with Row Level Security turned off by default [13]. That’s not 170 founders making the same mistake. That’s one AI making the same mistake 170 times, and nobody catching it because nobody was looking.

Then it reaches Big Tech. Amazon Q Developer — Amazon’s own AI coding assistant — got compromised when an attacker submitted a pull request from a random GitHub account with no prior access and was handed admin credentials. AWS shipped the poisoned extension to nearly a million users without catching it [14]. If Amazon can’t keep its own AI coding tools secure, what chance does a startup with no security team have?

Vercel got breached because one employee granted a third-party AI tool called Context.ai broad OAuth permissions. That was all it took — one person, one click, and attackers were inside [15].

And then there are the companies where the whole bet collapsed. Builder.ai — backed by Microsoft, Qatar’s sovereign wealth fund, $500 million in VC — went bankrupt. They’d built a near-unicorn on the promise of AI-powered development. Turned out they were mostly using human engineers anyway, and the business model couldn’t survive contact with reality [16].

The pattern escalates further when you look at the tools themselves. Claude Code, Copilot, and Codex were all hacked — and in every case, the attackers targeted credentials rather than the models [17]. The tools companies are trusting to write their code can’t even protect their own access tokens.

And as if to put a bow on all of it: OpenAI itself was breached last week. The “Mini Shai-Hulud” supply chain attack hit two OpenAI employee devices through compromised npm packages, gave attackers access to internal source code repositories, and forced OpenAI to rotate code-signing certificates across macOS, Windows, and iOS [18][19]. The company that builds the AI coding tools got breached through its own software supply chain.

Solo founders. Platforms. Amazon. Vercel. A half-billion-dollar startup. The AI tools themselves. And now OpenAI. At some point, this stops being a collection of bad luck and starts being an obvious conclusion: when you remove experienced humans from the process, bad things happen. Reliably.

What We Actually Believe

I want to be clear about something: we’re not anti-AI at Clevyr. We use it every day. Our developers are faster because of it, and we’re not going back.

But we use AI the way you’d use any powerful tool — with experienced hands on the controls. There’s always a senior engineer reviewing what comes out. There’s always a human who understands the business, who can smell a bad architectural decision before it ships, who has enough scar tissue to know why a particular shortcut will create a nightmare six months from now.

The companies going all-in on AI-first development with nobody checking the work are betting their future on three things that are all temporary:

1. Subsidized token prices — disappearing as we speak
2. The assumption that AI code is secure — contradicted by every study we have
3. The idea that speed is the same as value — it’s not, and it never has been

Winder had to rehire. Acevedo’s app is gone. Builder.ai went bankrupt. The pattern isn’t subtle.

When the subsidies dry up, when the breach happens, when the tech debt bill comes due — and those are all when, not if — the cost of cleaning up the mess will dwarf whatever anyone saved by cutting experienced developers.

The fastest way to build software has never been the cheapest way to maintain it.

A lot of companies are about to learn that lesson the expensive way.

The Short Version

If you skimmed to the bottom, here’s where things stand: AI token costs are massively subsidized, and those subsidies are disappearing fast — both OpenAI and Anthropic killed flat-rate pricing in April 2026, and Anthropic just separated programmatic usage from subscriptions entirely. At unsubsidized rates, AI-first development can cost more per month than a fully loaded developer. Meanwhile, 45% of AI-generated code contains known security vulnerabilities, a rate that hasn’t improved over the past two years. And the companies that shipped without human review — from indie apps to Amazon to OpenAI itself — have the breach reports and bankruptcy filings to show for it.

Frequently Asked Questions

Is AI-first development actually cheaper than hiring developers?

Not at unsubsidized rates. Anthropic’s own estimates put Claude Code costs at $13/developer/day on average, and companies running fully autonomous AI workflows report spending $1,000/engineer/day in token costs — or $20,000+/month before salaries and infrastructure. A fully loaded mid-level developer costs $12,000- $16,000/month and brings institutional knowledge, security awareness, and architectural judgment that AI agents lack.

Are AI coding tokens subsidized?

Yes, heavily. OpenAI and Anthropic have both been selling inference at a loss — OpenAI at roughly $7 billion/year in inference costs, Anthropic at a reported 175x subsidy for heavy users. Both companies dismantled their flat-rate pricing models in April 2026, and Anthropic separated programmatic usage from subsidized plans effective June 2026.

How often does AI-generated code contain security vulnerabilities?

Veracode’s research across 100+ LLMs found that 45% of AI-generated code introduces OWASP Top 10 vulnerabilities. AI tools failed to prevent cross-site scripting 86% of the time and log injection 88% of the time. That rate has not improved despite two years of new model releases.

What companies have been breached or failed due to AI-generated code?

Notable examples include EnrichLead (shut down within a week of launch due to missing authentication and exposed API keys), Lovable (170+ apps exposed via disabled database security), Amazon Q Developer (compromised extension shipped to nearly 1 million users), Vercel (breached via a third-party AI tool), and Builder.ai (filed for bankruptcy despite $500M+ in funding).

Should companies stop using AI for software development?

No. AI is a powerful tool that makes experienced developers significantly more productive. The risk comes from treating AI as a replacement for the team rather than a tool the team uses — shipping AI-generated code without senior engineers reviewing it for security, architecture, and business logic.

At Clevyr, we build software with humans at the center — using AI to amplify experienced teams, not replace them. If you’re rethinking your development strategy and want an honest conversation about what the real costs look like, we’re here.

References

[1] Batt, S. (2026, May 13). Anthropic’s Claude subscriptions no longer include Agent SDK and claude -p usage. XDA Developers. https://www.xda-developers.com/anthropics-claude-subscriptions-no-longer-include-agent-sdk-and-claude-p-usage/

[2] OpenTools. (2026, April 29). Anthropic doubles Claude Code cost estimates to $13 per developer per day. OpenTools. https://opentools.ai/news/anthropic-doubles-claude-code-cost-estimates-developers

[3] Chen, R. (2025, August 29). AI inference economics in 2025: Why OpenAI and Anthropic are still losing billions. AI2Work. https://ai2.work/blog/ai-market-openai-anthropic-inference-losses-2025

[4] Agentic Brew. (2026, April). Anthropic shifts to per-token enterprise billing. Agentic Brew. https://www.agenticbrew.ai/news/4039746e-579c-48a5-98eb-2ea3d431d9b1/anthropic-shifts-to-per-token-enterprise-billing

[5] Beri, R. (2026, April 16). Flat-fee AI dies: Your $99/month just became $900/month. THE D[AI]LY BRIEF. https://beri.net/article/ai-pricing-flat-fee-era-over-enterprise-2026

[6] Field, H. (2026, April 23). You’re about to feel the AI money squeeze. The Verge. https://www.theverge.com/ai-artificial-intelligence/917380/ai-monetization-anthropic-openai-token-economics-revenue

[7] Dunlap, B. (2026, February 19). The software factory where no human reads the code — and it ships security software. AI Resource Pro. https://airesourcepro.com/blog/strongdm-software-factory-no-human-reviews-code

[8] Laurent, A. (2026, April 13). Claude pricing explained: Subscription plans & API costs. IntuitionLabs. https://intuitionlabs.ai/pdfs/claude-pricing-explained-subscription-plans-api-costs.pdf

[9] Veracode. (2025, July 30). 2025 GenAI code security report. Veracode. https://www.veracode.com/genai-code-security-report

[10] Brombacher, F. (2026, March 24). Spring 2026 GenAI code security update: Despite claims, AI models are still failing security. Veracode. https://www.veracode.com/blog/spring-2026-genai-code-security-report/

[11] Cloud Security Alliance AI Safety Initiative. (2026, April 4). Vibe coding’s security debt: The AI-generated CVE surge. Cloud Security Alliance. https://labs.cloudsecurityalliance.org/research/csa-research-note-ai-generated-code-vulnerability-surge-2026/

[12] Vibe Graveyard. (2025, March). “Zero hand-written code” SaaS app shut down within a week after cascading security failures. Vibe Graveyard. https://vibegraveyard.ai/story/enrichlead-vibe-coded-saas-shutdown/

[13] Vibe Coder Blog. (2026, April 5). The Lovable CVE that exposed 170 apps and what it teaches us. Vibe Coder Blog. https://blog.vibecoder.me/lovable-cve-case-study-what-went-wrong

[14] The Register. (2025, July 24). Destructive AI prompt published in Amazon Q extension. The Register. https://www.theregister.com/security/2025/07/24/destructive-ai-prompt-published-in-amazon-q-extension/615835

[15] Help Net Security. (2026, April 20). Vercel breached via compromised third-party AI tool. Help Net Security. https://www.helpnetsecurity.com/2026/04/20/vercel-breached/

[16] The Register. (2025, May 21). Builder.ai coded itself into a corner — now it’s bankrupt. The Register. https://www.theregister.com/2025/05/21/builderai_insolvency

[17] VentureBeat. (2026, April 30). Claude Code, Copilot and Codex all got hacked. Every attacker went for the credential, not the model. VentureBeat. https://venturebeat.com/security/six-exploits-broke-ai-coding-agents-iam-never-saw-them

[18] Abrams, L. (2026, May 14). OpenAI confirms security breach in TanStack supply chain attack. BleepingComputer. https://www.bleepingcomputer.com/news/security/openai-confirms-security-breach-in-tanstack-supply-chain-attack/

[19] Reuters. (2026, May 14). OpenAI says no user data breached after security issue with open-source library. Yahoo Tech. https://tech.yahoo.com/cybersecurity/articles/openai-says-no-user-data-045105938.html

[20] Implicator. (2026, May 14). Anthropic usage-based billing is exact, plan limits are not. Implicator. https://www.implicator.ai/anthropics-usage-based-billing-is-exact-its-plan-limits-are-vague-by-design/

[21] Spaceteams. (2025, April 7). 100x Developer? The AI-only team that crashed and burned. Spaceteams. https://www.spaceteams.de/en/insights/100x-developer-the-ai-only-team-that-crashed-and-burned