Isometric illustration of a contract, a shield with a padlock and a magnifying glass over code
Trends
AI agency
hiring
intellectual property
security
methodology

The code is the easy part. The risk is everything else.

Anyone can generate code with AI now. That makes choosing an agency riskier than ever. 7 red flags and what to demand before you sign.

Mario VelázquezJuly 5, 20265 min0 views

Anyone can generate code today. One prompt, thirty seconds, and you have a working app on screen.

That makes hiring an AI agency riskier than ever — not safer.

Code stopped being the differentiator. The risk now lives in everything the demo doesn't show: who owns the intellectual property? who documents it? is there a trail of every change? did they sign a confidentiality agreement?

The demo always looks amazing

Back when writing code was expensive, knowing how to write it proved someone could build your product. Not anymore. A model now generates in an afternoon what used to take weeks.

That's good news. But it changed where the risk lives. Projects used to fail because the code never shipped. Today they fail because the code shipped fast, looked great in the demo, and everything else was left hanging.

Generating code is the easy part. The hard part — the part that actually protects your investment — is everything that doesn't fit into a fifteen-minute demo.

7 red flags before you sign

If you're deciding who to trust with your product, run through this list. If you check two or more, the problem isn't the price.

1. They don't ask you to sign a confidentiality agreement

You're about to show them your operation, your data, your numbers. If they don't protect your information from day one, ask yourself what they do with every other client's information.

2. There's ambiguity about intellectual property

If the contract doesn't say, in writing, that the code and the data are yours, they aren't yours. Plenty of "I'll build your app" deals end in a system only the builder can touch, hosted on their account, with the key in their pocket.

3. There's no traceability of changes

Without version history, without change control on the database, nobody knows what changed, when, or why. A system like that can't be audited, can't be handed off, and can't be fixed without guessing.

4. They don't hand over documentation

An undocumented system is a hostage. It works as long as that person answers the phone. The day they don't — or raise their price — you have no one else to turn to. Documentation is what gives you the freedom to change partners.

5. The contract is vague… or doesn't exist

Without scope, deliverables and responsibilities in writing, you lose any disagreement. "Trust me" is not a contract. A good partner wants a clear contract as much as you do: it protects both sides.

6. "The code works" is good enough for them

Working in the demo and holding up in production are two different things. If no one talks about security, about who can see which data, about where the keys and passwords live, or about what happens when junk hits the form, the system isn't finished. It's about to fail in front of your users — or get hacked.

7. Zero methodology and zero product judgment

If they take your idea at face value and turn it into code without questioning anything, you're not hiring a partner: you're hiring a keyboard. The question isn't "can it be done?" — almost anything can. It's "does this solve the business problem?". That distinction is, today, almost all of the value.

What should happen instead (and why it's the minimum bar)

None of this is a luxury. It's the foundation you build something lasting on. This is how we work, and it's what you should demand from whoever you hire — us included.

  • Before writing a single line, we listen. We understand the business and the real problem before proposing a solution. Our process is explicit: we listen, define, build, expand.
  • The code is yours, in writing. Clear intellectual property, hosted where you control it, with a contract that defines scope, deliverables and responsibilities.
  • Every change leaves a trail. Version history and change control on the database. You can see what changed, when and why — and any team can pick up the work.
  • Security by design, not as an afterthought. Access rules per record, secrets out of the code, validation on everything that comes in. It holds up in production, not just in the demo.
  • Documentation that sets you free. You get a system another team can take over and understand. Your independence is part of the deliverable.
  • Product judgment, not just hands. We question, prioritize and design. AI speeds up the building; experience decides what gets built.

AI made code abundant. That makes the scarce things — judgment, process, legal clarity, security, documentation — worth more, not less. That's the work that separates a pretty demo from a product you can run for years.

If you're about to trust someone with your product, run this list by them. And if you'd rather build with a partner who already works this way, let's take your idea to production.

Related articles