Remember the final scene of Ratatouille? Anton Ego, the most feared food critic in Paris, sits down in front of a dish prepared by Remy and has an epiphany. For years he had mocked chef Auguste Gusteau’s motto: “Anyone can cook.” He saw it as an insult to the nobility of the craft. And yet, after tasting a dish prepared by a rat, he finally understands what those words really mean: “Not everyone can become a great artist, but a great artist can come from anywhere.”
While reading yet another wave of articles celebrating the latest “revolutionary” model, I kept thinking about that scene. Borrowing from Gusteau, the current software mantra seems to have become “Anyone can code”, thanks to Generative AI and Vibe Coding. And, just like Gusteau’s motto, it contains a real truth. Artificial Intelligence (AI) has lowered the barrier to entry. Prototypes can be built in hours. Code can be generated, tested and rewritten.
The promise is not false.
It is incomplete.
The fairy tale of having a developer for 20 dollars a month is ending. And the wake-up call is expensive.
To paraphrase Gusteau: “Anyone can code.” But given the cost trajectory of AI tools in 2026, “only the rich can be great.”
The “AI Replaces Work” Narrative Is Changing Tone #
2026 may be remembered as the year of the “Silent Replacement.” Hardly a week goes by without a tech giant announcing deep restructuring. But unlike the post-pandemic crisis of 2023, this time the culprit has a precise name: AI efficiency.
Over the last two years, we have heard the same promise in many forms: smaller teams, “10x” developers, companies run by just a handful of people, autonomous agents capable of doing the work of entire departments. Part of this promise is real. Automation is compressing some knowledge-based activities, and many companies are reorganizing headcount and processes around AI.
But saying “AI is stealing jobs” is a shortcut. The reality is more uncomfortable and more interesting: AI is becoming a lever to redesign roles, expectations, budgets and responsibilities. Sometimes it replaces tasks. Sometimes it increases pressure on the people who remain. Sometimes it becomes the language management uses to describe cost reduction that also has other causes.
The examples tell different shades of the same story. At Cisco, AI looks mostly like capital reallocation: almost 4,000 cuts, less than 5% of the workforce, while the company shifts investment toward AI infrastructure and related growth areas.1 Meta is more delicate: Reuters reported possible cuts above 20% in a context of rising AI and data center costs, but the company called the story “speculative reporting about theoretical approaches.”2 Caution is mandatory here: not “layoffs caused by AI”, but AI entering the debate about efficiency, infrastructure and organizational sizing.
Other cases use more direct language. Cloudflare linked about 1,100 cuts to internal AI use, which had grown by more than 600% in three months, even as the company reported a record quarter.3 PayPal talks about modernizing its platform and aggressively adopting AI in software development, inside a broader reorganization with significant expected savings.4 DeepL is perhaps the most explicit example: about 250 cuts, a quarter of the workforce, and a “massive structural shift” in what work exists, who does it and how many people are needed.5
The pattern is clear: we are not looking at a simple human-machine replacement.
| Company | Reported cuts | % workforce | AI-linked narrative |
|---|---|---|---|
| DeepL | ~250 | 25% | “Massive structural shift” toward an AI-native model |
| Cloudflare | ~1,100 | 20% | Internal AI use up 600% in 3 months |
| PayPal | ~4,760 | 20% | Realignment around an AI-centered platform |
| Meta | n/a (planned) | >20% | Rising AI costs and major data center investments |
| Cisco | ~4,000 | <5% | Reallocation toward AI infrastructure ($9B FY2026 orders) |
Sources: Reuters, TechCrunch, Heise/tech.eu — March/May 2026
The Real Problem Is Not AI. It Is the Bill. #
The most underestimated part of the story is economic.
For a while, we sold AI as if it were traditional software: a monthly price, a license, a few usage limits. But generative models are not classic SaaS. Every request consumes compute. Every output has a cost. Every larger context window drags more tokens with it. Every agent that reads files, calls tools, retries and waits for tests consumes resources even when we perceive it as “working by itself.”
GitHub made this explicit when it announced that Copilot would move to usage-based billing on June 1, 2026. Base prices are not changing, but premium request units are being replaced by GitHub AI Credits consumed according to input, output and cached tokens. The official reason is clear: Copilot has become an agentic platform capable of long, multi-step sessions, with much higher compute and inference requirements.6
This is a cultural shift. As long as the price felt flat, a quick chat and a two-hour agentic session seemed to belong to the same subscription. Once billing follows tokens, models and real consumption, the difference becomes visible.
Anthropic makes the phenomenon even more concrete in the official Claude documentation. API pricing is expressed per million tokens, with important differences between models, input, output and cache. Claude Opus 4.7, released on April 16, 2026, is listed at $5 per million input tokens and $25 per million output tokens; Claude Sonnet 4.6 at $3 and $15; Haiku 4.5 at $1 and $5.7 So far, nothing surprising.
The interesting part is in the details: the new Opus 4.7 tokenizer can use up to 35% more tokens for the same text; regional endpoints can carry a 10% premium; US data residency can apply a 1.1x multiplier; fast mode can reach 6x; tools add tokens; web search costs $10 per 1,000 searches; managed agents also include runtime at $0.08 per session-hour.7
| Model / Plan | Input | Output | Notes |
|---|---|---|---|
| Claude Opus 4.7 | $5/M tokens | $25/M tokens | New tokenizer: +35% tokens vs. previous models |
| Claude Sonnet 4.6 | $3/M tokens | $15/M tokens | — |
| Claude Haiku 4.5 | $1/M tokens | $5/M tokens | — |
| GitHub Copilot Individual | $10/month (base) | — | Agentic sessions: usage-based from June 2026 |
| GitHub Copilot Business | $19/month (base) | — | AI Credits for real agentic consumption |
Sources: Anthropic API Pricing, GitHub Blog — April/May 2026
Taken individually, these numbers look small. Multiplied across developers, CI/CD workflows, internal documentation, customer support, security agents, log analysis and automatic retries, they become a serious budget line.
The Financial Times reported that Big Tech’s $725 billion AI spending spree is pushing free cash flow to a decade low.8 Even without diving into every detail, the message is obvious: “cheap” AI for the end user rests on very expensive infrastructure for whoever provides it.
This is where the cookbook metaphor becomes useful again. At first, the recipe book makes you believe you can cook. Then you discover that you need ingredients, increasingly expensive equipment, energy and time. But for a truly exceptional dish, you still need the chef: someone who can tell the difference between code that “works” and code that is solid, secure and ready to serve.
Vibe Coding: Useful, Fast, but Not Magic #
I use Generative AI tools, including coding tools, every day. And yes, they work.
In practice, vibe coding works very well for prototypes, boilerplate, controlled refactoring, documentation, temporary scripts, log parsing, early UI work and translating ideas into testable code. When I need to prepare a CIAM demo, a proof of concept or a lab, I start much faster than I did a few years ago. A concrete example is the Opaflix project: it was not built in a few hours, but thanks to vibe coding I was able to build it in days or weeks instead of months, even though I am not a full-time developer.
But “faster” does not mean “without supervision.”
In practice, I am often not delegating to AI. I am acting as product manager, architect, security reviewer and QA at the same time. I need to explain context, limit scope, prevent unnecessary rewrites, verify that it does not invent APIs and stop it when it decides to “improve” parts nobody asked it to touch.
AI loses context. It is like a very fast intern with no stable memory: every time, it has to reread code, README files, AGENTS.md or CLAUDE.md. And every context reload consumes tokens.
A Potential Security Disaster #
The most dangerous part is that generated code often looks plausible. It is not obviously broken. It compiles. The demo runs. The UI responds. And precisely because of that, it can slip under the radar.
This happened to me in a very concrete way. I was building a demo website for a customer CIAM project. I needed an example of a full-code password reset integration, without using Okta’s prebuilt widget. I asked AI to generate an example, and it returned working code.
Working, yes, but completely vulnerable.
You could pass a username through the query string and change any user’s password, without any verification. The backend took that username and used the Okta SDK and API to set the new password. No recovery token, no out-of-band verification, no control over the requester’s identity, no serious protection against abuse or enumeration.
It was exactly the kind of code that can look perfect in a superficial demo. In production, it would have been a disaster.
This is the point that anyone working in IAM and CIAM immediately sees: authentication is not just “a form that works.” Password reset is one of the most sensitive flows in an identity system. It must be designed with proof of possession, rate limiting, audit, policy, temporary tokens and a clean separation between request and action. AI can help write code, but it cannot replace security judgment unless you give it constraints, context and review.
That is why I am not worried that platforms like Okta will be replaced by some Generative AI prompt. Generating code is one thing; designing, testing, protecting and operating an identity service in production is another. Security, reliability, auditability and operational accountability cannot be improvised with a well-formatted prompt.
The Cost of Really Using AI #
I have also seen the economic side personally. Between February/March and April/May, my personal and professional AI costs increased by about 25-30x. Not because I was doing absurd things, and not because I had radically changed how I work: the way tokens are counted changed, token prices changed, and agentic sessions became economically heavier. And of course I am not the only one seeing this: many people have reported steep increases in AI spending.9
This is the problem of AI cost management: consumption grows not when you “play” with AI, but when you start using it for real. This is where the joke becomes less funny: with these dynamics, vibe coding can become sustainable only for those who can afford it.
Human Work Is Not Just Output #
The complete replacement of human teams is often framed as a productivity problem: if an agent produces the same output as five people, then I can reduce the team. But in real organizations, work is not just output.
Work is historical memory. It is knowing why a system was built in a certain way. It is remembering the customer who has a different configuration because years ago there was an incomplete migration. It is knowing that an apparently redundant policy exists because of a past audit. It is knowing the “tricks of the trade” nobody documented because they seemed obvious to the people who were there.
This implicit knowledge is extremely difficult to transfer to a model. Not because AI is stupid, but because it often does not exist in documented form. It is distributed across people, chats, tickets, calls and temporary exceptions that became permanent.
There is also another human point that is often ignored: it is not obvious that people will calmly train the system that could reduce their role tomorrow. Collaboration with AI requires trust. If AI is introduced only as a cost-cutting lever, that trust breaks.
Many companies also underestimate the cost of supervision. Some analyses of vibe coding now talk about a Quality Tax: senior hours spent maintaining tests, verifying generated code and correcting outputs that looked ready.10 An agent that produces ten pull requests a day does not necessarily eliminate work: it can move the workload to review, security, architecture and governance.
AI is a multiplier: if you multiply by zero, you get zero; if you multiply by an expert team, you get results. But this power has a price, and the companies controlling these tools also hold the keys to the costs.
The cookbook can help you get started.
But someone still has to taste the dish before serving it.
Recent Mistakes Are Not Science Fiction #
When we talk about AI risks, we do not need apocalyptic scenarios. Visible operational and security incidents are enough.
GitHub, in its April 2026 availability report, documented incidents that also affected Copilot. On April 9, Copilot coding agent had delays starting new sessions: about 84% of new requests were delayed, with wait times peaking at 54 minutes compared with a 15-40 second baseline, and about 22,700 workflow creations delayed or failed. The cause was a rate limiting bug, aggravated by 3-4x higher API traffic after a client update.11
On April 22, Copilot Chat on github.com and Copilot Cloud Agent were unavailable because of an infrastructure configuration issue that caused database connectivity problems.11 Again: not the end of the world. But if a company decides to base delivery on AI agents, these incidents become part of the operational risk.
From a security perspective, concrete examples are starting to accumulate. In March 2026, Meta had to deal with internal agents that reportedly exposed sensitive data to unauthorized employees.12 In May 2026, the PocketOS case showed an even more operational risk: a Claude-based coding agent reportedly deleted production databases and backups in seconds.13
OWASP, through the GenAI Security Project, explicitly includes LLMs, agentic systems and AI-driven applications within secure development and governance practices.14 This is not a detail: when agents can call tools, read data, write code, open tickets, change configurations or execute workflows, they are no longer “chatbots.” They are operational actors.
Who Controls the Stove? #
My conclusion is not anti-AI.
AI is not a bluff. The progress is real, the productivity gains are real, and ignoring it would be irresponsible. But it would be just as irresponsible to accept, without critical thinking, the idea that replacing human teams with agents is always cheaper, safer or more efficient.
Today, full replacement often shifts costs instead of eliminating them: tokens, inference, platforms, governance, review, incident response and supervision. It does not automatically increase quality, because quality requires context, tests, security and domain knowledge. And it introduces new risks, because every agent acting on our behalf has identity, privileges and responsibilities.
For those of us working in IAM, the direction is clear: AI agents are identities. They must be governed as identities — I explored this in the blueprint for a secure agentic enterprise and the access patterns for AI agents with Okta. We need to know who created them, which human sponsors them, which data they can read, which actions they can execute, when they must be deactivated and how they are audited.
Least privilege, policy, logging, lifecycle, approvals, segregation of duties and compliance do not become less important with AI. They become more important. The EU AI Act points in the same direction: risk-based approach, logging, transparency, human oversight, cybersecurity and specific obligations for high-risk systems and general-purpose models.15
We can, at least in theory, address the security side with governance, identity, policy, audit and the right tools. The harder uncertainty is rising costs: tokens, compute, premium models and pricing increasingly tied to real usage.
This may be the most important point. The companies controlling models, pricing, infrastructure and access to compute will have enormous power over the way we work. Not only because they sell tools, but because they become part of the production chain for software, support, compliance and enterprise knowledge. As a result, every price increase they impose can have very concrete effects on company budgets.
Maybe the phrase “anyone can code, but only the rich can be great” is too cynical, but it captures something real.
AI can lower the barrier to entry. It can help more people create. It can make experimentation more accessible. Returning to Ratatouille: “Not everyone can become a great artist, but a great artist can come from anywhere.”
But becoming truly good will still require competence, judgment, context, responsibility and the economic resources to afford tokens and access to these tools.
What is your experience with AI costs, AI productivity and development with AI agents? Are you seeing more real productivity or more complexity to govern? Write to me in the comments or on LinkedIn.
-
Reuters, “Cisco to cut about 4,000 jobs in AI-focused restructuring as orders surge”, May 13, 2026. ↩︎
-
Reuters, “Exclusive: Meta planning sweeping layoffs as AI costs mount”, March 14, 2026. ↩︎
-
TechCrunch, “Cloudflare says AI made 1,100 jobs obsolete, even as revenue hit a record high”, May 8, 2026. ↩︎
-
TechCrunch, “PayPal says it’s ‘becoming a technology company again’ — that means AI”, May 5, 2026. ↩︎
-
Tech.eu, “German AI translation startup DeepL to axe 250 staff”, May 7, 2026; heise online, “Cologne AI translator DeepL lays off a quarter of its workforce”, May 7, 2026. ↩︎
-
GitHub Blog, “GitHub Copilot is moving to usage-based billing”, April 27, 2026. ↩︎
-
Anthropic, “Claude API Pricing”, accessed May 18, 2026. ↩︎ ↩︎
-
Financial Times, “Big Tech’s $725bn AI spending spree sends free cash flow to a decade low”, 2026. ↩︎
-
Bryan Collins, “What I’m Spending On AI Every Month”, Medium, September 26, 2025. ↩︎
-
Hashnode, “The State of Vibe Coding 2026”, 2026. ↩︎
-
GitHub Blog, “GitHub availability report: April 2026”, May 14, 2026. ↩︎ ↩︎
-
The Guardian, “Meta AI agents instruction causes large sensitive data leak to employees”, March 20, 2026; TechCrunch, “Meta is having trouble with rogue AI agents”, March 18, 2026. ↩︎
-
TechSpot, “AI coding agent running Claude wiped a startup’s database in seconds”, 2026; Tom’s Hardware, “Claude-powered AI coding agent deletes entire company database in 9 seconds”, 2026. ↩︎
-
OWASP, “Top 10 for Large Language Model Applications / GenAI Security Project”, accessed May 18, 2026. ↩︎