One observation ran as a common thread throughout: AI is an amplifier. It accelerates what you already do well, and it just as clearly exposes what is not in order.
1. Kramp: a complete agent platform, and not a tech company
The strongest story came from Kramp, a supplier of agricultural parts. Not a software company, yet in just a year and a half they built a full-fledged platform where employees can create their own apps and agents that take over repetitive work. The remarkable part: this is not limited to developers. Someone in procurement, support, or finance can build just as easily.
This is exactly the direction we encourage. The barrier is no longer technical knowledge, but whether people are given the space and framework to do it safely. The new Gemini Enterprise suite that Google presented makes this much more accessible, and that is something we welcome. It is exactly what we can set up for clients: enabling their own people to build solutions that make their work easier, even without an AI or IT background.
2. Google: 80% is not good enough
Google walked us through their own way of developing software with AI. The core of it is vibe coding: you describe what you have in mind, and the AI quickly builds it. For a prototype, that is incredibly powerful. In an afternoon you have something working that is about 80% correct, enough to demonstrate or test an idea.
The problem starts when that prototype needs to become a production system. Because think about what 80% means in a bank or a hospital: there, 80% correctness equals 100% failure. That final 20% cannot simply be patched in afterwards. That is why the build process needs to be constrained from the start.
According to Google, three things are required: governance, security, and domain expertise. Governance forces you to design first and build later. It translates vague intent the “vibe” into a clear specification that can be validated, including against regulatory requirements. Security controls act as a filter, because AI mainly covers the ideal scenario and tends to miss edge cases and safety risks. And domain expertise is necessary because otherwise AI will guess based on general patterns from its training data. You want the code to reflect the real rules and structures of your specific domain, not assumptions about how it might work in general.
The step from prototype to production system is therefore not about writing more code, but about setting boundaries. Vibe coding is meant for fast, creative exploration, while governance, security, and domain expertise are meant to remove uncertainty. That is why we do not vibe-code, but instead program in a structured way with AI: a solid specification upfront, automated tests, and built-in controls. This preserves AI’s speed while ensuring you deliver something reliable enough for production.
3. Wiz: attackers are already ahead of you
The security platform Wiz shared a striking statistic. The time between a vulnerability appearing and it being exploited has collapsed: where it used to take days, it now averages 29 minutes with AI. Attackers’ AI often finds the gaps before vendors can even patch them. While you are still doing root cause analysis, the vulnerability is already being exploited.
Manual patching after the fact cannot keep up with that pace. That is why we use tooling that continuously scans for vulnerabilities and prepares fixes while the team is asleep. In the morning, there is no problem on the table. Only a fix.
Closing
A strong day, from which we left with even more conviction than we arrived with. The tools are becoming impressive, but the difference is not in the tool. It is in how you embed it in your way of working. That is where we are happy to help think along.