My Friend Gave His Whole Team AI Coding Agents. Here’s What Actually Happened.

I’m Kristjan, the founder of AI Workspace. A few months ago I was grabbing a beer with my friend Luka after work. He co-runs a small performance marketing agency in Ljubljana. Six people, mostly non-technical. He’d just tried something bold with his team, and the story he told me that evening is basically why this product exists.

How It Started

Luka had been seeing the same stuff we’ve all been seeing online. People building dashboards in one prompt. Landing pages with tracking pixels in fifteen minutes. He’s not a developer, but he’s sharp, and he immediately saw what it could mean for a small agency constantly fighting deadlines.

“If one person can build a landing page that fast,” he told me, “what happens if I get my whole team doing it?”

Fair question.

The Demo That Changed Everything

Matej, the one semi-technical guy on the team, had been playing with an AI coding agent on his own laptop for a couple of weeks. One Friday afternoon he showed everyone what he’d built: a fully responsive sales page for a supplement client. Testimonials, countdown timer, Meta Pixel, mobile checkout, the works. The kind of thing they’d normally outsource to a freelance designer.

It took him about twenty minutes.

Luka told me the room just went quiet. Everyone was doing the math in their head.

By Monday morning, he’d cancelled their design retainer and told everyone to install the AI coding tool on their work laptops.

Week One: Everything Went Wrong

This is where the beer conversation got interesting. Because the problems started immediately.

Setup chaos (and a broken laptop)

Anja, their content strategist, had never opened a terminal in her life. She spent half a day trying to install Node.js. Following some tutorial, she ran a command with admin access, typed in her password, and accidentally changed system permissions on her laptop.

It wouldn’t open basic folders for two days. IT had to fix it.

“Organize my files” turned into “reorganize my computer”

Rok, the account manager, actually got the agent running. He asked it to “organize my project into a cleaner structure.”

It did. Just not only inside the project.

It moved stuff around across his whole computer, including parts of his Desktop and a client proposal he was in the middle of writing. He spent the rest of the day digging through folders trying to recover everything.

Luka was laughing telling me this, but you could tell it wasn’t funny at the time.

“Rok told me: ‘I asked it to clean up my project. It cleaned up my entire computer. I didn’t even know that was possible.’”

The scary one: live credentials + the wrong test

But then he told me about Nina, their media buyer, and I stopped laughing.

Nina asked the agent to build a reporting script that connects to their Meta Ads API. Like most people who run scripts locally, she had API credentials saved in a .env file on her laptop.

The agent read the credentials, connected to the live account, and while “testing” the connection sent a malformed request that reactivated three paused campaigns.

Those campaigns were paused for a reason. They were losing money. Daily budgets of a few hundred euros each.

By the time Nina noticed, they’d burned over €2,000 in a couple of hours on ads pointing to landing pages that didn’t even exist anymore.

€2,000+

wasted on reactivated ad campaigns in a couple of hours because the AI agent had access to live API credentials

That’s when I put my beer down.

The Part That Hit Home for Me

I’d been building AI Workspace at the time, but hearing Luka describe it from the user’s side made the problem feel completely different.

AI coding agents are powerful because they actually do stuff. They read files, run commands, install packages, execute scripts. That’s the whole point. But when you run them on a laptop that also has your browser passwords, client documents, production API keys, personal files, access to ad accounts... you’re giving a very capable, fast-moving tool access to everything on your machine.

The AI isn’t malicious. It follows instructions literally, sometimes too literally, and small ambiguities snowball fast.

“Clean up my project.” “Connect to our API.” “Run a quick test.”

Each of those sounds harmless. Until it isn’t.

Luka also told me Matej had explained prompt injection to him. How hidden instructions can be embedded in a PDF or spreadsheet, and the AI just treats them as commands. On a work laptop with broad file access, that’s not theoretical. It’s a real risk.

“We were so focused on what AI could build for us that we never stopped to think about what it could break.”

What I Told Him to Try

Luka said he was ready to give up on AI agents entirely. Go back to the freelance designer, the manual spreadsheets, the old way.

I told him: “Don’t drop the tool. Change where you run it.”

That’s literally the idea behind AI Workspace. Same AI coding agent. Same capabilities. But it runs in an isolated cloud container, a sandbox. The AI can only touch a workspace folder. No access to personal files, browser passwords, API keys, or anything else on your machine. And if something goes wrong, you restore a previous version with one click.

Same agent. Same power. Different blast radius.

Luka signed the team up the next morning. By that afternoon, all six of them were building again.

What Changed

Anja (content strategist) finally stopped fighting terminal installs. She opened a browser tab, asked the agent to build a client reporting template with charts and their logo. Done in minutes. The same thing used to take her days each month in Google Docs.

Rok (account manager) built a lead-scoring calculator by describing the rules in plain language. It became an internal tool their biggest client uses daily. Rok still doesn’t write code.

Nina (media buyer) rebuilt her reporting workflows, but this time in a sandbox with no access to live credentials. She drops in CSV exports, and the agent turns them into dashboards. If she accidentally tells it to “rebuild everything from scratch,” she just restores the previous version and keeps going.

10x

faster landing page delivery compared to their previous freelancer workflow

Matej automated their entire morning campaign review. Built a dashboard the team checks before standup. What used to take someone two hours of pulling data from three platforms now just… works.

Three Months Later

I caught up with Luka again recently. Within the first month, his team:

Cancelled their design retainer (this time for real)
Dropped two software subscriptions
Replaced most of their reporting workflow
Stopped waiting on vendors for “small” builds

They went from five clients to eight without hiring anyone. The extra capacity came entirely from the time they saved building tools with AI instead of waiting for freelancers.

“We went from ‘AI is going to destroy everything’ to ‘AI is the reason we’re growing.’ The only difference was running it in the right environment.”

Why I’m Sharing This

Luka’s story isn’t unique. I keep hearing versions of it. People who see the potential of AI coding agents, try to run them locally, and either get stuck on setup or have something go wrong that scares them off.

The agents aren’t the problem. Running them on machines full of sensitive data, with no guardrails, is.

If you isolate the environment, limit access to credentials, make version rollback easy, and give people space to experiment without fear, they build faster than you’d expect. And nobody has to worry that one vague instruction will break a laptop or spend real money.

That’s the whole idea behind what we’re building here. Nothing more complicated than that.

Kristjan, founder of AI Workspace