A few days ago, a story hit Hacker News about an Obsidian community plugin being weaponized to deploy a remote access trojan. People installed it to take notes faster. Then someone had a shell on their laptop.

That story sounds niche. It isn't.

The shape of modern work

Knowledge workers don't really use software anymore. They run stacks. One person's "workflow" might be fifteen browser extensions, six AI assistants, a notes app with a dozen plugins, two Slack bots, and a Zapier graph nobody dares touch. Every item on that list is a trust decision someone made on a Tuesday while half listening to a meeting.

The moment one of them turns hostile, the whole thing is on fire.

Five years ago the future-of-work conversation was remote vs. hybrid. Now it's about who maintains the attack surface of your daily tools. For most teams the honest answer is nobody.

The maintenance bill is showing up

A theme keeps showing up in my feed: AI coding agents that don't actually reduce maintenance cost. They generate working code. Fine. But that code still needs patching, auditing, redeploying, and explaining to whoever inherits it next quarter.

When you ship your own infrastructure, you sign up to maintain it. That used to be a developer problem. Now that anyone can produce a working app from a prompt, it's everyone's problem. Solo founders. Marketing teams. Operations leads who never wanted any of this.

Managed beats DIY for most people

Most teams don't need more plugins. They don't need their own backend either. They need to stop running infrastructure they didn't want to run in the first place.

This is the bet we're making at DontCode. The AI is fine-tuned for app building, not a generic chatbot in a UI. Database, auth, notifications, deployment all come pre-configured. You don't add a plugin to handle KakaoPay or Toss. It's already there. You don't pick an auth library. It's already there. You don't audit a random npm package because you needed one feature. We do that part.

The Obsidian story will repeat next month with a different name. The plugin model is fragile by design. The extension stack people are building around AI assistants is fragile for the same reason.

What this changes for non-developers

If you're building a business right now, you have two paths. Glue together fifty tools and pray nothing in the supply chain goes sideways. Or use a platform where the boring, dangerous parts are someone else's problem.

DontCoders pick the second one. They still tinker plenty. They just don't tinker with auth libraries and payment gateways.

If you want to see what that looks like in practice, give DontCode a try. Or read more on the blog about how no-code is reshaping who gets to build.