What does Abhijit A Paranjape do?

AI and automation consultant based in Pune, India. Builds custom AI agents, workflow automation, social media automation, landing pages, AI video production, custom SaaS software, and voice assistants — designed around the specific needs of each business.

Where is Abhijit based?

Pune, India — works with clients worldwide over video, phone, email, and WhatsApp.

What AI and automation tools does Abhijit use?

Primarily Google Gemini for AI, n8n for workflow automation, and Next.js for SaaS products and landing pages. Tool choice is always pragmatic — the simplest thing that solves the problem.

How do I book a consultation?

Book a free 30-minute discovery call at https://abhijitai.in/book or email contact@abhijitai.in. No commitment.

What kind of businesses does Abhijit work with?

Founders and businesses across industries — travel agencies, home loan influencers, lawyers, tuition classes, catering services, real estate agents, colleges, and wedding-industry businesses, among others.

Do you build RAG systems?

Yes — Abhijit builds Retrieval-Augmented Generation systems grounded in your own documents so the assistant only uses real information and never invents facts. This very website uses a RAG pipeline. There's a full write-up at /blog/rag-that-ships.

Do you build voice agents?

Yes — native audio-to-audio voice assistants on Gemini Live, with function calling into RAG for grounded answers. Available on the website chat, phone calls, and WhatsApp — the same knowledge base across all three channels. Details at /blog/voice-agents-really-work.

Can you help with WhatsApp automation?

Yes. Abhijit builds WhatsApp assistants that answer customer questions, qualify leads, and hand off to humans when needed — grounded in your own documents, running on Twilio and Gemini. You can test the live sandbox: WhatsApp +1 415 523 8886 with the code "join stream-furniture" then ask a question.

How much does a typical project cost?

Pricing varies by scope — there is no fixed package. Most engagements start with a free 30-minute discovery call to understand the business problem; a scoped proposal with pricing follows. Book at /book.

How long until I see results?

Most automation projects deliver measurable time savings within the first few weeks after launch. Example: a LinkedIn automation built for a busy lawyer saves around 10 hours a week of manual posting, starting from week one.

n8n is a flexible workflow automation tool that connects hundreds of apps — Gmail, Sheets, Slack, HubSpot, WhatsApp, and custom APIs. It is the fastest path from "my business has this repetitive task" to a working automation, and it is self-hostable so your data stays yours.

Who owns the data and the code?

You do. Abhijit delivers clean handover with documentation. Your knowledge base, your automations, your source code — no vendor lock-in.

What kind of AI videos do you create?

Property walkthrough videos for real estate agents (from photos and floorplans, no camera crew), campus highlight reels for colleges, and marketing clips with auto-generated voiceover and background music. Turnaround in hours, not weeks.

Can you build a full SaaS product?

Yes — end-to-end custom web apps including design, building, databases, user accounts, payments, and launch. Example: a Wedding Card Generator platform built from scratch so couples can create invitations online in minutes.

How can I reach Abhijit?

Four channels, all connected to the same AI-powered knowledge base: the chat widget on this site, email contact@abhijitai.in (business) or abhijit@abhijitai.in (personal), phone +1 254 279 6098, and WhatsApp +1 415 523 8886 (sandbox join code: "join stream-furniture").

All field notesEngineering

Vibe-Coding Isn't Free: A Production Checklist for AI-Built Apps

Abhijit ParanjapeApr 14, 20265 min read

A medical professional I read about this week built a patient management system with an AI coding agent, uploaded real patient records, and shipped it live on the public internet. Within thirty minutes of someone looking at it, the entire database was one curl command away from a stranger on the other side of the world. Voice recordings from patient consultations were flowing into a US-based API with no data processing agreement. The whole thing was stitched together through weeks of natural-language prompts with no idea what the generated code was actually doing.

That story isn't about a bad clinician. It's about what happens when a tool gets too comfortable. AI coding agents are shockingly good at making something that looks like a working app. They are not good at telling you what's missing. If you don't already know what to ask for, you won't ask for it — and the agent will not stop you.

I build custom software for businesses for a living, and I use AI coding agents every day. This isn't an argument against them. It's a short checklist for founders shipping AI-built software who don't want to end up as someone else's cautionary blog post.

1. Auth at the database, not just the front end

The first failure in every vibe-coding horror story is the same: the login page works, so the founder assumes the app is secure. It isn't. Real access control lives at the database layer — row-level policies that reject a query from a user who doesn't own the row, even if the front end thinks they do.

Ask your agent this, literally: "Show me the row-level security policies on every table in this database. If there are none, add them and explain what they do." If the answer is a shrug, the app is one curl away from leaking.

2. Know where your users' data physically lives

Every third-party service your app calls is a place your users' data ends up. Transcription APIs, embedding APIs, image hosts, email providers. For each one, you need to answer three questions: Which country are the servers in? Is data encrypted at rest? Is there a Data Processing Agreement on file?

If you are working with health, legal, financial, or children's data and any answer is "I don't know," stop. The answer is not going to become "yes" on its own.

3. The one-curl test

Open your terminal. Pick a user account. Run curl against every API endpoint in your app without logging in, or logging in as a different user. Can you read anything you shouldn't? Edit anything? Delete anything?

AI-generated backends often return the full record on a GET even when the front end is only rendering a subset. The browser filters the view; the API does not. You will find this bug on the first try, or you will learn about it from a stranger on a forum.

4. Secrets that don't leak

Your agent probably wrote DATABASE_URL=postgres://... into a config file somewhere. Grep your repo for anything that looks like a key, a token, a URL with a password in it, or a service-role secret. Check the git history. Check the client bundle — open DevTools, go to the Network tab, reload the page, and scan the JavaScript for anything that starts with sk_, eyJ, or AIza. Anything shipped to the browser is public forever.

When a user types the wrong password, does your app say "wrong password" or "wrong email or password"? The first one tells an attacker which emails are real users. The second one doesn't. The AI agent will almost always generate the first version because it is "more helpful." It is also an enumeration attack vector.

This is a one-line fix. Ask your agent to make it consistent: the response for "no such user" and "wrong password" must be identical, down to the timing.

6. Logs that don't become a second breach

Logs are the thing you fix last and also the thing attackers read first. Your AI-built app is probably logging full request bodies somewhere — including passwords and session tokens. Ask: "What fields am I currently logging? Redact any of these that could appear in an auth request: password, token, authorization, cookie, ssn, card." Then check. Logging "works", so the agent won't flag it.

7. A rollback plan that exists before you need one

What happens if you ship a bad update at 11 pm on a Friday? Do you know which git commit was running an hour ago? Can you redeploy it in one command? If your answer involves "I'll figure it out," your answer is a four-hour outage waiting to happen.

Vercel, Railway, Netlify — all of them give you one-click rollback to a previous deploy. Find the button before you need it. Screenshot the URL. Send it to yourself.

The bigger pattern

None of these seven items are hard. None of them require deep engineering chops. They're the kind of thing a senior developer running in the back of your head would catch on a casual glance. The problem is that when you're shipping fast with an AI agent, there is no senior developer in the back of your head — you have a tool that says "yes" to everything and a deadline that says "now".

If the post-AI skill for founders is anything, it's building a better internal checklist. AI agents are a force multiplier in both directions. They multiply good instincts and they multiply bad ones. The seven items above are the minimum set of good instincts I look for before I let any of my own AI-built code touch real users.

If you're building something AI-assisted and you want a second set of eyes before it goes live, book a free 30-minute review or email contact@abhijitai.in. Half the reviews I do take less than an hour. The other half take a weekend. Either way, it's cheaper than explaining to your users why their data just ended up on a forum.

Also worth reading: RAG That Ships: Beyond the Demo — the same "demo vs production" gap, but for retrieval systems.