"We'll build that in-house" – a sentence with consequences

With the rise of increasingly powerful AI agents and vibe coding tools, we hear this sentence more often than ever: "We can build that ourselves." And most of the time, that's true – at least at the start.

A prototype today takes hours, not weeks. It runs, it convinces internally, and it does exactly what it's supposed to. The result feels tailor-made, the team is energised, and the budget looks manageable.

What comes next is the real question.

This article isn't a critique of technical skill or internal development. It's a sober assessment of what it actually means to build and continuously operate marketing technology in an enterprise context – and why the gap between a working demo and a production-ready system is considerably larger than it tends to look during planning.

What makes vibe coding so appealing – and where the line is

Vibe coding – prompt-driven development using AI tools like Cursor, Replit, or Lovable – has significantly lowered the barrier to software development. Designers, product managers, and marketing teams can now build applications without going through traditional development processes. The speed is real, the appeal enormous.

The problem isn't the technology. The problem is the moment a "good enough" prototype gets pushed to production under pressure, without the necessary foundation in place.

Gartner estimates that by 2028, around 75 percent of enterprise developers will be using AI coding assistants. This is no longer a trend – it's a fundamental shift in the development landscape. And it brings a structural risk that is particularly underestimated in the MarTech space: vibe-coded applications, according to multiple security studies, do not become compliant through iteration. They require fundamental architectural changes once real enterprise requirements kick in.

The 95 percent equation

A prototype represents roughly five percent of a complete software solution. The remaining 95 percent is what turns it into a product that runs reliably, securely, and legally within an organisation. And it's precisely those 95 percent that permanently consume time, budget, and attention.

What production operations actually require in an enterprise context:

Availability and uptime
99.9% uptime means a maximum of 8.7 hours of downtime per year. Behind that figure sit monitoring infrastructure, defined incident response processes, redundant systems, and a team that can intervene around the clock. This isn't a one-time effort – it's ongoing operations.

GDPR and data protection compliance
GDPR compliance isn't a checkbox. Implementation costs at the time of the regulation's introduction in 2018 already averaged €1.5 million for smaller organisations – and up to €65 million for larger ones. The average enforcement fine in 2024 was around €2.8 million – a 30 percent increase year-on-year. Since 2018, over €6.2 billion in GDPR fines have been issued, with more than 60 percent of that total imposed since January 2023 alone. Enforcement is accelerating, not stabilising.

Particularly relevant for vibe coding projects: compliance cannot be prompted in after the fact. Anyone who doesn't build GDPR requirements – data residency, deletion obligations, audit trails – into the architecture from the start faces a fundamental rebuild. No patch, no update resolves that.

Security certifications
Enterprise clients require evidence: ISO 27001, SOC 2, role-based access control, complete audit trails. An August 2025 report found that 45 percent of AI-generated code contains security vulnerabilities – for Java code, that figure exceeded 70 percent. Security doesn't emerge automatically from fast building. It has to be part of the architecture from the beginning.

API stability and integration management
Anyone connecting third-party systems – and every modern MarTech stack does – needs stable, versioned interfaces. API versioning, changelogs, backward compatibility: this is engineering work that cannot be done once and forgotten.

Technical debt and ongoing maintenance costs
Industry studies consistently show: 50 to 80 percent of total software costs fall in the maintenance phase – not during initial development. McKinsey puts annual maintenance costs alone at an average of 20 percent of the original development investment. Add dependency updates, breaking changes in third-party APIs, and evolving regulatory requirements.

The hidden costs in your MarTech stack

The issue isn't that in-house development is inherently expensive. The issue is that the costs that matter most become visible systematically too late.

A familiar pattern: a company invests €300,000 to €400,000 in an MVP that convinces internally and wins early customers. Two to three years later, more than twice that amount typically needs to go into a partial rebuild – to fix architectural problems that only surfaced under real enterprise requirements.

There's also the opportunity cost dimension: every hour an internal team spends on infrastructure maintenance, security patches, and dependency management is an hour not going into product, strategy, or client work. That's not an accounting detail – it's a strategic inflection point.

In the MarTech context, this problem sharpens further. Marketing technologies process sensitive campaign and customer data. They are tightly integrated with third-party platforms: CRM systems, analytics tools, demand-side platforms, ad servers, accounting systems. And they operate in a regulatory environment that keeps evolving – new data protection requirements, new platform APIs, new compliance obligations.

Whoever operates the stack themselves carries every one of those changes alone.

What this means specifically for media operations

In the media space, additional requirements make running a proprietary platform particularly complex.

Platforms like Mercury map intricate agency and advertiser structures, connect with numerous systems in real time, and must simultaneously guarantee data integrity, transparency, and compliance. Campaign data underpins budget decisions – outages or inconsistencies have direct business consequences. Granular role concepts, reconciliation processes, real-time reporting: all of this can be built. The question is whether it's the best use of your own resources.

Build vs. buy: asking the right question

"Build vs. buy" is not a question of technical capability. It's a question of strategic priority.

What should your team be advancing over the next twelve months? Better campaign management, more precise media planning, more robust marketing attribution, stronger client relationships? Then every hour spent instead on infrastructure setup, SLA management, and compliance documentation is an hour taken away from those goals.

Established MarTech platforms already come with the operational foundation: operations, GDPR compliance, security certifications, stable API integrations, maintenance. What remains is the work your team is actually there to do: strategy, planning, growth.

The infrastructure is built. The only question is whether you want to build and operate it yourself.

Conclusion

The prototype is the easy part. It works, it convinces, it shows what's possible.

The real work comes after – and it rarely appears in full in the original plan: 99.9% uptime. GDPR. ISO certification. API versioning. Audit trails. Role concepts. Data residency. Security vulnerabilities in AI-generated code. And none of it just once – all of it, continuously.

Vibe coding is a powerful tool for exploration and prototyping. As the foundation for production-critical marketing technology, it's a trap – not because the technology is flawed, but because the step from "it runs on my laptop" to "it runs for enterprise clients, under load, with real data, legally" isn't a deployment. It's a different product.

Mercury Media Technology develops and operates a cloud-based marketing management platform for agencies, advertisers, and publishers – with ISO-certified security, GDPR-compliant infrastructure, and production-proven API integrations. Learn more at mercurymediatechnology.com