AI-Driven Development: Building an AI Chat Bot

I’ve been using AI to help with coding projects since 2022 and still have mixed feelings about it. I feel like the quality of AI generated code has not improved that much over the years–it still remains very inconsistent, and in my experience, it’s usually helpful to me only about 50% of the time. But I’m also optimistic that it will get better, and I’m willing to acknowledge that I might get better results if I continue to grow my skills in AI-driven development.

As a way to practice prompt engineering, I decided to try to build a content-aware chatbot that could answer questions about my website. Below I outline my goals of the project, how I set up the project, what I was able to accomplish and the pitfalls I came across.

Goals of Project

The main goals were to gain experience with prompt engineering and explore how to build a chatbot interface that integrates with an AI API and responds to user questions based on a site’s content.

Project Setup

I chose to use Cursor + Claude AI to support the AI-driven development process after hearing positive feedback about this combination of tools.

Before diving into development, I set up the project environment to give Cursor the context it needed to generate more accurate and relevant code. I added a .cursorrules file using a WordPress-specific template from cursor.directory, which outlines custom rules tailored to the project’s structure and coding standards. To further guide the AI, I included key documentation—such as WordPress plugin and theme development guides—so Cursor could reference best practices throughout the coding process.

Results/Takeaway

You can view the source code, but if you plan to use for yourself, please continue reading and note the potential security risks of this code.

Overall, I’m happy with the results. I was able to build a working proof of concept fairly quickly that achieved the main goals of the project. However, the code generated by Claude AI was missing several critical components, especially around security. Key best practices were not included, such as securing the API key, excluding sensitive database fields, and sanitizing inputs to prevent vulnerabilities like SQL injection.

Prompt engineering helped accelerate development, but I do not fully trust the output on its own. It still required a careful review of the code in order to catch the important security issues. It would be pretty dangerous to assume the code is ready for production when it is not.

Even after addressing the known security concerns in the code, I would still be hesitant to launch a chat bot like this to a live environment without thorough testing. I am not sure that I fully understand what all the potential risks of having an AI Chatbot connected to a site are, and would want to learn more about the implications to make sure that security risks are mitigated.