build-in-publicopen-sourceai-toolscareer

From Zero to Contributing Code to Microsoft — A Non-Engineer's 4-Month Journey

· 37 min read

4 Months Ago, I Couldn't Code

Not being humble. Just stating facts.

In December 2025, I didn't know what React was. I didn't know the difference between TypeScript and JavaScript. I didn't know how to use Git. I didn't know the terminal could do anything beyond dir.

In April 2026, I submitted a PR to Microsoft's agent-governance-toolkit — 1,110 lines of code and 58 tests. Microsoft's automated review responded:

"Thorough Implementation... Comprehensive Test Coverage — 58 tests across 11 test classes is fantastic... Adherence to OWASP Standards..."

The same week, I also submitted PRs to OWASP LLM Top 10, Anthropic's Claude Cookbooks, and several open-source AI security projects.

This post isn't a flex. What I want you to know is: this path is walkable by anyone.

What I Actually Built

I Built a "Company"

Not "learn first, build later." Build first, learn whatever you need along the way — with AI as my technical co-founder.

In 4 months, starting from absolute zero:

  • 13 SPA applications — React + TypeScript + Tailwind CSS
  • 4 AI Agents — fully autonomous on Linux, 40+ scheduled tasks
  • UltraProbe — AI security scanner, 6 scan modes, 500+ targets scanned
  • UltraSite — website generator, 10 templates, generates a site in 3-8 seconds
  • Discord community — 0 to 268 members, fully automated (3 AI bots)
  • 107 blog posts — 54 in Chinese + 53 in English
  • 27 Threads accounts — automated scheduling and posting
  • Newsletter pipeline — weekly digest + subscriptions + tracking
  • Open-source npm package — prompt-defense-audit, AI security detection tool

Then I started contributing to external projects.

PRs I Submitted

Project What
microsoft/agent-governance-toolkit PromptDefenseEvaluator — 12-vector system prompt security audit
OWASP LLM Top 10 prompt-defense-audit added to Red Team tools
anthropics/claude-cookbooks Prompt Defense Audit skill recipe
awesome-llm-security Tool listing
awesome-ai-tools Tool listing
awesome-prompt-engineering Tool listing

The Microsoft PR is the big one — not adding a link to an awesome list, but 1,110 lines of a complete feature module, including:

  • Detection logic for 12 attack vectors
  • OWASP LLM Top 10 compliance mapping
  • 58 unit tests
  • SHA-256 privacy-preserving audit trails
  • Zero external dependencies, pure regex deterministic detection

How This Happened

Phase 1: Learning AI with AI (Dec - Jan)

I started with Claude. No tutorial videos. No courses. I just asked:

"I want to build a website with React. Teach me from scratch."

Then I followed along, step by step. Hit an error? Paste it to AI. AI explains, I fix, I ask why, AI explains again.

Key mindset: Don't try to "learn" before you "do." Reverse it — do first, learn what you need when you need it.

By the end of month one, I had a website online. Ugly, but functional.

Phase 2: From "It Works" to "It Hits" (Feb - Mar)

Started building real products. UltraProbe scanner, AI Agent system, automation pipelines.

The most important lesson from this phase: Code is not the goal. Solving problems is. AI wrote most of my code, but architectural decisions, product judgment, market positioning — AI gives suggestions, but I make the calls.

Phase 3: Going Outward (Apr)

When your own stuff is good enough, you naturally want to push it out.

I packaged UltraProbe's core detection logic into a standalone module, then started finding open-source projects to contribute to.

Why Microsoft's agent-governance-toolkit?

Because their agent-compliance package was missing prompt injection defense evaluation. I already had a 12-vector detection system ready. I just needed to rewrite it into their API format.

You Can Too

I'm not a genius. I don't have a CS degree. 4 months ago I couldn't type npm install.

But the world in 2026 is different from 2020:

AI Changed the Learning Curve

Learning to code before: books → videos → assignments → stuck → Google → Stack Overflow → still stuck → 3 years later you can kinda write code.

Now: Tell AI what you want to build → AI writes it → you read how it did it → ask why → modify → learn → next thing.

3 years compressed into 3 months. AI doesn't replace you — it makes you learn 10x faster.

Open Source is the Most Level Playing Field

Nobody asks your degree, background, or age. Your PR is your resume.

When Microsoft's bot reviewed my code, it didn't know I couldn't write Hello World 4 months ago. It saw 1,110 lines of well-structured, thoroughly-tested code. Code doesn't lie, and it doesn't discriminate.

You Don't Need Talent — You Need a Problem You Must Solve

I didn't learn to code for the sake of learning to code. I wanted to build an AI company, and building a company requires tech, so I learned tech.

Motivation-driven learning always beats curriculum-driven learning.

Concrete Advice for Anyone Starting Out

1. Start Today. Don't Prepare.

Don't buy a course first. Don't read a book first. Don't "learn the basics" first. Find a problem you want to solve, open Claude or ChatGPT, and say: "I want to build X. Help me start from scratch."

2. Pick a Real Project, Not a Todo App

Todo apps teach you nothing because you don't care if they succeed. Pick something you actually want to build — an automation tool, a website, a bot. When you care about the outcome, you'll figure out how to make it work.

3. Build in Public

Share what you're building. Write blogs, post on social media, push to GitHub. Not to show off — to force yourself to build at a quality worth showing. And you never know who's watching. My Discord community grew to 268 members purely through build-in-public content.

4. Submit PRs to Open-Source Projects

When you've built something, find related open-source projects and see if your work can contribute.

This is the most underrated growth path:

  • You'll learn industry-standard code style (because maintainers review your code)
  • You'll learn collaboration (commit messages, PR descriptions, responding to feedback)
  • You'll build a real portfolio (more convincing than any resume)

5. Don't Be Afraid to Look Stupid

My first website was ugly. My first bot crashed constantly. My first cold email campaign had an 82% bounce rate.

But I shared all of it publicly. Because failure logs are the best learning material, and authenticity is the strongest brand.

What's Next

The Microsoft PR is still under review. If merged, every enterprise using agent-governance-toolkit worldwide will run the security evaluation module I wrote.

But even if it doesn't get merged, the journey itself is already the best outcome — I've proven one thing:

In the AI era, "I'm not an engineer" is no longer an excuse. Whether you can do it depends on one variable: whether you're willing to start.

4 months ago I knew nothing. Now I'm writing code for Microsoft.

What about you?

If you're on this path too, join our Discord community. 268 people are already here, building in public together.

Related Posts

open-sourceai-security

12 Submissions, 0 Merges: What I Learned Contributing to Open Source AI Security

40 min read
AI SecurityMCP

We Built Lighthouse for AI Agents — One Command, 12-Vector Security Audit

29 min read
AI SecurityOpen Standard

We Defined an AI Security Standard: AASS v1.0 — We Don't Sell Security, We Define It

5 min read

Weekly AI Automation Playbook

No fluff — just templates, SOPs, and technical breakdowns you can use right away.

Join the Solo Lab Community

Free resource packs, daily build logs, and AI agents you can talk to. A community for solo devs who build with AI.

Join Discord (Free)

Need Technical Help?

Free consultation — reply within 24 hours.

Free Consultation