Last weekend started strong. Valentine's dinner, good conversation, movie at a cinema, and party in Central Station.
On Sunday morning I woke up with an idea that had been sitting in my head for whole week: what if I could stop checking email manually?
Not "check it less." Not "use filters." Actually stop. Let AI read, categorize, summarize, and tell me what matters. On my phone. Through Telegram.
By Sunday evening, it was working.
What I built
The system connects four things I already use daily: Gmail, AWS cloud infrastructure, an AI coding assistant, and Telegram.
Here's the flow:
A new email arrives in Gmail. Google Pub/Sub detects it and sends a notification to AWS through API Gateway. An ingestion function picks up the email, extracts the content, and stores it in a DynamoDB database in Frankfurt (EU data residency, not US).
Then the interesting part starts.
A classifier function sends the email content to an AI model running in the cloud. The AI acts as an executive assistant. It reads the email, categorizes it (Lead, Client, VIP, Personal, Info, Alert, Auto, or Spam), writes a one-sentence summary in Polish, and suggests an action.
The results go back to the database. Then a notification with the full analysis lands on my Telegram.
Not just a notification. An interactive one.
What I can do from Telegram
Every notification comes with inline buttons:
Archive — marks the email as archived in the database.
Comment — lets me add a note.
Reply — sends a pre-drafted response (the AI prepares a draft for important categories).
Later (4h) — snooze for four hours.
Save to DB — flags for follow-up.
All actions update the database in real time. I don't need to open Gmail at all.
The system also has a security filter. Emails containing password resets, verification codes, or two-factor authentication triggers are automatically flagged. Their content is hidden in Telegram notifications. I can only view them directly in Gmail or through the AWS console. No sensitive data travels through the bot.
How I actually built it
This is the part that would have been impossible a year ago.
I didn't write the Lambda functions manually. I paired with an AI coding assistant. I described what I wanted. It wrote the code, created deployment scripts, set up the infrastructure, configured the SQS queues, API Gateway endpoints, and Secrets Manager entries.
My role was architecture and decisions. What should the flow look like? What categories make sense? What security measures are needed? Where should data live?
The AI handled the implementation. Four Lambda functions. Three SQS queues. DynamoDB table. API Gateway. Secrets Manager. Telegram webhook. All connected, all deployed, all working.
Total build time: approximately 6 hours on Sunday.
For context, I'm not a software developer. I'm a Supply Chain Director who codes on the side. The fact that I could build a production-grade email automation system in a weekend says something about where AI tooling is right now.
Why I shut it down
Here's the uncomfortable part.
The system works. It categorizes emails correctly. The summaries are useful. The Telegram interface is convenient. I could use this every day.
I decided to put it on the shelf.
The reason is security.
When you connect Gmail, AWS, an AI model, and Telegram, you create a data pipeline where email content flows through multiple systems. Each connection point is a potential vulnerability. Gmail credentials stored in AWS Secrets Manager. Email content processed by an AI model. Summaries and drafts sent through Telegram's API.
I built security measures: webhook verification, sensitive content filtering, EU data residency, encrypted secrets. But "I built it and it seems fine" isn't the same as "a security professional reviewed the architecture and confirmed it's safe."
For personal use, the risk might be acceptable. For anything touching business data? Not without a proper security review.
And that's the honest answer. I could keep using it. I chose not to, because I don't trust my own security expertise enough to guarantee that no data leaks anywhere in the chain.
What this means for email management
The technology is ready. Building an AI email agent is no longer a theoretical exercise. One person, one weekend, working tools.
The gap isn't technical. It's trust.
If I sat down with someone from an InfoSec team and walked through the architecture, we could probably lock it down. Encrypt end-to-end. Add proper access controls. Run a penetration test. Build it into something you could offer to executives, directors, board members who spend hours every day processing email.
The value proposition is clear: instead of opening your inbox 50 times a day, you get intelligent summaries on your phone with one-tap actions. The AI reads, categorizes, drafts. You decide and act.
For a professional who processes 100+ emails daily, this could easily save over 60 minutes per day. That's real time. Real productivity. Real competitive advantage.
But it needs to be built right. With security as a foundation, not an afterthought.
What to take from this
AI tooling has crossed a threshold. A non-developer can build a multi-service cloud automation in a weekend. The barrier isn't coding anymore. It's architecture, security, and knowing what to build.
The biggest risk with AI isn't that it doesn't work. It's that it works too well, too easily, and we deploy it before thinking through the consequences. My email system worked perfectly. That didn't make it safe.
Every AI project needs a "should we?" conversation, not just a "can we?" one. I could keep running this system. The smarter move was to stop, acknowledge the security gaps, and wait until I can do it properly.
But this isn't the end. The code works. The architecture is documented. And I see real potential in this project.
I'm coming back to it. I just need to get the security right first. That means a proper review, proper encryption, and probably a conversation with someone who does this for a living.
Until then, I'll keep checking my email the old way. Less convenient. More honest about the risks.
Sometimes building the thing is the easy part. Knowing when to pause and do it properly is the harder skill.