Skip to main content

AI Do and Don't for Engineering Teams

A practical operating guide for teams adopting AI quickly without compromising quality, security, or trust.

AI do and don't cover

AI adoption succeeds when teams are explicit about boundaries, not just enthusiastic about tools.

Do

  1. Define approved use cases and forbidden use cases.
  2. Keep a human reviewer for high-impact outputs.
  3. Use versioned prompts and templates for repeatable workflows.
  4. Capture and review model failures weekly.
  5. Validate outputs against source systems before action.
  6. Treat AI tooling access as privileged access.

Don't

  1. Do not let AI-generated output bypass review in regulated workflows.
  2. Do not mix sensitive data into prompts without policy controls.
  3. Do not assume model confidence equals correctness.
  4. Do not ship agentic workflows without observability.
  5. Do not optimise for speed at the expense of rollback readiness.

Team operating model

  • Product sets problem and success metric.
  • Engineering owns architecture and controls.
  • Security signs off on tool boundaries.
  • Compliance/legal reviews data and risk posture.
  • Operations owns incident and rollback playbooks.

Final rule

Adopt AI like infrastructure: fast experimentation, strict production controls.

If this was useful, consider bookmarking this post or sharing it with someone who'd benefit.

Labels:

Comments

Post a Comment

Popular posts from this blog

AI Evaluation Harness: From Prompt Tests to Production Release Gates

A practical framework for building an AI evaluation harness that links test quality to release decisions and operational confidence. Evaluation harnesses turn subjective model quality into measurable release criteria. Combine functional, safety, latency, and cost checks into one pipeline. Block releases when critical thresholds are missed, even under delivery pressure. If your AI release decision is based on a demo, you are not releasing engineering software; you are releasing a hope strategy. A proper evaluation harness creates repeatable evidence for quality, safety, and cost trade-offs. Prerequisites Versioned prompts and model configuration. Representative test dataset by use case. CI/CD pipeline with artefact retention. Clear service-level objectives for latency and reliability. Evaluation layers 1) Functional correctness Golden set response checks. Tool invocation correctness. Schema compliance for structured outputs. 2) Safety and policy Prompt in...
Post a Comment
Read more

AI Security and Ethics Checklist for Engineering Teams

A practical pre-release checklist for AI features covering security, misuse risk, transparency, and governance. Shipping AI features without security and ethics checks creates hidden operational risk. Use this checklist before each release. 1) Data and privacy Confirm data minimisation in prompts and context. Remove secrets and personal data from logs. Enforce retention windows for model inputs and outputs. Validate third-party processor boundaries. 2) Security controls Restrict tool permissions by role and environment. Validate all tool outputs against strict schemas. Add prompt-injection defences for external content. Require approval gates for high-impact actions. 3) Safety and misuse Define clear disallowed use cases. Add risk prompts for potentially harmful requests. Add user-visible warnings for uncertain outputs. Add abuse monitoring and escalation paths. 4) Transparency and trust Disclose where AI assistance is used. Explain known limitations...
Post a Comment
Read more

AI Agent Failure Modes: Detection, Triage, and Recovery Runbook

A practical incident runbook for AI agent systems, covering common failure modes and response actions that reduce production impact. Most agent incidents are predictable: tool misuse, context drift, and weak guardrails. Build a failure taxonomy and link each class to detection and recovery playbooks. Track MTTR and recurrence to continuously harden your agent platform. Agent systems do not fail in one way. They fail across planning, context, tool invocation, and execution boundaries. Without a clear runbook, teams lose time arguing about symptoms instead of restoring service. This guide provides an operating model you can implement immediately. Prerequisites Incident severity model (SEV1, SEV2, SEV3). On-call owner for agent platform. Baseline observability for prompts, tool calls, and outcomes. Rollback path for model and policy configuration. Failure taxonomy 1) Intent misclassification The agent chooses the wrong plan for a valid request. Signals: - Wrong w...
Post a Comment
Read more