Thomas Talks AI

I write about production AI engineering: secure AI agents, Claude Code, LLM observability, evals, governance, financial-services controls, and the engineering work that starts after the demo works.

If you are trying to move AI from a clever local experiment into a team workflow, this site is about the part that decides whether it survives: permissions, review, observability, rollback, cost, and production discipline.

New Leanpub book

Bounded AI Autonomy

A practical guide to securing enterprise AI agents with AgentSecOps, MCP governance, RAG controls, identity, evals, policy, approval flows, and audit evidence.

My take: autonomy without a boundary is unmanaged delegation. The book is for teams that need agents they can defend to regulators, auditors, and customers.

Buy the Leanpub book

See what the book covers or read the launch note.

Now live on Amazon Kindle

Claude Code: Building Production Agents That Actually Scale

A practitioner's guide to Claude Code in production: agent loops, tools, hooks, MCP, permissions, evals, observability, cost engineering, and human review for systems that need to hold up under real pressure.

Written for senior engineers, technical leads, and architects moving beyond local experiments into production agent workflows.

Get the Kindle edition on Amazon

See what the book covers or start with the free checklist.

Start here

From AI POC to production: the operating model that makes AI survive beyond the demo.
LLM observability: why production AI needs replayable evidence, not only dashboards.
AI agents in financial services: controls before autonomy.
Agentic coding in production: the operating model around AI coding agents.
AI coding agents: Claude Code, software agents, permissions, evals, and review loops.
Claude Code production checklist: a practical checklist before agents touch serious repos.
Claude Code book: the full field guide for production agents.

What I am trying to answer

Claude Code and other AI coding agents are already useful. The harder question is what happens when they meet real repositories, review habits, permissions, tests, and production risk.

The strongest posts so far:

Latest writing

Bounded AI Autonomy is live

I published Bounded AI Autonomy, a practical book on securing enterprise AI agents with AgentSecOps, MCP governance, RAG controls, identity, evals, policy, and evidence.

Diagram showing Claude Code permissions as a control loop: scope first, run narrow, leave evidence, and adjust access

Claude Code review is too late if permissions are wrong

Human review matters, but it cannot fix every bad Claude Code boundary after the run. Production teams need scoped permissions, MCP limits, hard stops, and evidence before widening access.

Diagram showing that Claude Code output needs a run record before it is reviewable

Claude Code output is not evidence

Claude Code patches can look ready before they are reviewable. Production teams need a run record with task boundaries, commands, checks, risks, and rollback notes.

Diagram showing a Claude Code permission budget across scope, tools, spend, and approval

Claude Code permissions should have a budget

Claude Code gets safer when permissions are treated like a budget: scoped files, allowed tools, spend limits, stop rules, review packets, and rollback notes before wider autonomy.

Diagram showing the operating gap between an AI POC and production AI

From AI POC to production: the part teams keep skipping

The AI POC is not the hard part anymore. The hard part is turning a promising demo into a service with ownership, evals, traces, cost controls, and a rollback path.

Diagram showing metric-only LLM observability versus a replayable production AI trace

LLM observability is not a dashboard. It is a replayable trail.

A latency chart will not explain why an AI answer was wrong. Production LLM systems need traces, sources, tool calls, prompt versions, eval results, and human decisions.

AI agents in financial services need controls before autonomy

Financial-services AI agents can be useful, but autonomy without permissions, audit trails, segregation, evals, and rollback is just operational risk with a nicer interface.

Diagram showing green tests as one signal beside a Claude Code review packet with scope, command log, tool log, rollback note, and human approval

Claude Code green tests are not a review packet

A Claude Code run can make tests pass and still leave a reviewer with no usable evidence. Treat green tests as one signal, then require scope, command logs, tool use, assumptions, and rollback notes before merging agent work.

Diagram showing a Claude Code run stopping after repeated failures and producing a review packet instead of looping blindly

Claude Code needs a stop rule before more autonomy

Claude Code gets risky when a failed run keeps retrying without a stop rule. Use failure budgets, review packets, evals, and rollback notes before giving agents more autonomy.

Diagram showing a Claude Code team adoption runbook with task contract, scoped permissions, review packet, evals, and rollback

Claude Code team adoption needs a seatbelt runbook

Claude Code gets risky when teams roll it out through enthusiasm instead of a runbook. Start with task contracts, scoped permissions, review packets, evals, and rollback before widening autonomy.

Thomas Talks AI#

Bounded AI Autonomy#

Claude Code: Building Production Agents That Actually Scale#

Start here#

What I am trying to answer#

Latest writing#