Thomas Talks AI

I write about production AI engineering: secure AI agents, Claude Code, LLM observability, evals, governance, financial-services controls, and the engineering work that starts after the demo works.

If you are trying to move AI from a clever local experiment into a team workflow, this site is about the part that decides whether it survives: permissions, review, observability, rollback, cost, and production discipline.

LeanPub

Securing Enterprise AI Agents

AI agent security, bounded autonomy, AgentSecOps, MCP security, RAG governance, and audit evidence.

Book page LeanPub

Kindle + LeanPub

Claude Code: Building Production Agents That Actually Scale

Claude Code in real repos: MCP, permissions, hooks, evals, observability, cost controls, review, and rollback.

Book page Amazon

See the two-book bundle

Start here

From AI POC to production: the operating model that makes AI survive beyond the demo.
LLM observability: why production AI needs replayable evidence, not only dashboards.
AI agents in financial services: controls before autonomy.
Agentic coding in production: the operating model around AI coding agents.
AI coding agents: Claude Code, software agents, permissions, evals, and review loops.
Claude Code production checklist: a practical checklist before agents touch serious repos.
Enterprise AI Agents in Production: the two-book LeanPub bundle for building and securing production AI agents.
Securing Enterprise AI Agents: the enterprise security guide for bounded autonomy, AgentSecOps, MCP security, RAG governance, and regulatory readiness.
Claude Code book: the full field guide for production agents.

What I am trying to answer

Claude Code and other AI coding agents are already useful. The harder question is what happens when they meet real repositories, review habits, permissions, tests, and production risk.

The strongest posts so far:

Latest writing

Diagram showing Claude Code MCP blast radius controls with allowed tools, write scope, audit trail, and approval gate

Claude Code MCP tools need a blast radius

MCP tools make Claude Code far more useful, but broad access turns a weak prompt into a production risk. Treat every tool as blast radius, not convenience.

Diagram showing Claude Code cost loop controls: task budget, retry evidence, stop rule, and human review

Claude Code cost loops start as helpful retrying

Claude Code can waste more than tokens when it keeps retrying a weak task. Production teams need budgets, stop rules, and evidence before another agent attempt is allowed.

Diagram showing a Claude Code handoff record from task boundary to patch evidence, risk note, rollback, and reviewer decision

Claude Code handoffs fail when the run record is vague

Claude Code can produce a working patch and still leave the next human with a weak handoff. Production teams need run records that show scope, evidence, risk, and rollback before review turns into archaeology.

Securing Enterprise AI Agents is live

I published Securing Enterprise AI Agents, a practical book on bounded AI autonomy, AgentSecOps, MCP security, RAG governance, identity, evals, policy, and evidence.

Diagram showing Claude Code permissions as a control loop: scope first, run narrow, leave evidence, and adjust access

Claude Code review is too late if permissions are wrong

Human review matters, but it cannot fix every bad Claude Code boundary after the run. Production teams need scoped permissions, MCP limits, hard stops, and evidence before widening access.

Diagram showing that Claude Code output needs a run record before it is reviewable

Claude Code output is not evidence

Claude Code patches can look ready before they are reviewable. Production teams need a run record with task boundaries, commands, checks, risks, and rollback notes.

Diagram showing a Claude Code permission budget across scope, tools, spend, and approval

Claude Code permissions should have a budget

Claude Code gets safer when permissions are treated like a budget: scoped files, allowed tools, spend limits, stop rules, review packets, and rollback notes before wider autonomy.

Diagram showing the operating gap between an AI POC and production AI

From AI POC to production: the part teams keep skipping

The AI POC is not the hard part anymore. The hard part is turning a promising demo into a service with ownership, evals, traces, cost controls, and a rollback path.

Diagram showing metric-only LLM observability versus a replayable production AI trace

LLM observability is not a dashboard. It is a replayable trail.

A latency chart will not explain why an AI answer was wrong. Production LLM systems need traces, sources, tool calls, prompt versions, eval results, and human decisions.

AI agents in financial services need controls before autonomy

Financial-services AI agents can be useful, but autonomy without permissions, audit trails, segregation, evals, and rollback is just operational risk with a nicer interface.

Thomas Talks AI#

Books#

Securing Enterprise AI Agents#

Claude Code: Building Production Agents That Actually Scale#

Start here#

What I am trying to answer#

Latest writing#