Thomas Talks AI

I write about AI after the demo starts looking convincing: production engineering, Claude architecture, secure AI agents, Claude Code, LLM observability, evals, governance, financial-services controls, and the uncomfortable gap between a model release and a system people can trust.

The common thread is controlled autonomy. What can the system see? What can it change? Who reviews it? What evidence remains when something breaks?

Start here

Wider AI notes

Not every useful AI article needs to point straight at a book. Some pieces are here because the topic matters: model releases, vendor churn, AI interfaces, adoption habits, organisational risk, and the way the industry keeps mistaking demos for direction.

I will keep a mix: practical production AI, security and governance, Claude Code field notes, and broader AI commentary when the news cycle exposes something worth saying.

Books

If you want the longer version of the production, security, and Claude architecture ideas, these are the current field guides. The blog remains the main thing.

Cover of Securing Enterprise AI Agents by Thomas De Vos

LeanPub

Securing Enterprise AI Agents

AI agent security, bounded autonomy, AgentSecOps, MCP security, RAG governance, and audit evidence.

Cover of Claude Code: Building Production Agents That Actually Scale by Thomas De Vos

Kindle + LeanPub

Claude Code: Building Production Agents That Actually Scale

Claude Code in real repos: MCP, permissions, hooks, evals, observability, cost controls, review, and rollback.

Cover of Architect the Agent: The CCA-F Certification Guide by Thomas De Vos

LeanPub

Architect the Agent: The CCA-F Certification Guide

Scenario-based preparation for the Claude Certified Architect Foundations exam: agentic architecture, MCP, Claude Code, prompts, context, and practice exams.

Build and secure enterprise AI agents in production

What I am trying to answer

Claude Code and other AI coding agents are already useful. The harder question is what happens when they meet real repositories, review habits, permissions, tests, production risk, and now formal architecture certification.

The strongest posts so far:

Latest writing