Topic archive
33 essays tagged Production AI. Practical notes on what happens after the demo: prompts, tools, review packets, evals, rollback, and production ownership.
Claude Code can waste more than tokens when it keeps retrying a weak task. Production teams need budgets, stop rules, and evidence before another agent attempt is allowed.
Claude Code can produce a working patch and still leave the next human with a weak handoff. Production teams need run records that show scope, evidence, risk, and rollback before review turns into archaeology.
I published Securing Enterprise AI Agents, a practical book on bounded AI autonomy, AgentSecOps, MCP security, RAG governance, identity, evals, policy, and evidence.
Human review matters, but it cannot fix every bad Claude Code boundary after the run. Production teams need scoped permissions, MCP limits, hard stops, and evidence before widening access.
Claude Code patches can look ready before they are reviewable. Production teams need a run record with task boundaries, commands, checks, risks, and rollback notes.
Claude Code gets safer when permissions are treated like a budget: scoped files, allowed tools, spend limits, stop rules, review packets, and rollback notes before wider autonomy.
The AI POC is not the hard part anymore. The hard part is turning a promising demo into a service with ownership, evals, traces, cost controls, and a rollback path.
A latency chart will not explain why an AI answer was wrong. Production LLM systems need traces, sources, tool calls, prompt versions, eval results, and human decisions.
Financial-services AI agents can be useful, but autonomy without permissions, audit trails, segregation, evals, and rollback is just operational risk with a nicer interface.
A Claude Code run can make tests pass and still leave a reviewer with no usable evidence. Treat green tests as one signal, then require scope, command logs, tool use, assumptions, and rollback notes before merging agent work.