Written by the people who sign it off
New models, new agent frameworks, new risks: we write about what moves in AI and engineering, and what it means for the software you run. Practical takes in plain English, from the people who sign it off.
Is AI-generated code safe to ship? A senior engineer's guide
AI-built code is usually safe to run and often not safe to ship. A senior engineer's guide to the difference, the evidence, and how a review gate makes AI-generated software safe to put in front of customers.
Bespoke software, done to a senior standard
What a senior engineering standard means for bespoke (custom) software, how serious teams measure delivery, why the AI era raises the stakes, and what to expect from a serious build partner.
AI agent evaluation: how to measure whether your agent works
How to evaluate an AI agent properly: task success against known-good outcomes, end-to-end scoring, safety and refusal testing, regression on every change, and the limits of using an LLM as a judge.
From AI MVP to production: what it actually takes
An AI-built MVP becomes production-ready when its security, tests, observability, performance and architecture meet a standard a senior engineer will sign off. What that work involves, and how to decide what to keep, harden or rebuild.
Self-hosting AI agents: a practical guide for UK businesses
When and how a UK business should self-host an AI agent: the real risks, when it beats a managed service, the hardening essentials, UK data residency, and why the real cost is ongoing operations.
Pre-acquisition code due diligence for AI-built products
Technical due diligence on an AI-built product: what a reviewer finds in an afternoon, how findings map to deal risk, and what a decisive diligence report contains.
OWASP Top 10 for LLM applications, in plain English
The OWASP Top 10 for LLM Applications 2025, explained in plain English: all ten risks from prompt injection to unbounded consumption, each with an example and what to do.
How to build a reliable AI agent: guardrails, evaluation, observability
A reliable AI agent does the right thing, refuses the wrong thing, and leaves a trace. Reliability comes from three disciplines around the model: guardrails, evaluation and observability.
Prompt injection explained: the risk in any LLM feature
Prompt injection is when content a model reads is treated as an instruction. Why it is the top LLM risk, why it is worse than SQL injection, the EchoLeak case, and what actually contains it.
How to review AI-generated code: a practical checklist
The structured review a senior engineer runs on AI-generated code, in priority order: authorisation, secrets, injection, test quality, error handling, dependencies and architecture.
Running OpenClaw safely: a practical hardening guide
OpenClaw can run commands, read files, drive a browser and act unattended. A senior, sourced guide to the real risks of a self-hosted agent and the hardening that actually reduces them.
What a vibe code audit actually finds
The recurring problems a senior review finds in AI-built software, from exposed secrets to missing authorisation and hallucinated dependencies, and what safe to ship actually means.