Skip to main content
The Hard Parts.dev
TD-44 Ai Systems TD Tech Decisions
Severity if wrong · high Freq · increasing

Where to Allow AI-Assisted Development

Usually a risk-tiering and verification decision, not a blanket productivity policy.

Severity if wrong
high
Frequency
increasing
trend
Audiences
engineering leaders · security teams · platform teams · tech leads
Reversibility
medium
Confidence
high
At a glanceTD-44
Really about
Which surfaces need human judgment, stronger controls, or explicit boundaries before generated work enters the system.
Not actually about
Whether AI is good or bad for engineering productivity overall.
Why it feels hard
Broad bans waste useful leverage, while broad permission spreads generated code into places where review and ownership are not ready.

The decision

Where should AI-assisted development be allowed, restricted, or require stronger review?

Usually a risk-tiering and verification decision, not a blanket productivity policy.

Default stance

Where to start before any evidence arrives.

Start with risk-tiered permission, then expand when review quality and evidence justify it.

Options on the table

Two poles of the trade-off

Neither is the right answer by default. Each option's conditions, strengths, costs, hidden costs, and failure modes when misused are laid out in parallel so you can read across facets.

Option A

Broad AI-assisted development

Best when

Conditions where this option is a natural fit.

  • work is low-risk or well bounded
  • review expectations are clear
  • teams have strong test and ownership discipline
  • generated work is treated as authored work

Real-world fits

Concrete environments where this option has worked.

  • test scaffolding with clear expected behavior
  • documentation drafts verified against source material
  • low-risk internal tooling

Strengths

What this option does well on its own terms.

  • increases speed on routine work
  • helps with exploration and scaffolding
  • reduces some repetitive implementation effort
  • can make knowledge more accessible

Costs

What you accept up front to get those strengths.

  • raises review burden
  • can spread weak patterns quickly
  • may blur authorship accountability

Hidden costs

Costs that surface later than expected — the main thing novices miss.

  • teams may trust generated structure because it looks conventional
  • output metrics can rise while understanding falls

Failure modes when misused

How this option breaks when applied to the wrong context.

  • synthetic-velocity
  • autocomplete-architecture
  • human-in-the-loop-decay

Option B

Risk-tiered or restricted AI assistance

Best when

Conditions where this option is a natural fit.

  • work touches high-trust surfaces
  • review capacity is limited
  • domain understanding is weak
  • security, safety, privacy, or architecture risk is material

Real-world fits

Concrete environments where this option has worked.

  • regulated domains
  • security-sensitive services
  • core architecture work with high blast radius

Strengths

What this option does well on its own terms.

  • protects high-risk surfaces
  • forces explicit review standards
  • makes adoption easier to govern
  • reduces accidental dependence on generated work

Costs

What you accept up front to get those strengths.

  • slower adoption
  • some teams may route around restrictions
  • requires governance that changes real behavior

Hidden costs

Costs that surface later than expected — the main thing novices miss.

  • restrictions can become symbolic if official paths are too slow
  • teams may underreport AI use

Failure modes when misused

How this option breaks when applied to the wrong context.

  • weak-governance-structures
  • ticket-theater
  • stakeholder-capture

Cost, time, and reversibility

Who pays, how it ages, and what undoing it costs

Trade-offs are rarely zero-sum and rarely static. Someone pays, the payoff curve shifts with the horizon, and the decision has an undo cost.

Cost bearer

Option A · Broad AI-assisted development

Who absorbs the cost

  • Reviewers
  • Future maintainers
  • Service owners

Option B · Risk-tiered or restricted AI assistance

Who absorbs the cost

  • Governance owners
  • Teams waiting for approved paths
  • Tooling owners
Time horizon

Option A · Broad AI-assisted development

Wins where risk is low and review discipline is already strong.

Option B · Risk-tiered or restricted AI assistance

Wins while organizational norms, evidence, and controls are still forming.

Reversibility

What undoing costs

Medium

What should force a re-look

Trigger conditions that mean the answer may have changed.

  • Review burden changes
  • AI tools become embedded in standard workflows
  • Defects trace back to generated work
  • Teams route around restrictions
  • New high-trust surfaces are added

How to decide

The work you still have to do

The reference can frame the trade-off; only you can weight the factors against your context.

Questions to ask

Open these in the room. Answering them is most of the decision.

  • Which surfaces are low-risk enough for broad AI assistance?
  • Where can generated code change architecture without anyone noticing?
  • What review standard applies to AI-assisted work?
  • Who is accountable for generated code after merge?
  • Which uses should be blocked, logged, or escalated?

Key factors

The variables that actually move the answer.

  • Blast radius
  • Review depth
  • Test confidence
  • Domain complexity
  • Security and privacy risk
  • Team norms

Evidence needed

What to gather before committing. Not after.

  • Risk-tier map
  • Review capacity assessment
  • AI usage norms
  • Incident or defect examples
  • Ownership and authorship policy

Signals from the ground

What's usually pushing the call, and what should

On the left, pressures to recognize and discount. On the right, signals that genuinely point toward one option or the other.

What's usually pushing the call

Pressures to recognize and discount.

Common bad reasons

Reasoning that feels convincing in the moment but doesn't hold up.

  • Everyone else is using it
  • We need productivity gains immediately
  • We can trust developers to figure it out locally
  • Generated code passes tests

Anti-patterns

Shapes of reasoning to recognize and set aside.

  • Blanket permission with no review upgrade
  • Blanket ban with no viable official path
  • Treating AI usage as a private developer preference

What should push the call

Concrete signals that genuinely point to one pole.

For · Broad AI-assisted development

Observations that genuinely point to Option A.

  • Low-risk work is well bounded
  • Review expectations are explicit
  • Generated work remains accountable to a human author

For · Risk-tiered or restricted AI assistance

Observations that genuinely point to Option B.

  • Blast radius varies sharply by surface
  • Review capacity is uneven
  • Critical systems need stronger controls

AI impact

How AI bends this decision

Where AI accelerates the call, where it introduces new distortions, and anything else worth knowing.

AI can help with

Where AI genuinely reduces the cost of making the call.

  • AI can help classify work by risk tier, draft review checklists, and compare generated changes against known risky surfaces.

AI can make worse

Distortions AI introduces that didn't exist before.

  • AI can make risky work appear routine by producing conventional-looking code.
  • AI can generate policy text that sounds complete without operational controls.

Relationships

Connected decisions

Nearby decisions this is sometimes confused with, adjacent decisions that are often entangled with this one, related failure modes, red flags, and playbooks to reach for.

Easy to confuse with

Nearby decisions and how this one differs.