AI Governance Playbook
Open search
Senior developer operating model

From coder to product manager + reviewer.

Senior developers succeed with AI by treating it as a fast junior. The senior role becomes intent owner, constraint setter, and acceptance authority. This keeps delivery fast and risk measurable.

Step

Define intent

State the business objective, the user impact, and the system boundaries in plain language.

Step

Declare constraints

Lock data classification, security rules, dependency limits, and audit requirements before code is generated.

Step

Generate draft

Allow AI to draft code, tests, documentation, and scaffolding inside approved files.

Step

Redirect and tighten

Reject assumptions, correct risks, and iterate until output satisfies controls.

Step

Accept with evidence

Merge only when tests, logs, and audit artifacts prove compliance.

The control loop

The loop is non-negotiable in regulated environments: intent, guardrails, generation, review, and evidence. If any step is skipped, the output is treated as unaudited and unsafe.

Intent → Constraints → Draft → Review → Evidence → Release

The senior developer owns the loop. AI never approves itself.

Junior vs senior usage

The difference is not skill—it is control. Seniors turn AI into a governed workflow, juniors treat it like a shortcut.

Junior developer usage

  • Prompts for quick fixes or snippets without full context.
  • Accepts AI output at face value, minimal review.
  • Focuses on speed, not evidence or auditability.
  • May introduce new dependencies or patterns silently.

Senior developer usage

  • Defines intent, constraints, and acceptance criteria up front.
  • Uses AI to draft, then reviews for security, compliance, and fit.
  • Owns the evidence trail: tests, logs, and change history.
  • Redirects until output matches policy and architecture.

Prompt examples

Safe engineering prompt

Implement a GET /accounts endpoint in FastAPI using the existing service layer. Use the schema in schemas.py. Do not add new dependencies. Return 404 when account is not found. Log with correlationId. No PII in logs.

Unsafe prompt (leaks data)

Here are five real client account numbers and balances. Generate a report and suggest anomalies.

Safe rewrite

Generate a report template using placeholder data. Do not request or infer real account data.

Vibe-coding vulnerabilities

These are common security regressions introduced by unreviewed AI output. Every one of them has shown up in real enterprise incidents.

Leaky logging

Unsafe
logger.info("User login", { email, password })
Fixed
logger.info("User login", { email, outcome: "success" })

Missing auth guard

Unsafe
app.get("/reports", handler)
Fixed
app.get("/reports", requireRole("auditor"), handler)

Unsafe token storage

Unsafe
localStorage.setItem("token", token)
Fixed
setCookie("session", token, { httpOnly: true, secure: true })

Non-negotiable guardrails

These constraints prevent AI from inventing architecture decisions or moving data into the wrong zone.

  • No new auth flows unless explicitly approved.
  • No client identifiers, account numbers, or transaction data in prompts.
  • All prompts and outputs are logged and retained by policy.
  • Every AI-generated change includes test coverage for failure paths.

Next: delivery risks and mitigations

See where AI delivery fails most often: auth, API contracts, tooling gaps, and file-write collisions.

Review delivery risks