Part three of a series on building AI compliance honestly. With 91% AI adoption and 22% of merged code now AI-authored, the point-in-time check - pen test, annual audit, pre-release scan - can no longer keep pace. When AI is in the product too, the system being secured is probabilistic and the combinatorial explosion of agent execution paths makes pre-deployment characterisation infeasible. Why the only fix is a continuous compliance loop that escalates judgement to humans at the speed AI writes code.
Part two of a series on building AI compliance honestly. How the Waivern Compliance Framework treats compliance as code: YAML runbooks and rulesets, schema-validated message passing, connectors that read the real system rather than questionnaires, and why every piece of it is open source. The architecture that keeps regulatory judgement with humans while letting the model earn its place transparently.
Part one of a series on building AI compliance honestly. Anthropic's Claude for Legal release commoditised the connector layer of compliance automation and reaffirmed that regulatory judgement belongs to humans. Here's why that is unambiguously good news for anyone building compliance tools honestly, a look at how the major players actually handle compliance decisions, and the one question buyers should ask to separate marketing from architecture.
As the CTO and co-founder of a company creating open-source tools, I spent 30 days using Claude Code for over 150 hours. After years of being hands-off in tech, I wanted to become a recovering programmer. Here are the lessons I learned about working with AI coding agents, from critical evaluation and workflow strategies to code quality and technical debt traps.
