For platform teams and regulated organizations — multi-tenant, governance, compliance, audit
The 2026 audit conversation about AI usage has gotten sharp. The questions are sophisticated, the evidence asks are specific, and most shops can't produce what's being asked for. Here's what the conversation actually sounds like and where the gap sits.
A year ago I wrote about treating each AI interaction as its own bounded unit, own context, own audit, own memory boundary. Twelve months of building inside that pattern is enough material to grade what held up, what didn't, and what I missed entirely.
MCP won the integration layer. That doesn't mean every tool integration in 2026 should be MCP. The honest architecture is MCP for 80% of cases plus a small set of deliberate escape hatches for the 20% where the protocol shape doesn't fit. Worth being specific.
The playbook for a single-tenant to multi-tenant migration done well, additive schema, identity backfill, dual-path policy enforcement, row-level security, observability for both paths, traffic shift, deprecation. What I wish I'd known on day 1.
Three years after I sketched what a real training-data market would need, the structural pieces still aren't in place. The lawsuits stalled, the settlements happened, the tiny markets exist at the edges, and the actual marketplace at scale doesn't. Worth being honest about why.
A trace from request to response is half a trace. The other half is from outcome back to the rule that allowed it. Most platforms have one direction; few have both. Why bidirectional matters for debugging, for audit, and for AI agent decisions, and the pattern that makes it work.
By early 2026, open-weights models are competitive with closed frontier on most workloads I actually run. The gap that remains is real but narrower than the keynote conversation suggests, and the practical case for owning your stack got stronger, not weaker.
You're not a team of one anymore. Engineering logs aren't audit trails. Auditors want six things: who, what, when, why-allowed, what-changed-as-a-result, and signed proof of immutability. The gap between 'we have logs' and 'we have an audit trail' is wider than most teams realize.
A practical six-rung ladder for AI agent autonomy: suggest, draft, execute-with-confirmation, execute-bounded, execute-with-rollback, execute-and-report. Each rung has different operational requirements. What promotes an agent from rung N to N+1, and what sends it back down.
The four 'as code' methodologies aren't competing, they layer. IaC builds the foundation. Config-as-code parameterizes it. PaC enforces what's allowed. DaC is the surface a non-engineer reads. Walking through the layers, with concrete examples from Terraform up to the form a business owner sees.
Three layers, top to bottom: applications (the AI features users see), platform (model registry, serving, observability, governance), substrate (K8s, GPUs, storage). Decisions as Code runs through every layer. Centralize the decisions. Project them everywhere.
Multi-tenant from day one is roughly 2x the cost of the single-tenant version. The hidden costs aren't in the code, they're in auth, audit, query routing, observability, support tiering, and billing. Often the cheaper move is to start single-tenant and earn your way in.
