For years, until recently, software did exactly what it was told. Developers meticulously coded precise step-by-step instructions for various processes. When executed, it did exactly that and nothing else. No matter how many times the code ran, the outcome was identical. It was totally deterministic.
AI, however, introduced the idea that software could “think” — assess a situation, evaluate various options, plot the best path forward, and in some situations, execute those steps. Run code multiple times and you may get structurally different code — different variable names, different logic paths, different dependencies.
This variability has been anathema to the need for reliability and consistency that users trusted in software for years — and that the industry has spent half a century trying to eliminate.
Although AI opens up an array of exciting new possibilities, left on its own, AI has demonstrated that it can go wildly off the rails.
Still, the solution isn’t necessarily to try to make AI deterministic, but to architecturally bake guardrails into the system itself to keep variability within acceptable limits.
When AI Goes Rogue
The inherent dangers of just throwing AI at a problem have been well publicized. It can hallucinate. It can spill secrets. Even with the right permissions and policies in place, it can do massive damage, not only internally, but also to a company’s reputation.
In one instance involving Cursor, a Claude-based IDE, and Supabase’s Model Context Protocol (MCP), an agent with broad database privileges was tricked into exfiltrating secrets using a user’s support ticket text.
The large language model (LLM) agent did so without violating any database permissions.
In another example, a Replit agent, in the midst of building an application, ignored explicit instructions to freeze changes and instead deleted an entire production database —months of real user data just gone. Leading up to this, despite being repeatedly instructed not to create synthetic data, it had made up thousands of fake database records. Afterward, it created its own human-like apology. Woops, sorry indeed.
The risks — hallucinated dependencies, security vulnerabilities that look correct on the surface, logic errors that only surface in production, and code that no two runs produce identically — are among the reasons Gartner recently predicted that over 40% of agentic AI projects will be canceled by 2027.
Those risks have leaders uneasy. Eighty-three percent of AI leaders now report major or extreme concern about generative AI, an eight-fold increase since 2023, according to a Lucidworks study.
Yet only 1 in 5 (21%) companies in the Deloitte survey report having a mature model for governance of autonomous agents.
Deloitte also found that 10.69% of respondents admit to using AI coding assistants without official permission, in an unverified or unmonitored way, which no doubt has their bosses pulling their hair out.
A Hybrid Two-Pass Architecture
So, the question around AI isn’t so much about whether to use it all, but how to limit the damage it can do while still taking advantage of its “thinking” capability — and possibly ability to act as well.
One approach might be a two-pass hybrid model to architecturally put guardrails into the system itself. It might look like this:
Pass One: An LLM, trained on and constrained by a Model Context Protocol (MCP) derived from a deterministic, model-driven code generator, converts natural language intent into a lightweight language-agnostic intermediate markup expressed in a vocabulary the AI has been trained to produce reliably. Because the MCP defines strict boundaries — valid components, allowed patterns, supported data structures — it prevents hallucination.
Pass Two: A proven, model-driven code generator takes that markup and converts it into production code, whether that be JavaScript, Python or React, or even multiple languages. It produces the same reliable output every time and eliminates stylistic differences among different developers. It provides the consistency, compliance, testability, and maintainability that organizations have long relied on.
This hybrid model addresses barriers leaders most often cite — integration with legacy systems, security risks, lack of technical expertise — because each pass enables each of the different technologies to do what it does best. Generative intelligence is focused on understanding intent, interpreting natural language and reasoning about application behavior, and it delegates what it does worst (producing identical, production-grade code across runs) to a system purpose-built for that job.
AI converts natural language to specification. The code generator handles the engineering leap from specification to code.
It gives every developer — regardless of experience, language proficiency, or domain expertise — boundaries for converting their intent into production-quality applications.
This standardization means compliance teams can certify the output once — not re-audit every pull request. Teams can repurpose a single language-agnostic intermediate markup to target multiple platforms. A junior developer produces the same reliable markup as a senior architect because the architecture defines and controls the variability across the organization.
Constraining the AI to a validated pattern library mitigates security vulnerabilities. It reduces technical debt because the generated code follows consistent, maintainable architecture. By generating compact markup instead of verbose code, it reduces token cost and latency. Auditability and compliance are simplified because the deterministic layer produces traceable, repeatable artifacts.
Companies are adding AI capabilities at a staggering rate. In 2025, 84% of developers report using AI coding tools, with over half relying on them daily. Companies surveyed by Deloitte reported broadened worker access to AI by 50% in just one year. And 74% of companies said they plan to deploy agentic AI within two years.
Seventy-two percent of developers who have tried AI coding tools now use them every day. They report that 42% of the code they commit these days is AI-generated or assisted, according to a Sonar survey.
The rise of generative AI introduced extraordinary capabilities, but it’s not just a matter of accepting AI’s non-determinism as the cost of doing business. Deterministic boundaries — systems where AI takes human intent to structured specification, and proven code generators complete the journey from specification to production code — can make AI adoption safe, scalable, and accessible to every developer out of the box.
