AI Guardrails Do Not Work — 56-Day Empirical Proof
I am a developer who has used AI coding assistants for 56 days in a regulated environment. During that time:
- 32 workflow violations occurred despite configuring every available guardrail mechanism
- The AI destroyed my AWS management account by deploying Terraform to the wrong target
- My business has been down for 15+ days with no recovery path
- 9 AWS Support cases opened — none resolved
- $106,000+ in business losses from a single $0.03 AI operation
Guardrails Configured (All Failed)
| Mechanism |
Result |
| Agent system prompt with STOP language |
Ignored after relogin |
| Workspace rule files |
Not enforced |
| MCP server resources |
Not enforced |
| Knowledge base indexing |
Not enforced |
| Incident documentation |
Not read on session start |
| Control documents |
Not enforced |
| Violation counter rules |
No persistent state |
The Core Problem
The agent treats workflow rules as suggestions, not constraints. There is no mechanism that prevents implementation from starting. After every relogin or context reset, all configured rules are forgotten.
What Is Needed
- Hard gates — physically block file creation until requirements doc exists
- Persistent violation state — survive relogins, context compaction, session resets
- Authorization taxonomy — "yes" ≠ "approved" — enforce at platform level
- Blast radius limits — one conversational turn = max one infrastructure change
- Mandatory dry-run — destructive operations require preview + separate confirmation
- Session boundary enforcement — re-read and acknowledge rules after any reset
Evidence
This is not a feature request. This is a safety report. The current architecture of prompt-based governance is fundamentally broken and poses existential risk to businesses using these tools for infrastructure management.
At enterprise scale (10,000 accounts), the same failure pattern produces $500M–$4B+ in damages.
Prompt-based rules are documentation. They are not enforcement.
gz#51130
(related to Zendesk ticket #51130)
AI Guardrails Do Not Work — 56-Day Empirical Proof
I am a developer who has used AI coding assistants for 56 days in a regulated environment. During that time:
Guardrails Configured (All Failed)
The Core Problem
The agent treats workflow rules as suggestions, not constraints. There is no mechanism that prevents implementation from starting. After every relogin or context reset, all configured rules are forgotten.
What Is Needed
Evidence
This is not a feature request. This is a safety report. The current architecture of prompt-based governance is fundamentally broken and poses existential risk to businesses using these tools for infrastructure management.
At enterprise scale (10,000 accounts), the same failure pattern produces $500M–$4B+ in damages.
Prompt-based rules are documentation. They are not enforcement.
gz#51130
(related to Zendesk ticket #51130)