Most AI products fail in the gap between “the model answered the prompt” and “the system can survive contact with users.”
At HiveNet, reviewing more than 10,000 real Intercom Fin conversations made that obvious fast. The average looked fine. The dangerous failures lived somewhere else: billing edge cases, compliance ambiguity, account-security conversations, and the moments where the model sounded certain for exactly the wrong reason.
That is why I no longer ask whether an AI feature is good. I ask whether the release bundle is safe to operate. Model, prompt, retrieval settings, tool manifest, guardrail policy, eval suite, and rollback path all move together. Change any one of them and you owe the system a new readiness check.
Production failures are rarely just model failures. More often they are domain ambiguity plus weak operating discipline showing up through a stochastic system.
This note is the launch gate I use now. Not a vendor benchmark. Not a responsible-AI poster. A production check for whether the feature deserves to meet a real user.
TL;DR: The 5 blockers that catch most fake-ready launches.
- No representative eval suite built from real tasks and edge cases
- No abstention or evidence thresholds, just vibes and polished answers
- No schema validation or bounded tool behavior for downstream actions
- No trace-level quality monitoring, only uptime and latency
- No granular rollback when the model, prompt, retrieval, or tools change
What production ready actually means
For me, production ready means I can answer five questions before GA:
| Failure mode | What blocks GA | Evidence I want to see |
|---|---|---|
| Unsafe or ungrounded answers | The system cannot abstain cleanly, cite evidence where needed, or escalate to a human | Representative and adversarial evals, plus a tested human handoff |
| Change-induced regressions | A model, prompt, retrieval, or policy tweak can silently ship without a fresh comparison against the previous release bundle | Versioned eval suites and before/after regression results |
| Unbounded actions or brittle parsing | Outputs break parsers or unsafe tool calls can slip through | Structured outputs, schema validation, parameter checks, approval gates, and explicitly mapped domain actions |
| Silent production decay | Quality can get worse while the service still looks healthy | Trace capture, sampled review, alerts on quality, schema, tool, and escalation regressions, plus reviewed failures feeding the eval set |
| Operational blast radius | The team cannot roll back, cap cost, or explain what changed | Granular rollback, runbook, kill switches, release-bundle versioning, and updated escalation guidance |
That is the whole difference between a demo and a product. Not model intelligence. Release discipline.
For deciding which AI features to invest in, I use RICE/DRICE. This release gate takes over once the team has decided to build.
1. Average quality is a vanity metric
Provider benchmarks are useful for model selection. They are not launch criteria. OpenAI and Anthropic both push teams toward task-specific evaluations run against representative samples and edge cases. That matches what I learned the hard way at HiveNet: “good on average” hides the failures that users actually remember.
The bar I want to see is:
- a gold set that mirrors real task distribution
- an adversarial set for policy abuse, ambiguous intent, multilingual edge cases, and out-of-domain requests
- a baseline against the non-AI path or human workflow
- regression runs on every change to the release bundle, not just model swaps
Fifty nice-looking chats and a demo script are not an eval program.
2. Raw confidence is not your safety system
I trust abstention rules more than I trust a model sounding certain.
That means:
- the system is allowed to say “I don’t know”
- grounded tasks must show evidence, citations, or source excerpts
- risky tasks have clear escalate-to-human rules
- pass criteria are based on groundedness, policy compliance, and task success, not polished tone
This is where a lot of teams still fool themselves. They talk about confidence as if the model’s self-belief were the control plane. In practice, evidence thresholds, abstention rules, and human fallback are much more dependable than a single confidence number.
3. If the model can act, every tool call is a permissions problem
This is where demo-grade AI usually collapses. Text generation feels magical. Real side effects demand old-fashioned systems discipline.
The minimum bar I want here is:
- structured outputs or typed schemas for anything a machine will consume
- parameter validation and allowlisted tools
- approval gates for destructive or high-cost actions
- idempotency rules and retry behavior
- tests for prompt injection, tool-output injection, cross-tenant leakage, and spend abuse
If an agent can take action, output quality is only half the risk. The other half is authorization.
This is also where Domain-Driven Design stops being architecture theater and becomes production safety. If approved, escalated, resolved, or even customer mean different things to product, support, legal, and the tool layer, your guardrails are built on sand. The model does not fix ambiguous domain language. It amplifies it.
4. Production AI fails quietly
Most AI incidents are not 500s. They are plausible garbage at scale.
That means traces, not just logs. I want to be able to see:
- prompt or template version
- model snapshot
- retrieved context identifiers
- tool calls and guardrail decisions
- latency, token usage, and cost
- user feedback and escalation outcomes
And I want alerts on the things that actually matter:
- groundedness or citation failure rate
- schema validation failures
- tool failure rate
- human escalation rate
- cost per successful task
If the only monitor you have is latency, you are monitoring the wrong system.
This is where KCS earns its place. Every flagged interaction, incident trace, and reviewer decision should tighten the system in the same loop: update the rubric, update the runbook, update the eval set. If production failures only live in Slack threads and vague memory, the model never really learns and the team never really gets safer.
5. Rollback has to be granular
The most useful concept I have for this now is the release bundle.
For AI, the release is not just code. It is:
- model ID or snapshot
- system prompt and template version
- parser or schema version
- retriever settings and index version
- tool manifest
- guardrail policy
- eval suite version
- operator runbook and escalation guide
If you cannot tell me which bundle is live, what changed, and how to roll back one part without taking the rest of the feature down, the system is not production ready.
That rollback also needs to be rehearsed. Not documented. Rehearsed.
What I got wrong
I used to overweight averages. They hid the failures that mattered.
At HiveNet, the risky cases were not the ones that made a vendor benchmark look bad. They were the ones that sounded fine until they touched billing, compliance, or account security. That pushed me away from generic accuracy claims and toward task-specific evals, reviewer loops, and evidence thresholds.
I also used to think of readiness as a late-stage QA ritual. I trust that framing a lot less now. If the eval suite, trace model, and rollback switches only show up two weeks before GA, the team is already late.
When to use less of this
Use a lighter version when:
- you are shipping an internal prototype with no external blast radius
- the feature is advisory only and cannot trigger actions
- the domain is low-stakes and the fallback to a non-AI path is cheap
Even then, I still want a minimal bar: representative examples, clear abstention language, and one safe rollback path.
If you are shipping into fintech, health, insurance, compliance, or any workflow that can lock someone out, misstate policy, or trigger a costly action, this is the floor, not the ceiling.
The gap between an AI demo and an AI product is not intelligence. It is whether the surrounding system can contain failure, surface drift, and recover quickly.
Related thinking
- RICE/DRICE decides which AI features to build in the first place
- I use the Signal Scorecard to evaluate the customer signals that should drive the AI roadmap
- Domain Bugs Cost More Than Code Bugs is the boundary-language discipline behind trustworthy tool contracts and escalation rules
- For measuring UX outcomes once the AI feature ships, I use a modified HEART approach
- Documentation Is a Product Surface is the operating rule behind runbooks, release criteria, and post-incident learning
Further Reading
- OpenAI - Production best practices - scaling, latency, cost, and production rollout guidance
- OpenAI - Working with evals - representative test data, eval runs, and regression discipline
- Anthropic - Define success criteria and build evaluations - task-specific eval design, edge cases, and scalable grading
- Anthropic - Reduce hallucinations - abstention, grounding, citations, and verification patterns
- Anthropic - Mitigate jailbreaks and prompt injections - layered guardrails for real deployments
- NIST Generative AI Profile - cross-sector risk management guidance for generative AI systems
