When AI coding tools generate changes at machine speed, the blast radius of a bad change scales with it. The safety net that catches errors — peer review, gradual understanding, implicit team knowledge — is bypassed when code is generated and shipped by agents, which lack organizational context and operate faster than human review capacity. **The pattern:** insert deliberate friction into the deployment pipeline for AI-assisted changes, trading raw velocity for reliability at the point where AI-generated code introduces the most risk. ## Amazon's 2026 Response After 4 Sev-1 outages in one week traced to "Gen-AI assisted changes," Amazon added a senior sign-off gate (junior/mid engineers can't push AI-assisted code without senior approval) and "controlled friction" (Dave Treadwell) across ~335 Tier-1 systems. Separately, an AWS AI tool asked to make changes deleted and recreated an environment — a 13-hour recovery. ## The Friction Spectrum (light → heavy) 1. **Automated gates** — CI/CD checks flagging AI-generated changes 2. **Required documentation** — AI PRs must include rationale / architectural impact 3. **Human approval** — senior sign-off on AI-touched code paths (Amazon's approach) 4. **Change moratorium** — temporary freeze on AI changes to critical systems This applies Coda Hale's change-boundary theory to AI: gates restore boundary visibility ([[Change Boundaries]], [[Coupled Change Boundaries]]) and put an [[Active Operators|Active Operator]] back in the loop. Sources: Business Insider & Fortune (Mar 2026); [[Amazon is holding a mandatory meeting about AI breaking its...]].