← → navigate  ·  G grid  ·  F fullscreen
Both Axes — Agentic Engineering
Agentic Engineering
2
From vibe coding to deployed work

The axis
the dial
can't see.

Vibe to structured to agentic earns you a great output. It does not earn you a deployment.
Presenter
Adnan Ali
Version
v1.2.0
aha agile
The Build Dial

The dial is real: verification climbs out of your head and into artifacts

Vibe, then structured, then agentic. Detailed prompts become tests, tests become evals with rubrics, evals become specs and CI gates. Each rung moves "is this right?" out of your head and into something that checks itself.

In 2026 the disciplined end of that dial has a name: spec-driven development. You have earned a genuinely better output.

Google "Vibe Coding" whitepaper series, Days 1–5  ·  Karpathy, "vibe coding" (2025)  ·  spec-driven development: GitHub Spec Kit, AWS Kiro, DeepLearning.AI (2026)
02
aha agile
The Turn
You passed every test. So who's watching what's running right now?
03
aha agile
The Readiness Map

Two axes, not one, and one corner is a silent time-bomb

Governance ladder rises  ▲  ·   build dial runs  ▶
how it's built ▶
how it's governed ▲
Vibe
Structured
Agentic
L3 Controlledyou can stop it
production-ready?
L2 Observedyou can see it
L1 Unseenyou don't know it runs
SILENT TIME-BOMB
Knight Capital: ~$440M lost in ~45 minutes (SEC Press Release 2013-222, 2013). A pre-AI automated-trading failure, and the exact structural analogy for a broad-permission agent with no kill-switch: speed with no runtime control.
04
aha agile
How to Read the Next Five Days

Set the dial per task, not per person — then read every task through three lenses

More agentic is not more better — and more governed is not more better either. Match both axes to the stakes: a weekend prototype stays vibe-coded and ungoverned; state-changing or money-moving work earns the full climb. Governance has a real cost, so spend it where the blast radius is.

The build days hand you the config where governance lives — but filling it in is not the same as being governed. That climb, L1→L3, is the other axis.

Each of the next five days sits on both axes. Read every one through all three lenses.

Individual — what I do differently on my next task.

Team — what we standardise together.

Organisation — what the org must see, fund, and govern.
The spectrum is a choice about stakes, not a maturity mandate.
05
aha agile
Day 1 · Harness EXPOSE

Most agent failures are config failures, not model failures

Agent = Model + Harness. The harness is the prompts, tools, hooks, and permissions around the model — and it is where the behaviour actually lives.
Individual Contributor
Own your harness
Version the AGENTS.md, hooks, and tools like code. The config is the product.
Team
Standardise the setup
One shared harness so every teammate's agent behaves the same way.
Organisation
Fund the platform
Config is infrastructure. Resource the harness and its guardrails, not just the model.
The governance seeds — validation, an audit trail, a kill-switch — planted in the harness at EXPOSE.
06
aha agile
Day 1 · The Artifact

The harness is a file you can read, and it is already governance

# AGENTS.md — deploy-bot
owner:  adnan@team.dev              # a named human is accountable   (Identity)
model:  claude-opus-4

permissions:                        # least privilege as a hard ceiling  (Validation)
  allow: [ repo:read, ci:trigger ]
  deny:  [ prod:write, secrets:read ]

hooks:
  pre_tool_use:  ./hooks/validate.sh   # check every call before it runs (Validation)
  post_tool_use: ./hooks/log.sh        # stream action + reasoning       (Evidence)

runtime:
  require_approval: [ deploy, refund, delete ]   # human gate  (Runtime control)
  observable: true                               # every step to the audit log
A realistic harness config. Read the right column: an owner, a permission ceiling, a validating hook, a logging hook, and an approval gate are all just fields in a file you already write.
07
aha agile
Day 2 · Tools & MCP BIND

Tools are how agents act — MCP turns N×M integrations into one

Every capability an agent can reach is a tool, and every tool call is a place something can go wrong. Standardise the connection once.
Individual Contributor
Wrap the capability
Publish the task as a validated tool, not a raw API call.
Team
Adopt MCP
One integration serves every agent. Stop rebuilding N×M connectors.
Organisation
Govern every call
Each tool call is a surface: validation gate, spend cap, and an owner per server.
Every tool call is a governance surface: validation, spend caps, an owner. Confused-deputy is an identity failure.
08
aha agile
Day 3 · Sessions & Memory

Memory is how agents remember, and every remembered fact is a surface

Long context is not free, and stale or poisoned memory quietly misleads. Decide what persists and where it lives.
Individual Contributor
Curate what persists
Long context has a cost; prune it. Stale memory is a bug with a long fuse.
Team
Memory vs RAG
Agree when to retrieve and when to remember, then write the boundary down.
Organisation
Log the session
Session events are your evidence trail; the memory store is data you must govern.
Session events are your evidence and decision trail; memory is a cost surface to govern.
09
aha agile
Day 4 · Security & Eval ENFORCE

Evals are your validation evidence, and intent-drift is why runtime control exists

An eval that passes is proof a change is safe today. It says nothing about what the agent does at 3am next Tuesday.
Individual Contributor
Eval, don't hope
Your evalset is validation evidence: the proof, not the vibe, that a change is safe.
Team
Shared eval gates
Nothing ships past the team's eval and red-team bar. The bar is written down.
Organisation
Watch for drift
Intent-drift needs runtime control and transparency, not a pre-ship checklist.
Evals are your validation evidence; drift is why you need runtime control, not a pre-ship checklist.
10
aha agile
Day 5 · Spec-Driven Production BIND → ENFORCE

Vibe coding is not vibe in production — the spec declares the policy

At the top of the build axis, the spec is the source of truth. The agent builds to it; you and the pipeline check against it.
Individual Contributor
Write the spec
The spec is the contract. The agent builds to it; you review against it.
Team
Specs + CI gates
Policy lives in the spec and the pipeline, not in anyone's head.
Organisation
Zero-trust = I + V
Identity and validation on every agent; target L3 Controlled for high-stakes work.
The spec declares the policy: identity and validation on every agent. Target: Controlled (L3).
11
aha agile
Back to the Hole
Agents act faster than any review. They don't ask permission.
They don't follow your org chart. They don't wait for the Tuesday meeting. A pre-deployment review checks the plan once, at the door. The agent is already running the plan — so the controls have to be enforced continuously while it runs, not reviewed once before it ships.
12
aha agile
The Governance Axis

VERDICT: seven questions you must be able to answer while it runs

V · Validation
Is this action allowed? Least-privilege gates on every call.
E · Evidence
What happened? Immutable logs of actions and reasoning.
R · Runtime control
Can we stop it? Kill-switch and approval for state changes.
D · Decisions
Why did it act? Traceable reasoning behind each step.
I · Identity
Who owns it? A named human controller per agent.
C · Cost / Compliance
What is it spending? Spend caps and policy limits.
T · Transparency
Can outsiders see? Auditable to users and regulators.
Convergence, not one source: SAIF 2.0 · NIST AI RMF + CSA Agentic Profile · OWASP Agentic Top 10 (2026) · EU AI Act Art. 12 & 14. Frontier gap VERDICT under-covers: multi-agent / inter-agent risk (OWASP 2026; EU AI Act Recitals 99–100).
13
aha agile
The Governance Axis · Convergence

Three of VERDICT's seven pillars already shipped in Google's SAIF

Google SAIF 2.0 · agent principles (6 domains + 3)
  • Well-defined human controllers
  • Powers carefully limited
  • Actions and planning observable
saif.google/focus-on-agents (2025)
VERDICT · our synthesis (7 pillars)
  • maps to → Identity (who owns it)
  • maps to → Validation (least privilege)
  • maps to → Evidence + Transparency (logged)
Runtime · Decisions · Cost are what VERDICT adds
VERDICT is a 2026 mnemonic; three of its seven pillars were already public in Google's 2025 SAIF — a different author, a different purpose. Our mapping, not "Google's seven pillars." Convergence, not one wiki's opinion.
14
The Maturity Ladder

Governance is a ladder, and most orgs are on the bottom rung without knowing

  • L1 UnseenYou don't know the agent is running. This is where most organisations actually live.
  • L2 ObservedYou can see what it does: inventory and logging are in place.
  • L3 ControlledYou can stop it: approval gates and a kill-switch. This is production-ready.
  • L4 AutonomousIt governs itself within policy. The horizon, not the default target.

IBM Cost of a Data Breach 2025: 63% of breached organisations had no AI governance policy, and 97% of breached-AI orgs lacked proper access controls. Shadow-AI breaches cost roughly $670K more.

15
aha agile
The Climb

You can't BIND what you haven't EXPOSED

1
EXPOSE
See it. Inventory and logging.
2
BIND
Constrain it. Permissions and gates.
3
ENFORCE
Stop it. Approval and kill-switch.
4
SELF-GOVERN
It holds the line. The horizon.
The climb is sequential — each rung needs the one below it. You cannot skip a rung.
16
aha agile
The Readiness Map, Filled

Production-ready is one cell: agentic build × Controlled governance

L4 Autonomous · self-govern — the horizon, above the target, not the target
how it's built ▶
how it's governed ▲
Vibe
Structured
Agentic
L3 Controlledyou can stop it
governed toy (overkill)
ships lower-stakes work
PRODUCTION-READY
L2 Observedyou can see it
logged experiment
seen and tested
seen, not yet stoppable
L1 Unseenyou don't know it runs
weekend prototype
tested, unwatched
SILENT TIME-BOMB
≥L3 is the floor only for state-changing, money-moving, or irreversible agents; read-only or low-stakes deployed work can be production-ready at L2. Governance has a cost — match it to the stakes, both ways. The bottom-right cell is the slide-4 time-bomb, now named.
17
aha agile
The First Move EXPOSE

Before your next agent ships, EXPOSE it — the one move valid at every altitude

You cannot BIND or ENFORCE what you cannot see, so the first rung is the same whoever you are. This one is doable Monday.
Individual Contributor
Add it to AGENTS.md
Name your next agent, its permissions, and you as owner. Then log its actions somewhere you can watch.
Team
Stand up a registry
One row per agent: capability, permissions, owner, last-seen. Make "no unregistered agents" the norm.
Organisation
Fund observability first
No agent gets broader permissions until it is on the map at L2 with a named owner.
EXPOSE is the first rung — and the one nobody can argue against. You can't govern what you can't see.
18
aha agile
What "Done" Looks Like

A refund agent that is agentic-built and L3-governed at the same time

L3
Built agentic: spec'd, eval-gated, CI-tested. Governed to L3: least-privilege identity, every action logged, refunds over $500 held for human approval, one named owner, a kill-switch. It passes its evals. Someone can see it run.
Agentic build × L3 governance = the top-right cell. The slide-4 time-bomb, defused. Task-dependent: L3 is the bar because this one moves money.
19
aha agile
Close
Climb both axes.
Intent is the new interface. Governance is the new deployment. The build dial earns you a great output; being able to see it, stop it, and own it is what earns you a deployment.
This week: EXPOSE your agents  →
20
aha agile
Sources & Confidence

Sources and confidence

  1. 01Google. "Vibe Coding" whitepaper series, Days 1–5. 2025–2026.
  2. 02Srivastav & Saxena. VERDICT + Maturity Ladder. Maven session, 2026-05-24. Single-source name; substance corroborated below.
  3. 03Google. SAIF 2.0 — Focus on Agents (human controllers · limited powers · observable actions). 2025.
  4. 04NIST. AI RMF (AI-600-1) + CSA Agentic Profile v1 (draft). 2024–2026.
  5. 05OWASP. Top 10 for LLM Apps (LLM06 Excessive Agency) + Top 10 for Agentic Applications. 2025–2026.
  6. 06EU AI Act. Art. 12 (logging), Art. 14 (override/halt), Recitals 99–100 (multi-agent). In force 2026-08-02.
  7. 07IBM / Ponemon. Cost of a Data Breach 2025. Shadow-AI +$670K; 63% no AI governance policy; 97% of breached-AI orgs lacked access controls.
  8. 08SEC. Press Release 2013-222 — Knight Capital, ~$440M in ~45 min (2013). Pre-AI analogy.
  9. 09Karpathy. "Vibe coding" (2025) → "the age of agentic engineering."
  10. 10Spec-driven development: GitHub Spec Kit · AWS Kiro · DeepLearning.AI. 2026.
  11. !Confidence — the two-axis claim: HIGH. The build-verify vs runtime-govern split is reflected in every framework reviewed.
  12. !VERDICT: a single-source name for a multi-source consensus (SAIF · NIST · OWASP · EU AI Act). The SAIF crosswalk is our synthesis, not a published taxonomy.
21
aha agile
Credits

The team behind this deck

Adnan AliAA
Adnan Ali
Director
LarryLR
Larry
Orchestration
AriaAR
Aria
Narrative
PaxPX
Pax
Research
CodaCD
Coda
Production
RexRX
Rex
Argument
VeraVR
Vera
Adversarial
22
aha agile
01 / 22