https://justinivins.com/tags/architecture/Recent content in Architecture on Justin Ivins' BlogHugoen-usMon, 01 Jun 2026 08:00:00 +0000https://justinivins.com/posts/external-security-controls-for-ai-assisted-development/Mon, 01 Jun 2026 08:00:00 +0000https://justinivins.com/posts/external-security-controls-for-ai-assisted-development/<p>Recently I&rsquo;ve been doing a lot of configuration work to standardize environments. One of the goals of this experiment was to have all of our applications driven by App Configuration instances backed by pass-through Key Vaults, so a developer could pull down a repository and, with the appropriate local and environment permissions, be completely up and running. All the application needed was a connection string to an App Configuration. This would dramatically reduce the spin-up time for a new developer.</p> <p>One thing I noticed (and kudos to Anthropic and Claude here) was that the AI starts to learn this pattern and take advantage of it. It naturally fills in the appropriate parameters with the App Configuration and Key Vault variables it has access to. And it really made me start to wonder: this agent, acting on my behalf, has complete control over any Key Vault parameter, secret, certificate, or password I personally have access to.</p> <p>The agent had full access to my identity. And yes, I have standing access to a lot of environments and a lot of parameters. It made me think. Down the road, would I catch a call where the agent had mistakenly gone out and grabbed a production value? Where something got run against a production environment by accident? That, in my mind, was a problem.</p>https://justinivins.com/posts/solving-it-once-vs-building-it-forever/Sun, 19 Apr 2026 08:00:00 +0000https://justinivins.com/posts/solving-it-once-vs-building-it-forever/<p>You describe a problem to an AI, and it solves it. Maybe it writes a script, generates a query, builds a working prototype. It&rsquo;s fast, it&rsquo;s impressive, and it works. This is the moment that breaks people&rsquo;s mental models &ndash; because if AI can <em>do</em> the thing, surely it can <em>build</em> the thing. The leap feels small. It isn&rsquo;t.</p> <h2 id="what-the-highlight-reel-leaves-out">What the Highlight Reel Leaves Out</h2> <p>There&rsquo;s an ad making the rounds right now that nails the moment. A developer working from his home office and his phone buzzes. It&rsquo;s his product owner: <em>we need a leaderboard for the game, can you get something up today?</em> Cut to the developer typing in a few prompts in an AI coding tool. Cut to a working leaderboard, scores ticking up, and the dev celebrating the feature being delivered. Roll credits.</p> <p>I don&rsquo;t actually doubt the result. You probably <em>can</em> stand up something that looks like a working leaderboard in an afternoon with the right tools. The ad isn&rsquo;t lying about what&rsquo;s possible.</p> <p>It&rsquo;s quietly skipping what&rsquo;s finished.</p> <p>Between &ldquo;the screen shows a sorted list of names and scores&rdquo; and &ldquo;this leaderboard is live for the game&rsquo;s launch weekend&rdquo; sits an entire mountain of work that gets cut from the highlight reel &ndash; and that split, between a single instance of AI producing a result and using AI to build a platform that services real customers, is where most people get it wrong.</p>