Modern AI models, especially LLMs, behave in ways that feel useful, magical, and bizarre, sometimes all at once. They produce answers that look expert: clean grammar, domain jargon, neat formatting, even convincing code. That polish feels trustworthy and often is, yet polish is not proof. We still verify, and we design for failure because LLMs are gonna LLM.

Design like the AI model is a powerful, untrusted library: keep the surface small, permissions narrow, and effects contained. Claims carry their own evidence, and important steps get programmatic checks. Treat prompts and tool calls like code, with golden tests and contracts to catch drift. Dark release first, then stage changes based upon real telemetry. Keep ownership visible through audit trails and effective logging. We ground each practice in real failure modes, in plain language. The result is simple: failures stay visible and containable, and new power becomes safe to ship, from deleting a meeting to sending a Slack to reconciling a ledger.

Learning outcomes
* Distinguish polish from proof, and verify before we rely
* Recognize model-typical failures and where they surface in code
* Apply containment, verification, and testing to keep blast radius small
* Keep accountability human, with owners, audit logs, and human-in-the-loop where necessary