AI is no longer a lab tool—it’s showing up in pipelines, production systems, and the places where “seemed like a good idea” becomes a 2 a.m. incident. In this episode of #F5's Pop Goes the Stack, Lori MacVittie and Joel Moses are joined by John Willis, known for his work on DevOps and Deming, to separate what’s genuinely new about #AI from what looks like the same organizational patterns repeating under a new label. John frames the shift in two parts. First, the human side: every major technology transition triggers the same dynamics, and there’s a century of first principles from Deming and others that still apply. Second, the operational side: AI introduces a different kind of authority into the delivery loop. #DevOps optimized for speed with reasonably deterministic pipelines. AI pushes systems into probabilistic behavior, where correctness is no longer guaranteed 100% of the time and audits can’t pretend “this will never happen.” The conversation gets practical about what that means for enterprise teams adopting agents. The real questions aren’t whether tools use MCP or a CLI, but what authority an agent has: read-only, write/mutate, or execute. From there, you need boundaries, containment, escalation policies, kill switches, stronger logging, replayability, and the ability to justify decisions after the fact. The main takeaway is permission to slow down. Step back, define what risk you’re willing to accept at each stage, and build guardrails that match that risk. AI isn’t going away, but “move fast” without a risk model is just handing operational authority to a very smart script and hoping it behaves. Chapters: 00:00 Welcome to Pop Goes the Stack 00:59 DevOps meets autonomy: Why AI changes the rules 02:08 Patterns repeat: Deming, first principles, and organizational dynamics 04:09 Deterministic pipelines → probabilistic systems (risk becomes real) 04:58 Audit flips: From “never happens” to “acceptable failure rate” 06:51 Inference risk (Air Canada) vs agent risk (actions in prod) 09:18 HITL → HOTL: Calibrating how much authority agents get 10:16 Start with scope: Read-only vs write vs execute agents 11:53 Boundaries + containment: Kill switches, escalation, blast radius 12:45 Containment options: Wasm, eBPF, running agents at the edge 14:27 New requirements: Traceability, replay, explainability for audits 15:23 What feels new in AI but isn’t: Humans + hype cycles repeat 18:59 Key takeaways: Pause, set risk tolerance, then move 22:50 John's recommended AI 90-day plan for CIOs Learn how you can stay ahead of the curve and keep your stack whole with additional insights on app security, multicloud, AI, and emerging tech: https://go.f5.net/j23nzl09 Meet our guest: https://www.linkedin.com/in/johnwillisatlanta/ Check out John's book, Rebels of Reason: https://www.amazon.com/Rebels-Reason-Aristotle-ChatGPT-Heroes/dp/B0FCD969SD/ More about F5: https://go.f5.net/1da1guml Read our blog: https://go.f5.net/ieaes2ox Follow us on LinkedIn: https://go.f5.net/ljxucy4r

 54      1