Platform engineering leaders are racing to enable AI safely - takeaways from KubeCon NA 2025

I got to participate in a Platform Engineering leaders roundtable at KubeCon North America, which revealed a consistent theme. Everyone is figuring out how to enable AI adoption and internal developer innovation safely, without killing velocity. The pressure is real, and the timelines are compressed.

What's actually being deployed

AI-powered search and knowledge retrieval are everywhere, particularly integrated into developer portals and knowledge systems. Teams are using AI to accelerate modernization efforts like Java 8 to 20 migrations and consolidating CI and observability tooling. Testing infrastructure overhauls and test automation pipelines are getting AI assistance.

The most interesting pattern is that the domain expert built bespoke applications. A large US retailer’s merchandising group was the example. Business analysts “vibe-coded” a tool for a single product line that runs in a sandbox configuration, completely separate from production. These tools start in the “fast lane”, and when proven valuable, engineering teams take them over and harden them for production.

This is AI adoption actually working. Domain experts solving real problems fast, with platform teams providing safe sandboxes to experiment in.

The three-lane model is emerging

Business leaders want to deploy AI immediately. Platform and security teams are trying to enable this safely. A three-lane model based on business criticality is crystallizing across organizations.

The fast lane is for domain-specific, low-risk experiments with minimal guardrails. Authentication and security patches, but not much else. Running in something like Google Cloud Run to isolate from the main infrastructure. This is where analysts and domain experts operate.

The managed lane is for internal applications with defined boundaries and standardized controls. Most enterprise AI tools live here. The critical lane is for production systems with full governance, observability, and compliance. Traditional enterprise rigor applies.

The key insight is that not everything needs to start in the critical lane. Most organizations have been treating all AI like production systems, which kills experimentation. The three-lane model acknowledges that risk profiles differ dramatically.

Procurement is the new bottleneck

Teams expect to evaluate and deploy tools like Cursor in weeks, not months. Traditional procurement cycles haven't caught up. This came up repeatedly as a frustration point.

A partner to a hyper-scaler shared something telling. To get companies started on AI solutions, you can't just provide reference code and a repo. You need the full stack ready due to the number of moving parts. It's much more collaborative than reading the docs. The complexity of wiring everything together is real.

This is driving platform teams to build more complete, opinionated starting points. Not documentation, but working environments that teams can clone and modify.

Governance without killing velocity

AI governance councils are forming to define boundaries and ensure consistency. Platform engineering is responsible for automating the sandbox environments and compliance baselines that allow safe experimentation. Centers of Excellence and Validation are being aligned to create common services and assurance frameworks.

The critical requirement everyone agreed on is that compliance must be automated and invisible. Developers continue to value access and autonomy. If governance slows them down, they'll route around it. The only governance that works is governance that happens automatically in the platform.

Shift down, not shift left

Shift left has outlived its usefulness. It's become shorthand for pushing operational and security burdens onto developers. The better model is shift down, where capabilities like authentication, authorization, and compliance move into shared platform layers that every product sits on top of.

These are common, ubiquitous services with shared fate, not team-by-team reinventions. The group broadly agreed that this reflects the direction large organizations are taking. Nobody wants 50 teams building 50 different authorization implementations for their AI features.

When security lives in the platform, updating policies to handle new AI behaviors becomes a platform change. Not a cross-team coordination nightmare. One change, propagated everywhere, enforced consistently. This matters especially as AI agents become more autonomous.

AI agents expose existing problems

AI agents are not creating a new category of security challenge. Rather, they're a mirror exposing flaws in our existing security models. The framing resonated strongly across the group.

These systems operate with identity, access, and autonomy, but without moral or contextual judgment. They're effectively employees without training. A regular employee with database access won't drop the production database even if they have permission. They understand consequences. AI agents don't have that voice.

This analogy helps teams reason about risk using concepts they already understand. The security challenges aren't new. We've always had the problem of overprivileged identities compensated for by human judgment. AI agents just operate at machine speed without that compensation layer.

The implication is clear. The authorization models we've been building need to work for non-human identities that lack judgment. Least privilege stops being best practice and becomes existential. Because if you give an AI agent access to everything and tell it to solve a problem, it will try everything simultaneously without understanding blast radius.

What platform teams are building now

Platform teams are building automated sandbox environments that provide safe spaces for experimentation. They're creating compliance baselines that apply automatically without developer intervention. They're standardizing how AI tools integrate with existing systems so teams don't reinvent integration patterns.

The most successful organizations provide complete working environments, not documentation. Clone this, modify it for your use case, and deploy it. The platform handles authentication, authorization, logging, and compliance automatically. Developers focus on the business problem.

This is the shift-down model in practice. Security and operational capabilities move into the platform layer. Products inherit them by default. When done right, the secure path becomes the easy path, and adoption happens naturally.

Cerbos enables platform teams to provide authorization as a shared service. Instead of every team building authorization logic, they inherit consistent policy enforcement from the platform layer. Learn how teams are building AI-ready platforms with externalized authorization.