AI productivity, under the control your regulators require.
A domain agnostic framework for governed, auditable software delivery. AI instantiates approved patterns from a validated requirement rather than freely designing software, so you capture the productivity of AI assisted delivery without surrendering the control your regulators require. The framework stays constant. Only the setup changes from one domain to the next. The trust layer for the software your enterprise ships.
Available today
Mapped to PRA, FCA, MAS, BNM, DORA and EU AI Act
Evidence by default
Same goal, twice, different code.
Most teams adopt AI coding the same way. An engineer opens a chat, describes what they want, accepts suggestions, iterates and merges. Output quality depends on whoever is prompting, in the moment. Give the same model the same goal twice and you get different code of different quality. The work is not reproducible, not auditable, and not safe for a regulated environment. This is vibe coding, and it is not what we build.
For a regulated enterprise that is a governance problem, not a style preference. The question a regulator asks is not only what your AI did, but whether you can prove the software that runs it was specified, reviewed and released under control. Vibe coding has no answer to that question.
AI Led SDLC
Capture against the journey template
Machine readable specification
Tests generated first
AI build against the spec
Independent verification
As built reconciliation
Vibe coding
Prompt the model
Accept what it returns
Merge and hope
Put two people in a vacuum and give them the same task. One has the rules, the patterns, the prior work and the constraints. The other has nothing. The first delivers. The second guesses. An AI agent is no different. Output quality is a function of the context the agent works from, not the cleverness of the model.
This is where most organisations will fail. Their documentation is fragmented or out of date, their patterns live in the heads of senior engineers, and their policies are written somewhere an agent cannot reference. Point an agent at that environment and you get vibe coding with extra steps. The missing ingredient is never intelligence. It is governed context.
AI does not speed up the old stages. It moves the work.
The machine readable specification becomes the control point. Humans declare intent and arbitrate at the gates, they no longer sit in the middle.
Machine readable specification
Impact and clarification, ambiguity reduced
Pattern resolution, approved patterns selected
Business intent, declare the outcome
Human arbitration
One screen. Ship, send back or escalate.
Persona based delivery
Specialised personas operate from versioned context, scoped tools and structured outputs.
Build
Code, config, IaC.
QA in parallel
Tests, MR policy, dependency scan.
Verification
The right code, not just good code.
As built reconciliation
Code compared to the approved specification.
Documentation from code
No parallel document drift.
Continuous compliance
Evidence pack and drift monitoring.
constrains â–¼
Take something we deliver repeatedly, a Keycloak authentication journey. Asked in a chat, the model invents an approach, picks its own defaults, and produces something that may work and may quietly breach a control. Nobody can say afterwards why a given choice was made.
Under AI Led SDLC the same request runs through a structured capture step that applies the journey template for that task type, validates every input against our knowledge base, fills implicit choices from established patterns, and flags whatever is missing. That produces a versioned, machine readable specification. Only then does an agent build, against the specification rather than the raw request, with the tests generated before the code, an independent check that it is the right code and not merely good code, and a reconciliation that proves what was built matches what was approved. Same task. One path is a guess. The other is evidence.
Humans declare intent, they do not hand write the requirement. Human written requirements are the single biggest source of inconsistency in delivery, so a capture persona drives a structured interview and produces the specification instead.
The code is the source of truth. Documentation is generated from it rather than maintained beside it, so it cannot drift.
Delivery runs as specialised personas. Each has a defined role, scoped knowledge and a structured output, and a human arbitrates the outcome on one screen, ship, send back, or escalate, rather than reading five separate reports.
Every change that could move quality is governed. The model, the patterns, the prompts and the templates are each evaluated against a golden test set before they go live, so regression is caught before a client ever sees it.
AI Led SDLC is not an identity tool. It is a framework for governed delivery that holds constant whatever the domain. What changes from one domain to the next is the setup, the context library, the templates, the knowledge bases and the golden test sets that tell the framework what good looks like in that field. The framework is the reusable intellectual property. The setup is the per domain investment.
Keycloak journeys is the first domain we have set up, not the limit of the offering. Because our encoded context is deepest in identity and in DevSecOps, those are the domains we are extending the framework across next. It applies wherever good can be written down in enough detail to verify against, and it is deliberately not for novel, greenfield or exploratory work, where good cannot yet be written down. A client does not start from a blank page. They adopt eight years of regulated engineering encoded as patterns, policies and templates, in the domains where we have already done the encoding.
We are not selling a faster Copilot. We are selling a framework for governed delivery with the context already in it, proven first in identity and extensible to any specialised domain where good can be written down. It is also the lowest risk way for an enterprise to start trusting autonomy, beginning with the software it produces, and it builds the evidence base that makes later agent governance with Icebreaker straightforward rather than daunting.
AI Led SDLC – FAQs
What is AI Led SDLC?
AI Led SDLC is a governed delivery system that takes a validated business requirement for a well understood workload and automates design, build and test through approved patterns, machine readable specifications and evidence producing controls. AI instantiates approved engineering patterns from business intent, it does not freely design enterprise software. Humans declare intent and arbitrate at clarification, exception and risk gates, specialised personas do the structured work, and an approved machine readable specification is the control point that everything downstream is built and reconciled against.
How is it different from vibe coding or just using Copilot?
Vibe coding prompts a model, accepts what it returns and merges, so output depends on whoever is prompting and is not reproducible or auditable. AI Led SDLC resolves ambiguity into an approved machine readable specification first, then AI instantiates approved patterns against it, with tests defined before build, independent review, and an as built reconciliation that proves the code matches what was approved. One path is a guess, the other is evidence.
Is AI Led SDLC available today?
Yes, as a scoped engagement beginning with Keycloak journeys. It is the part of trusted autonomy enterprises can adopt first, and the lowest risk way to start, beginning with the software you ship.
Which regulations does it map to?
PRA, FCA, MAS, BNM, EU DORA and the EU AI Act.