We had a gap in our AWS environment. Every server session ran under a shared identity — meaning when something went wrong, we could tell auditors which team had access, but not which person. In regulated industries, that distinction is the difference between a clean audit and a finding.
The fix was known. The path to the fix was not — at least not for organisations running Microsoft’s identity platform, which is most enterprises.
An engineer spent weeks investigating. AWS Support was engaged. No clear answer emerged. The problem sat at the intersection of systems that different teams own, and nobody owned the full picture.
What Changed
The engineer applied an agentic AI system — not a chatbot, but a structured multi-agent workflow that runs parallel research, writes and reviews code, validates against formal specifications, and documents everything as it goes.
Two hours of parallel research across the full internet. One day of planning, building, testing, and documentation.
The gap is closed. The solution is running.
What Was Delivered
- Every server session now runs under individual identity — tied automatically to the corporate directory
- A compliance auditor asking “who ran that command?” gets a name, not a team
- New employees get the right access automatically when added to the directory. Departing employees lose it when removed. No manual steps
- The policy enforces itself across the entire AWS organisation — existing accounts, new accounts, all of it — automatically
- No one in a subsidiary account can disable it
Two deployment options were built: one for organisations without additional infrastructure requirements, one for organisations that need full individual accountability at the operating system level. Both are documented, tested, and ready to adopt.
The Return
Risk reduction. A shared session identity is an audit finding waiting to happen and an incident investigation that takes hours instead of minutes. Both are now resolved.
Operational efficiency. Access provisioning and deprovisioning are now zero-touch. Directory change → access change. Automatically.
Speed. A problem that had been open for weeks was resolved in a day.
Reusable methodology. The approach — formal specifications, peer-reviewed plans, parallel implementation, adversarial review — produces better-documented, more rigorously tested output than traditional delivery. And it captures institutional knowledge automatically, rather than leaving it in one engineer’s head.
The Workforce Question
This is the conversation every executive team is having: what does AI mean for our engineering headcount?
The honest answer from this project: the engineer was not replaced. They were elevated. Freed from implementation detail to make the judgment calls that actually require human context — which design approach, which trade-off, when the solution is good enough to ship.
The agentic system did not know the answer to this problem. The engineer knew enough about the problem to direct the system to find it.
In this engineer’s opinion, the right use of agentic AI is not headcount reduction. It is raising the ceiling on what your best people can deliver — and retaining the institutional knowledge that currently walks out the door when they do.
Whether organisations choose to realise that potential, or treat it as a cost-cutting mechanism, is a decision that will define the quality of the systems they operate for years to come.
Technical architecture, implementation details, and deployment templates are documented in the accompanying white paper and repository.
This post was itself produced in the same agentic model it describes.