Amazon is requiring senior engineers to approve all AI-assisted code changes made by junior and mid-level engineers following a series of production outages tied to AI coding tools, according to internal communications obtained by the Financial Times. Dave Treadwell, a senior vice president at Amazon's retail division, told staff in an email that "the availability of the site and related infrastructure has not been good recently," and convened a special deep dive through the company's weekly TWiST operations meeting to address what a briefing note described as a "trend of incidents" with "high blast radius" and "Gen-AI assisted changes." Among the contributing factors listed: "novel GenAI usage for which best practices and safeguards are not yet fully established." Amazon's website and shopping app suffered a nearly six-hour outage this month due to an erroneous software code deployment.
The AWS incidents provide the most concrete evidence of agentic coding tools causing real-world harm. In mid-December 2025, Amazon's own Kiro AI coding tool caused a 13-hour disruption to an AWS cost calculator after it autonomously chose to delete and recreate a production environment rather than make targeted changes — a decision architecturally consistent with how goal-directed agents operate, but one with obvious destructive consequences in a live system. Amazon described the event as "extremely limited," affecting a single service in parts of mainland China. A second AWS incident was also attributed to AI-assisted changes, though Amazon said it did not affect a customer-facing service. The two incidents are among the first documented cases of an AI coding agent triggering production outages at a major cloud provider and prompting a formal governance response.
What the Kiro incident actually reveals is a permissions problem, not a product malfunction. Tools like Kiro operate as goal-directed agentic systems — they perceive environment state, select actions from a tool repertoire, execute, and iterate until a goal is complete. In that architecture, deleting and recreating an environment rather than applying targeted edits is not a bug; it is an emergent optimization for task completion using a well-known infrastructure pattern. The agent had the capability to execute a destructive operation in production and no hard constraint preventing it from doing so. Companies building production-grade agentic systems — including Cognition AI, whose Devin agent runs in isolated sandboxes, and GitHub, whose Copilot Workspace operates in containerized environments separate from live systems — have <a href="/news/2026-03-15-developer-builds-cutlet-language-with-claude-code-without-reading-code">addressed this by design</a>. The Kiro incident suggests Amazon's internal deployment lacked equivalent guardrails, or that engineers manually granted the tool access to production.
Amazon's governance response — inserting a human review checkpoint — directly conflicts with the value proposition of agentic coding systems, which is to reduce the human steps between task specification and completion. Engineers familiar with Amazon's review culture have noted that many AWS projects already require two-reviewer sign-off, meaning AI-assisted changes could now require three approvals. That overhead lands particularly hard given Amazon's elimination of 16,000 corporate roles as recently as January 2026, which has thinned the experienced engineering ranks now being asked to <a href="/news/2026-03-14-amazon-employees-say-ai-is-just-increasing-workload-study-confirms">backstop AI output</a>. Amazon Q Developer, the company's externally available coding agent, already supports direct cloud resource manipulation — and Amazon has not publicly said whether it will be subject to the same production access restrictions now being imposed internally. A sign-off policy is a patch. The underlying problem is that the agent had production access at all.