@Voxyz_ai ya same 20x here. Then tried using 5.6 Sol Ultra with Deep Scan on one of my repo. Already burned my 5 hours limit twice today and still running!!
Most AI teams are over-indexed on demos and under-indexed on failure modes.
The demo shows what happens when everything works.
The business dies in the edge cases.
Question I am wrestling with:
What evidence would make a risk or compliance team trust an AI workflow enough to approve launch?
A score is not enough. I think replay matters.
Design question:
Should an AI workflow simulator own business state?
My current answer: no.
The domain system owns business truth.
The simulator owns synthetic cohorts, scenario time, replay evidence, and baseline vs proposed comparison.
Working on replay evidence today.
The question is not just:
"Did the workflow fail?"
It is:
"Can a product, risk, or compliance person replay the exact path that caused the failure?"
Without replay, evals become opinions.
Most companies test AI like software.
But AI workflows behave more like operating decisions.
A bad response is annoying.
A bad escalation, denial, recommendation, or policy decision can create real customer harm.
AI product teams:
Do you test workflows against synthetic customer scenarios before launch?
Or are you mostly testing prompts, transcripts, and happy paths?
MCP servers should not just expose tools.
They need control planes.
Especially when a tool can scan systems, call APIs, mutate state, leak data, or trigger expensive operations.
Tool access without policy is faster chaos.
Founder note:
I am trying to avoid building another AI dashboard.
The goal is decision evidence:
Should this workflow ship?
Who is affected?
What failure path proves it?
The more I work on AI workflow simulation, the more convinced I am that "good response" is the wrong bar.
The bar is:
Did the customer outcome improve, fail, or create risk?
For people in AppSec:
Would you trust an AI agent to run security scans if it had scoped targets, dry-run mode, audit logs, policy enforcement, and replayable reports?
Or still too risky?
I think the next wave of AI testing moves from:
"Is the answer good?"
to:
"Which customer segment was affected, what changed, and can we replay the failure?"
That's the gap I'm building around with https://t.co/kji696MjrL.
Product lesson I keep relearning:
A feature is not a feature until the buyer can explain the risk it reduces.
"Simulation" is abstract.
"Know which customer cohort gets harmed before launch" is concrete.
A lot of AI demos are basically:
"Look, the agent called a tool."
That was impressive in 2023.
In production, the question is:
Did it call the right tool, at the right time, under the right policy, with recoverable evidence?
Testing a simple https://t.co/kji696MjrL scenario:
500 synthetic customers
4 cohorts
1 workflow change
baseline vs proposed comparison
replayable failure evidence
The goal is not to prove the AI "works."
The goal is to find who gets hurt before production.
The dangerous part of AI agents is not the chat interface.
It's when they touch APIs, workflows, customer records, policy decisions, escalation paths, and financial outcomes.
At that point, testing prompts is not enough.
Question for MCP builders:
What is the most underbuilt layer right now?
Auth, permissions, observability, deployment, evals, policy controls, or tool discovery?
Building https://t.co/kji696MjrL is forcing me to separate two things:
1. Testing the agent
2. Testing the business consequence
Most eval tooling focuses on #1.
I think the bigger enterprise budget will be in #2.