Skip to content
OTFotf
All posts

AI in Software Development: From Pilots to Production

D
DaveAuthor
6 min read
AI in Software Development: From Pilots to Production

At WeAreDevelopers World Congress 2026, 15,000 developers and tech leaders packed CityCube Berlin to swap one question for another. Last year the room asked "can AI ship software?" This year it asked "how do we ship it well, securely, and at scale?" That's the most useful thing an industry event can report — not a new model, but a shift in what the room is willing to argue about.

The shift is real, and 15,000 people just signed off on it

From July 8–10, 2026, more than 500 speakers took the mainstage. Germany's Federal Ministry for Digital Transformation and Government Modernisation sent Federal Minister Dr. Karsten Wildberger to talk about Europe moving "from being a user of technology to becoming a global shaper of it." Executives filled closed-door sessions on AI infrastructure, digital sovereignty, and the redesign of engineering orgs. The signal wasn't subtle.

Sead Ahmetovic, CEO and Co-Founder of WeAreDevelopers, framed the year-over-year change in one breath: "Last year, much of the industry was still asking itself what could be built with AI. We saw pilots, prototypes and concepts. This year, we saw working production stories: real systems, real users, real failures, real numbers. As an industry, we have moved from asking whether we can do this to asking how we do it well, securely, and at scale."

"Working production stories" is the line worth sitting with. The demos are over. The questions have moved from "can the model write a function?" to the operational ones that follow the moment an agent starts pushing code: how do you evaluate its output, how do you secure autonomous workflows, how do you preserve context across a long run, how do you operate the infrastructure, how do you align teams around it, and how do you keep human judgment in the loop.

What production AI actually looks like in 2026

The Berlin program was built around six operational questions, not capability demos. Every one of them is something a senior engineer shipping AI-written code to real users has been solving in private:

  • Evaluating outputs when the model is the author
  • Securing autonomous workflows that touch real infrastructure
  • Preserving context across multi-step agent runs
  • Operating the infrastructure those agents depend on
  • Aligning human teams around agent-driven pipelines
  • Maintaining human judgment as the last line of defense

the developer's job has shifted from typing lines of code to defining intent, judging outp

Thomas Pamminger, CPO and Co-Founder of WeAreDevelopers, put the role shift plainly: "When agents take over the writing of code, understanding the system becomes the developer's real job. The value shifts from typing lines to defining intent, judging output and designing how humans and agents work together. That is changing what companies need from their engineers."

Translation: typing was a proxy for understanding. When the agent types, understanding is the whole job.

11 production screens. Login, database, payments — all wired.

The SaaS Dashboard Kit ships everything already connected. Nothing to set up. Live demo at saas.otf-kit.dev.

See the live demo

How to actually use this today

You don't need a Berlin conference ticket. The shape of the production-AI stack is already in your editor. Three concrete moves that match what the congress was arguing about:

1. Pick one agent and use it for a real feature, not a demo. Cursor, Claude Code, or a self-hosted variant — any of them will do. The point isn't the model, it's the loop: write a spec, run the agent, review the diff, ship. Then do it again. The repetition is what teaches you where it lies to you.

# a runnable loop you can drop into your repo
git checkout -b feat/auth-flow
claude "Add a passwordless email-OTP flow.
        Store is Postgres. Write the migration, the API
        handler, and the email template. Add tests."
git diff --stat
git push -u origin feat/auth-flow

2. Build the evaluation layer before you trust the output. The number-one thing the production-AI crowd in Berlin kept returning to was output review. Treat it like code review at PR time: every agent-produced diff gets a checklist. "Does it match the spec? Did it invent a dependency? Does it touch auth or billing?" If you can't answer those in 60 seconds, the diff doesn't land.

3. Add an observation layer. You can't secure what you can't see. A structured log of agent run · prompt · model · tool calls · exit code is enough to debug the first production incident. Without it, you'll be reading Slack screenshots at 2am.

None of this is theoretical. Teams shipping AI-written code to real users in 2026 are running this loop today.

Where AI in production still bites: security, compliance, and the parts you can't vibe-check

The Berlin program kept circling two failure modes: untrusted output and unobservable runs. Both get worse the moment an agent is allowed to push code, not just suggest it.

A real production system has a real threat model. An agent that can read your repo, run a build, and call your cloud provider is a supply-chain vector. The model can be prompt-injected via a file it reads, via a comment on a PR it reviews, or via a tool description it ingests. The same prompt-injection surface that plagued chatbot deployments is now inside your CI loop.

Compliance isn't far behind. If an agent touches code that ships to a regulated environment — medical, financial, anything under GDPR or its peers — the audit trail matters. Who approved this diff? What model wrote it? What data did the prompt contain? When the model that wrote the code lives in one jurisdiction and the data it learned from lives in another, the audit trail is a regulatory headache, not just a DevOps one. That's a big part of why Wildberger's mainstage slot was about European digital sovereignty, not just procurement.

production AI loop — spec → agent run → diff review → flagged deploy → observation log → e

The operational answer isn't "don't use AI." It's "treat the agent like a junior engineer with root access, and instrument accordingly."

The part that doesn't change when the model does

Here's the honest OTF angle, and it sits in the last beat on purpose.

Models churn. The agent that wrote your last feature will be a footnote in 18 months. The tool that's 10× cheaper this quarter will be undercut next quarter. The conference program in Berlin knew this — every operational question on the mainstage was about the durable layer underneath the model: the system you build, the conventions you enforce, the components that have to look and behave the same on every surface your product touches.

model-driven code that rewrites itself on every swap vs components that survive every mode

That's the part OTF exists to own. The output — a card, a form, a settings screen, a chart — has to ship to web, iOS, and Android from one source of truth. When the model that generated the code changes, that output should not have to be rewritten. The same component, on the same API, in the same package, behaves the same on every platform. Convention beats configuration; the system outlives the model.

Use the agent. Trust the loop. But build the layer underneath it the way the Berlin crowd is now building it: with components, conventions, and observation, not with vibes. The agents in 2026 are better than the ones in 2025, and the ones in 2027 will be better still — but the surface your users actually touch is the same surface you have to ship today, and the part that survives every model swap is the part worth owning.

ai-toolsarchitecturedesign-system
OTF SaaS Dashboard Kit

Ship the product, not the setup.

  • 11 production screens — auth, billing, team, analytics, settings
  • Real database, payments, and login — all wired on day 1
  • AI configs pre-tuned so your agent extends instead of regenerates