What Tech Executives Need to Know About Working With LLMs

AI does not fit into business‑as‑usual software delivery. It forces a fundamental shift in how leaders must think about systems, risk, and responsibility. This piece is written for people who manage software engineers and need a clear view of both the enormous leverage and the very real exposure that LLMs introduce.

LLMs are not deterministic components. They behave like probabilistic systems with failure modes that do not exist in traditional software. They can hallucinate, drift, invent structure, or confidently produce incorrect output. Retrieval‑augmented generation (RAG) helps, but it only shifts risk, it does not eliminate it. Retrieval quality, document governance, and context integrity all become part of the system’s reliability.

LLMs are not deterministic components

LLMs behave probabilistically because they generate each token by sampling from a probability distribution rather than executing fixed rules. Even with identical inputs, internal settings, and prompts, the LLM's statistical model can choose different high‑probability tokens on different runs. This means the output is never guaranteed to be identical, and the system cannot be treated like a function with stable, repeatable behaviour.

LLMs introduce failure modes that do not exist in traditional software

Traditional software fails when logic is wrong, data is missing, or inputs violate assumptions. LLMs fail in ways that come from their statistical nature.

LLMs can produce outputs that are statisticaly plausible but false because they are optimising for likelihood, not truth.

They can drift from schemas or formats because they do not "understand" structurei, they match to patterns. And this match is probabilistic. It is not guaranteed to be the same over two runs.

They can assert capabilities they do not have because they are predicting what an answer should sound like. And a prediction may be wrong.

They can contradict themselves because each token is a separate probabilistic decision, not a globally consistent plan.

None of these are bugs. They are how LLMs work.

If this is useful, the free newsletter goes deeper. It is written for people who follow this work closely, and it includes pieces that never appear on the site. Subscribe

What Tech Executives Need to Know About Working With LLMs

1. LLMs Are Not Deterministic Components

The probabilistic nature of LLMs means their unpredictabile nature must be managed with controls. It cannot be assumed away.

2. LLMs Introduce New Failure Modes

LLMs can hallucinate facts, invent sources, drift from schemas, or claim abilities they do not have. They can produce confident but incorrect reasoning. Traditional QA does not cover these risks.

3. RAG Changes Risk, It Does Not Remove It

RAG improves factual grounding but adds new dependencies. Retrieval quality, document governance, citation accuracy, and context integrity all affect system behaviour. The data pipeline becomes part of risk management.

4. Compliance Exposure Is Direct and Material

LLM outputs can violate data protection laws, sector regulations, copyright rules, safety standards, and consumer protection laws. Because outputs vary, violations can occur without warning. LLM output is regulated content.

LLM output is considered regulated output because, once it leaves the model and enters your organisation’s systems, it becomes functionally indistinguishable from any other content your company produces. Regulators do not care that it was generated by an LLM. They care about its effects.

5. Statutory Liability Extends Beyond the Model

Liability arises from incorrect outputs, harmful content, decisions made using LLM results, missing audit trails, and weak oversight. The organisation, not the LLM vendor, carries the exposure.

6. Governance Must Be Built Into the Architecture

Systems must include identity constraints, capability boundaries, output format rules, grounding controls, citation rules, safety layers, audit logs, and drift monitoring. Governance is a technical requirement, not a policy document.

7. Evaluation Requires a Dedicated Function

Evaluation must cover schema checks, grounding fidelity, safety tests, reasoning quality, adversarial probing, and drift tracking. This work is continuous and specialised. It cannot be handled ad‑hoc in a compliant way by busy software engineers.

8. Vendor Models Do Not Remove Responsibility

Using a third‑party model does not transfer risk. Your organisation is responsible for outputs, data handling, integration behaviour, and controls. Outsourcing the model is not outsourcing the risk.

9. LLM Systems Must Be Treated as Regulated Infrastructure

LLMs influence decisions, customer interactions, internal processes, and public content. They must be governed like any regulated system with clear controls, auditability, and oversight.

10. Strategic Direction: Build Capability, Not Experiments

Executives should invest in controlled architectures, evaluation teams, compliance‑aligned processes, clear ownership of AI risk, continuous monitoring, and safe scaling. LLM adoption is an organisational capability, not a series of pilots.

Conclusion

LLMs introduce technical, operational, and regulatory risks that cannot be managed through normal development practices. Their behaviour is probabilistic, their failure modes are unique, and their outputs carry direct compliance and statutory exposure. The organisation must respond with structured controls, continuous evaluation, and clear ownership.

Actions for Tech Executives

  • Treat LLMs as high‑risk components that require strict controls.
  • Mandate architectural layers for identity, boundaries, and format.
  • Require governance of the retrieval pipeline in all RAG systems.
  • Classify all LLM output as regulated content with compliance review.
  • Establish audit trails, traceability, and runtime enforcement.
  • Create a dedicated AI evaluation team with ongoing responsibility.
  • Integrate legal, risk, and compliance into the development lifecycle.
  • Do not rely on vendors for safety or liability protection.
  • Govern LLM systems like regulated infrastructure, not experiments.
  • Invest in long‑term capability: controlled architecture, monitoring, and safe scaling.

Take Away

LLM adoption is not a feature. It is an organisational commitment that requires governance, evaluation, and cross‑functional oversight. These actions are the minimum required to deploy AI systems safely and responsibly at scale.

Related Work

If this was useful, you can get more pieces like it in the Phroneses newsletter.

Subscribe →

\