AI does not fit into business‑as‑usual software delivery. It forces a fundamental shift in how leaders must think about systems, risk, and responsibility. This piece is written for people who manage software engineers and need a clear view of both the enormous leverage and the very real exposure that LLMs introduce.
LLMs are not deterministic components. They behave like probabilistic systems with failure modes that do not exist in traditional software. They can hallucinate, drift, invent structure, or confidently produce incorrect output. Retrieval‑augmented generation (RAG) helps, but it only shifts risk, it does not eliminate it. Retrieval quality, document governance, and context integrity all become part of the system’s reliability.
LLMs are not deterministic components
LLMs behave probabilistically because they generate each token by sampling from a probability distribution rather than executing fixed rules. Even with identical inputs, internal settings, and prompts, the LLM's statistical model can choose different high‑probability tokens on different runs. This means the output is never guaranteed to be identical, and the system cannot be treated like a function with stable, repeatable behaviour.
LLMs introduce failure modes that do not exist in traditional software
Traditional software fails when logic is wrong, data is missing, or inputs violate assumptions. LLMs fail in ways that come from their statistical nature.
LLMs can produce outputs that are statisticaly plausible but false because they are optimising for likelihood, not truth.
They can drift from schemas or formats because they do not "understand" structurei, they match to patterns. And this match is probabilistic. It is not guaranteed to be the same over two runs.
They can assert capabilities they do not have because they are predicting what an answer should sound like. And a prediction may be wrong.
They can contradict themselves because each token is a separate probabilistic decision, not a globally consistent plan.
None of these are bugs. They are how LLMs work.
What Tech Executives Need to Know About Working With LLMs
1. LLMs Are Not Deterministic Components
The probabilistic nature of LLMs means their unpredictabile nature must be managed with controls. It cannot be assumed away.
2. LLMs Introduce New Failure Modes
LLMs can hallucinate facts, invent sources, drift from schemas, or claim abilities they do not have. They can produce confident but incorrect reasoning. Traditional QA does not cover these risks.
3. RAG Changes Risk, It Does Not Remove It
RAG improves factual grounding but adds new dependencies. Retrieval quality, document governance, citation accuracy, and context integrity all affect system behaviour. The data pipeline becomes part of risk management.
4. Compliance Exposure Is Direct and Material
LLM outputs can violate data protection laws, sector regulations, copyright rules, safety standards, and consumer protection laws. Because outputs vary, violations can occur without warning. LLM output is regulated content.
LLM output is considered regulated output because, once it leaves the model and enters your organisation’s systems, it becomes functionally indistinguishable from any other content your company produces. Regulators do not care that it was generated by an LLM. They care about its effects.
5. Statutory Liability Extends Beyond the Model
Liability arises from incorrect outputs, harmful content, decisions made using LLM results, missing audit trails, and weak oversight. The organisation, not the LLM vendor, carries the exposure.
6. Governance Must Be Built Into the Architecture
Systems must include identity constraints, capability boundaries, output format rules, grounding controls, citation rules, safety layers, audit logs, and drift monitoring. Governance is a technical requirement, not a policy document.
7. Evaluation Requires a Dedicated Function
Evaluation must cover schema checks, grounding fidelity, safety tests, reasoning quality, adversarial probing, and drift tracking. This work is continuous and specialised. It cannot be handled ad‑hoc in a compliant way by busy software engineers.
8. Vendor Models Do Not Remove Responsibility
Using a third‑party model does not transfer risk. Your organisation is responsible for outputs, data handling, integration behaviour, and controls. Outsourcing the model is not outsourcing the risk.
9. LLM Systems Must Be Treated as Regulated Infrastructure
LLMs influence decisions, customer interactions, internal processes, and public content. They must be governed like any regulated system with clear controls, auditability, and oversight.
10. Strategic Direction: Build Capability, Not Experiments
Executives should invest in controlled architectures, evaluation teams, compliance‑aligned processes, clear ownership of AI risk, continuous monitoring, and safe scaling. LLM adoption is an organisational capability, not a series of pilots.
Conclusion
LLMs introduce technical, operational, and regulatory risks that cannot be managed through normal development practices. Their behaviour is probabilistic, their failure modes are unique, and their outputs carry direct compliance and statutory exposure. The organisation must respond with structured controls, continuous evaluation, and clear ownership.
Actions for Tech Executives
- Treat LLMs as high‑risk components that require strict controls.
- Mandate architectural layers for identity, boundaries, and format.
- Require governance of the retrieval pipeline in all RAG systems.
- Classify all LLM output as regulated content with compliance review.
- Establish audit trails, traceability, and runtime enforcement.
- Create a dedicated AI evaluation team with ongoing responsibility.
- Integrate legal, risk, and compliance into the development lifecycle.
- Do not rely on vendors for safety or liability protection.
- Govern LLM systems like regulated infrastructure, not experiments.
- Invest in long‑term capability: controlled architecture, monitoring, and safe scaling.
Take Away
LLM adoption is not a feature. It is an organisational commitment that requires governance, evaluation, and cross‑functional oversight. These actions are the minimum required to deploy AI systems safely and responsibly at scale.
Related Work
- LLM systems require layered safety and strong governance to operate safely in production.
- AI adoption is an organisational transformation.
- AI strengthens brands when it improves precision, consistency, and control.
If this was useful, you can get more pieces like it in the Phroneses newsletter.
Table of Contents
- LLMs are not deterministic components
- LLMs introduce failure modes that do not exist in traditional software
- What Tech Executives Need to Know About Working With LLMs
- 1. LLMs Are Not Deterministic Components
- 2. LLMs Introduce New Failure Modes
- 3. RAG Changes Risk, It Does Not Remove It
- 4. Compliance Exposure Is Direct and Material
- 5. Statutory Liability Extends Beyond the Model
- 6. Governance Must Be Built Into the Architecture
- 7. Evaluation Requires a Dedicated Function
- 8. Vendor Models Do Not Remove Responsibility
- 9. LLM Systems Must Be Treated as Regulated Infrastructure
- 10. Strategic Direction: Build Capability, Not Experiments
- Conclusion
- Related Work
- Table of Contents