An AI model generated plausible but false structured output that nearly entered a production knowledge graph. The response wasn't a policy — it was an architecture. Every AI extraction lands in a staging layer. Nothing reaches production state without human authorization. That constraint is enforced at the database schema level, the API validation layer, and the session authentication layer simultaneously.

Before a single message reached the field, I resolved the foundational legal question that determines everything downstream: lapse situation or never-compliant situation? Those aren't points on a spectrum — they're categorically different legal postures with different False Claims Act exposure. Getting that distinction wrong doesn't cost the campaign. It creates liability for the client.

A prior version of this platform failed from accumulated small issues that went undetected until they compounded. The v6 response: a 106-issue register spanning 11 categories — schema, auth, commission logic, quota attainment, concurrency, permissions — identifying every blocker at the specification level. All 8 blockers cleared before sprint one. This is not vibe coding. This is systems design and risk mitigation with a clear understanding of threat vectors.

The AWS relationship didn't start at Coalfire. It started at Anitian — building the FedRAMP and GovCloud motion with the same AWS field teams and partner ecosystem that later made me a recruitment target. Alert Logic extended it. Coalfire brought it to its most structured form. Same players. Same motion. Compounding across a decade.