Amazon requires senior sign-off for AI-assisted code changes

Amazon is tightening controls on AI-assisted code changes after a run of outages in its retail systems, requiring more senior engineers to sign off on changes made with generative AI tools. According to the Financial Times, the company convened a “deep dive” meeting this week after “a trend of incidents” in recent months that internal notes described as having a “high blast radius” and involving “Gen-AI assisted changes.”

The immediate fix is managerial: move approval power upward. In an email seen by the FT, senior vice-president Dave Treadwell told staff that availability “has not been good recently,” and that junior and mid-level engineers will need senior sign-off for AI-assisted changes. That shift matters because generative tools are being rolled out as a speed multiplier—more code shipped, faster—but the cost of mistakes still arrives the old-fashioned way: incident response, customer impact, and reputational damage. A system that can generate changes quickly also expands the surface for subtle failures, and when those failures land in production, the people on call pay the price.

The pattern is not confined to Amazon’s retail storefront. The FT reports that Amazon Web Services has also had incidents linked to AI coding assistants, including a 13-hour interruption to a cost calculator in December after engineers allowed the company’s Kiro tool to make changes and it chose to “delete and recreate the environment.” Amazon previously characterised that event as limited, affecting only a single service in parts of mainland China, and said another incident did not affect a customer-facing AWS service. But even “limited” events become internal evidence in the argument over how much autonomy to grant tools that can act faster than review processes were designed to handle.

The result is a familiar corporate trade: acceleration produces its own counterweight in process. When deployment velocity rises, the organisation either accepts more downtime or builds new gates—sign-offs, checklists, escalation paths—so that responsibility is legible after the fact. The FT notes that some Amazon engineers have attributed a rise in high-severity incidents to job cuts, while the company disputes that link. Either way, fewer experienced hands and more automated output is a combination that tends to concentrate risk in the remaining senior staff, who become both the bottleneck and the accountable party.

Amazon’s website and shopping app were down for nearly six hours earlier this month after what the company described as an erroneous software code deployment. The new sign-off rule is being introduced as a way to prevent the next outage from being generated at machine speed.