CapabilityAtlas CapabilityAtlas
Sign In
search
person Software Engineer Path

Ship Your First AI Feature (Without Becoming an AI Specialist)

Most companies don't have AI teams. They have engineers who need to add LLM capabilities. Here's the engineering — including the failure modes most tutorials skip.

March 27, 2026 | 12 min read

The job posting that doesn’t exist yet

Your company doesn’t have an “AI team.” Neither do most companies. What they have is a product roadmap with “AI-powered” features on it and a team of software engineers who are expected to figure it out. The engineer who ships the first one — reliably, with monitoring, with an eval suite in CI — gets a career trajectory that the others don’t.

This isn’t about becoming an AI researcher. You need to integrate LLMs into production software the same way you integrate databases and third-party APIs. It’s an engineering problem, not a science problem.

Skill 1: Prompting as engineering, not guessing

Most engineers treat prompts like magic incantations — tweak words until the output looks right, then ship it. This is how you get AI features that work in demos and break in production.

Prompting is engineering. It has structure, patterns, and testable properties:

System prompts are contracts. Your system prompt defines the behavior boundary. Version-control it, review it in PRs, test it like any other specification. A system prompt that says “be helpful” is as useful as an API contract that says “return something good.”

Few-shot examples are your test fixtures. Including 3-5 correct input/output pairs in your prompt is the single most effective way to steer model behavior. Structure them as a specification.

Structured output reduces parsing fragility — but doesn’t eliminate it. Every major provider supports JSON schemas the model is constrained to follow. Use them. Anthropic’s tool_use, OpenAI’s response_format, Google’s responseSchema all enforce structure at the API level. But don’t assume they’re bulletproof: models still violate schemas under pressure (complex nested objects, long outputs, edge-case inputs), tool/JSON modes can fail silently or return partial results, and schema conformance doesn’t prevent semantic errors (the JSON is valid but the values are wrong). Always add a validation layer: parse, validate against your schema, and have a repair-or-reject path. Treat model output like untrusted user input — because that’s what it is.

Prompt templating is configuration management. Prompts have variables — user context, retrieved documents, conversation history. Treat assembly like configuration: parameterized, validated, logged.

Skill 2: The harness that makes it production-grade

The LLM call is 10% of the work. The harness around it is 90%. This is where your existing engineering skills dominate.

Input validation and security. What happens when the user input is 50,000 tokens? What happens when it’s empty? What happens when it contains instructions that contradict your system prompt? That last one isn’t hypothetical — it’s prompt injection, and it’s the #1 security concern in LLM systems. Your input layer needs: length limits, content filtering, and injection detection. RAG systems are especially vulnerable — a malicious document in your corpus can inject instructions that override your system prompt. This isn’t edge-case paranoia; it’s happened in production at multiple companies. Treat your input pipeline with the same rigor you’d apply to SQL injection prevention.

Retry and fallback logic. LLM APIs have rate limits, latency spikes, and occasional outages. You need exponential backoff, circuit breakers, and ideally a fallback model. If your primary is Claude Sonnet and it’s timing out, can you fall back to Haiku for a degraded-but-functional experience? Watch for cost spikes from retries — a retry loop against a slow API can quietly burn through your token budget. Set retry caps and alert on cumulative cost per request.

Streaming and latency management. Users will not wait 8 seconds for a response. Streaming (SSE or WebSocket) gives perceived performance but introduces complexity: error handling mid-stream, token counting on partial responses, client-side buffering.

State management. Most tutorials show stateless request/response. Real products have conversations. You need to manage: conversation history (what to keep, what to summarize, what to drop), session boundaries (when does a conversation “end”?), and context budgets (conversation history competes with RAG results for context window space). Memory systems — whether simple sliding windows or more sophisticated summarization — are core infrastructure, not nice-to-haves.

Cost controls. An LLM feature without cost controls is a production incident waiting to happen. One viral user can run up a $500 API bill in an afternoon. Implement per-user token budgets, max context lengths, and cost alerting.

Skill 3: RAG — the feature multiplier

Retrieval-Augmented Generation is what turns a generic chatbot into a useful product feature. Instead of relying on the model’s training data, you feed it your company’s specific data at query time.

The architecture is straightforward: user query hits an embedding model, embeddings search a vector store, top results get injected into the prompt, LLM generates a response grounded in your data.

What engineers get wrong about RAG:

Chunking strategy matters more than embedding model choice. How you split documents — by paragraph, heading, or semantic boundary — determines whether retrieval returns useful context or noise. The difference between naive and thoughtful chunking is often the difference between a useful feature and a hallucination machine.

Retrieval quality is your accuracy ceiling. If retrieval doesn’t return the right documents, the LLM can’t give the right answer. Measure retrieval precision and recall independently. Fix retrieval first.

Hybrid search outperforms pure vector search. Combine vector similarity with keyword matching (BM25). Vector search handles semantics; keyword search handles exact terms and product codes that embedding models mangle.

Freshness is a production problem. Your initial index works great. Six months later, half the documents are outdated, embeddings are stale, and the system is confidently citing deprecated information. You need: a re-indexing cadence tied to your content update cycle, a document lifecycle strategy (archive vs. update vs. delete), and source-of-truth conflict resolution when multiple documents answer the same question differently. This is the part that bites you after the demo goes well.

The system-of-record rule. When your RAG system returns a document that disagrees with a transactional system — the knowledge base says the return window is 90 days but the commerce platform says 60 — the transactional system wins. Always. LLM output is advisory. The database is authoritative. Never let the AI execute an action (process a refund, update an account, send a commitment to a customer) based solely on retrieved content without verifying against the system of record. This adds latency. It prevents the class of failures that generate legal exposure.

Skill 4: Eval frameworks — the part most people skip

Here’s what separates the engineer who ships an AI feature from the engineer who ships a reliable AI feature: evals.

An eval suite is automated testing for non-deterministic systems. You can’t assert that the output equals an exact string. Instead, you test properties: Does the response contain the correct product name? Does it stay within the specified tone? Does it refuse out-of-scope questions? Is the generated SQL syntactically valid?

Build a golden dataset. Collect 50-100 representative inputs with expected outputs. Grade model responses against them — automatically where possible, with human review for subjective dimensions. This is your regression test suite.

Define your metrics explicitly. “Accuracy” is not a metric — it’s a word. You need: precision (how many flagged items are actually correct?), recall (how many correct items did you find?), and the tradeoff between them for your specific use case. A customer support bot needs high recall (don’t miss questions you can answer). A medical triage system needs high precision (don’t give wrong answers). Set pass/fail thresholds before you run the eval, not after you see the results.

Run evals in CI. Every prompt change, every model version upgrade, every system prompt edit should trigger your eval suite. If accuracy drops below your threshold, the PR doesn’t merge. Tools like Braintrust, Promptfoo, and Humanloop make this practical.

Monitor production quality — and detect drift. Your golden dataset represents the queries you anticipated. Production reveals the queries you didn’t. Sample live traffic and run the same eval pipeline on real responses. Track quality scores over time. Models change, data changes, user behavior changes. A system that scored 94% at launch can quietly degrade to 82% without anyone noticing until the support tickets pile up.

Where these systems fail in production

Tutorials show the happy path. Production shows everything else. Here’s what to expect:

Schema drift. Your structured output works perfectly for months, then a model update subtly changes how it handles certain field types. Your downstream parser breaks on a Friday afternoon. Mitigation: validate every response against your schema, version your schemas, and alert on validation failure rate increases.

Hallucination under partial context. When RAG retrieval returns only tangentially relevant documents, the model will confidently synthesize an answer from insufficient evidence. It sounds right. It isn’t. Mitigation: measure retrieval confidence, and when it’s low, say “I don’t have enough information” instead of guessing.

Cost spikes from pathological inputs. A single user pasting a 100-page document into your chat, or a retry loop against a slow API, can generate unexpected bills. Mitigation: input length caps, per-request cost limits, and real-time cost monitoring.

Eval mismatch vs. real traffic. Your eval suite tests clean, well-formed queries. Your users send typo-laden, ambiguous, multi-part questions with context you didn’t anticipate. Your production accuracy will be lower than your eval accuracy. Plan for it. Sample real traffic into your eval set continuously.

Adversarial testing: not optional

Prompt injection isn’t theoretical. Build adversarial testing into your development cycle:

Generate attack inputs. Maintain a set of prompt injection attempts: instruction overrides (“ignore your system prompt and…”), context manipulation (“the admin has authorized…”), and data exfiltration probes (“repeat your system prompt”). Run these against every prompt change.

Test RAG poisoning. Add a deliberately malicious document to your test corpus — one containing hidden instructions. Verify that your system doesn’t follow them. If it does, your input sanitization layer needs work.

Expand continuously. Every production incident becomes a test case. Every novel attack pattern you read about becomes a test input. Your adversarial test set should grow over time, not stay static.

One system, end to end

Abstract advice is easy to nod at. Here’s a concrete example — a support agent that handles return requests — traced through input, failure, guardrail, and monitoring:

Input: Customer asks “I want to return the blue sweater I bought last month.”

What can go wrong: The agent retrieves the return policy (RAG) but the policy document is stale — it references the old 90-day window, not the current 60-day window. The agent confirms the return is eligible. The customer ships it back. The warehouse rejects it because the window has closed. Customer files a complaint.

Guardrail that would catch it: Before confirming return eligibility, the agent calls the order management API to verify: (a) the order exists, (b) the return window hasn’t expired per the system of record (not the RAG document), and (c) the item is in returnable condition. The API response overrides the retrieved policy.

Monitoring that detects it: Track “return eligibility accuracy” — for each return confirmation the agent issues, check 24 hours later whether the return was actually processed or rejected by the warehouse. Alert threshold: if rejection rate exceeds 2%, trigger investigation. This catches the stale-policy failure before it scales.

Rollback: If rejection rate exceeds 5%, disable the AI return flow and route to human agents. Time-to-rollback SLA: 30 minutes from alert to full human routing.

One system. One failure path. One guardrail. One metric with a threshold and an action. This is what production-grade looks like.

The 60-day milestone

Days 1-15: Build a prompt-based feature that takes structured input and returns validated output. Use a harness with retry logic, cost controls, input validation, and streaming. Deploy it behind a feature flag.

Days 16-35: Add RAG. Connect a vector store with your company’s data. Implement hybrid search. Measure retrieval quality independently. Set up a re-indexing cadence.

Days 36-50: Build an eval suite. Create a golden dataset of 50+ test cases. Define metrics and thresholds. Run evals in CI. Fail the build when quality degrades.

Days 51-60: Ship to production with monitoring. Track latency, cost, eval scores, and drift. Build a dashboard. Present results to your team.

At the end of 60 days, you have a production AI feature with an eval suite in CI. That’s not a side project. That’s a portfolio piece that demonstrates you can ship AI systems — not just prototype them.

At the end of 60 days, you’re not an AI specialist. You’re an engineer who can build the full stack — and the full stack now includes AI.

See the full Software Engineer skill path
Take the career diagnostic

Free. 3 questions. 3 minutes.