← FIELD NOTES
AI-NATIVE DEVELOPMENT

What Is AI-Native Development? The CRAFT Method

By Luis Goncalves·7 min read·Jun 9, 2026

AI-native development means building software with AI under a method, not ad hoc. ~90% of teams use AI, only 32% govern it — the CRAFT Method closes the gap.

AI-native development is the practice of building software with AI as a governed, first-class part of the engineering process — not an ad-hoc add-on. It replaces individual improvisation with a repeatable method that an entire organisation can measure, audit, and report on.

The distinction matters because adoption is already universal and governance is not. Roughly 90% of engineering leaders say their teams use AI, but only 32% have formal governance in place (Cortex 2026). Your team is already using AI to write code. The only question left is whether they are doing it with a method, or without one.

What is AI-native development?

AI-native development treats AI not as a feature bolted onto an existing workflow, but as the substrate the workflow is built on. In an AI-native organisation, every team feeds AI the same quality of context, specifies work before generating it, enforces architectural patterns automatically, defends against AI-introduced risk in the pipeline, and tests output at gates calibrated for how AI actually fails. The capability is organisational, not individual — it survives when a star engineer leaves, and it produces the same standard across every team.

This is a different claim from "we use Copilot." Adoption is trivial: 84% of developers now use or plan to use AI tools (Stack Overflow 2025). What is hard, and what AI-native development actually names, is turning that adoption into a governable capability. Scrum structured agile delivery. AI-native development is what structures how software gets built when AI writes a large share of the code — and the CRAFT Method is the structured method for doing it.

AI-native vs AI-assisted: why the distinction matters

"AI-assisted" describes an individual developer getting help from a tool. "AI-native" describes an organisation whose entire development capability is designed around AI. The gap between the two is where the damage lives. Without a method, AI accelerates whatever your existing process produces — including its problems. The evidence is blunt: AI-generated code introduced security flaws in 45% of tasks across 100-plus models tested, rising to a 72% failure rate for Java (Veracode 2025). Incidents per pull request are up 23.5% in AI-heavy teams (Cortex 2026). And 80% of developers admit bypassing their organisation's AI code-security policies entirely (Snyk 2025).

The productivity story is no cleaner. In a pre-registered randomised trial, experienced open-source developers were 19% slower with AI tools — while reporting that they felt 20% faster (METR 2025). Without a method, an organisation cannot even tell whether AI is helping. Speed you cannot measure is not speed. It is motion.

The five practices of the CRAFT Method

The CRAFT Method structures AI-native development as five continuous practices, each a verb, each naming what an engineering organisation does rather than an artifact it buys. In canonical order:

PracticeWhat it governsCore artifacts
CurateCurate the context AI agents consumeAGENTS.md, CLAUDE.md, codebase intelligence, layered context
RefineRefine specs before AI generates codeProduct Requirement Prompts, acceptance criteria, traceability
ArchitectArchitect within governed patternsMachine-readable ADRs, policy-as-prompt, multi-agent code review
FortifyFortify against AI-introduced riskSBOMs, AIBOMs, dependency allowlists, continuous scanning
TestTest before AI shipsAdversarial test suites, blocking quality gates, feedback loops

Five practices, twenty-five sub-practices, one hundred and twenty-five assessment questions. The structure is deliberately fractal, so a five-engineer startup can adopt it at low resolution and a five-thousand-engineer enterprise at high resolution without the method changing shape. If you want to see where your organisation sits today, the Free Scorecard assesses the Curate practice in 25 questions and five minutes.

Why the order is a dependency chain, not an acronym

Curate, Refine, Architect, Fortify, Test is not alphabetical convenience. It is a dependency chain, and each practice weakens in proportion to the weakness of the one before it.

Curate enables everything. Without good context, Refine produces wrong specifications, Architect enforces patterns the AI never learned, Fortify scans for risks it does not know to avoid, and Test validates against assumptions that were never written down. Refine produces what Architect governs — vague intent cannot be bound to a pattern. Architect makes Fortify possible, because security at AI velocity has to be structural, not manual review. Fortify makes Test meaningful, because a change can pass every functional test while leaking a credential or importing a poisoned dependency. And Test closes the loop by feeding what it learns back into Curate, which is what makes the method compound rather than plateau.

This is why partial adoption — strong in one or two practices, weak in the rest — produces worse outcomes than coherent adoption across all five. A method is a set of practices that reinforce each other. Pull one out and the others hollow.

Why methods beat tools for governing AI coding

Every major technology shift in the last 80 years produced one thing that made it governable at scale: a method, not a tool. Lean for manufacturing. Agile and Scrum for software delivery. DevOps and DORA for operations. In each case, tools proliferated first and failed to close the gap, because the gap was never a tooling gap — it lived one layer up, in organisational practice.

AI coding tools are following the same script, only faster. Copilot, Cursor, Claude Code and Devin are commoditising on top of frontier models, and the vendor risk is concrete: Windsurf split three ways in 72 hours in late 2025. Meanwhile 70% of developers already run two to four AI tools at once (Pragmatic Engineer 2026), so any tool-locked playbook serves under a third of the market. A method is tool-agnostic — it bets on portable artifacts like AGENTS.md, now present in more than 60,000 open-source repositories, rather than on whichever editor wins this quarter. That is why AI governance for engineering teams has to be built on a method your tools plug into, not on the tools themselves.

The regulatory clock makes this urgent rather than theoretical. EU AI Act high-risk obligations become enforceable on 2 August 2026, and Article 12 automatic logging is architectural — you cannot retrofit it in 90 days. Generative-AI insurance exclusions have been live across general-liability, D&O and E&O policies since 1 January 2026 (Verisk CG 40 47/48), and underwriters now ask for governance evidence before they renew. "We bought tools and wrote a policy" is no longer an answer a board will accept.

The maturity path: from Ad-Hoc to AI-Native

The CRAFT Method plots an organisation on a five-stage maturity ladder, so the next move is always concrete:

  • The Ad-Hoc Org — AI used, nothing governed. Vibe coding at organisational scale.
  • The Individual Champions — a few strong engineers get 10x value; the rest struggle. Capability is a personality, not a practice.
  • The Emerging Framework — standards exist on paper, adoption is patchy.
  • The Structured Org — practices are enforced, measured, and reported. Where most organisations can realistically land within 6-12 months.
  • The AI-Native Org — every practice is native, automatic, and compounding.

Most teams taking the assessment today land at Ad-Hoc or Individual Champions, and that is fine — naming your starting point honestly is the first move toward Structured. The payoff is measurable: with structured practices, time-to-tenth-PR for new hires dropped from 91 days to 49 (DX 2025). To map your organisation across all five practices, the full Enterprise Diagnostic scores 125 questions and returns your archetype per practice — the detail behind the AI engineering maturity model.

Frequently asked questions

What does AI-native development mean?

AI-native development means building software with AI as a governed, first-class part of the engineering process rather than an ad-hoc add-on. It spans five practices — curating context, refining specs, architecting within patterns, fortifying against risk, and testing before shipping — so that AI adoption becomes an organisational capability you can measure and audit, not individual improvisation.

What is the difference between AI-native and AI-assisted development?

AI-assisted development describes an individual developer getting help from a tool. AI-native development describes an entire organisation designed around AI as its development substrate. The difference is governance: AI-assisted work is fast but unmeasured, which is how 45% of AI-generated code ends up failing security tests (Veracode 2025). AI-native work is fast and governed.

How do you govern AI coding across an engineering team?

You govern it with a method, not a policy document. The CRAFT Method makes AI output traceable to specs, enforces patterns automatically, builds compliance hooks such as EU AI Act Article 12 logging into the pipeline, and gates deployment on security and provenance — not just functional tests. Start by assessing your current maturity, then close the weakest practice first.

Is AI-native development just Scrum for AI?

No. Scrum structured agile delivery — how teams plan sprints and run standups. AI-native development structures how teams curate context, refine specs, architect patterns, fortify against risk, and test AI output. They operate at different layers, and most organisations will run both. Scrum says nothing about how a developer prompts an AI agent. The CRAFT Method does.

Your team is already using AI to write code. With a method, or without one?

Get your free score