The CTO's Field Guide to AI-Native Engineering
The five practices that turn ungoverned AI adoption into an organisational capability — read it in the time it takes to fly Lisbon to London.
The problem is not AI adoption. The problem is unstructured AI adoption.
Your team is already shipping AI-generated code. Almost none of them are governing it. That gap is where the next incident lives.
of engineering teams use AI coding tools
have any formal AI governance
of AI-generated code fails security tests
Eight sections. One sitting.
The problem is not AI adoption
Why the risk is unstructured adoption, not AI itself — and what that reframes.
Anatomy of an AI failure
The three missing gates — Authority, Trust boundary, Verification — behind the headline incidents.
Why methods beat tools
A policy is a document; a method is a repeatable, measurable practice that holds under velocity.
The CRAFT framework
The five practices and the non-negotiable order that turns them into a dependency chain.
A one-page briefing per practice
Curate, Refine, Architect, Fortify, Test — what each governs, on a single page each.
Diagnose your org
The five maturity archetypes, from Ad-Hoc to AI-Native — and how to place yourself.
The window
The two 2026 clocks — the EU AI Act deadline and the insurance shift — and why they are architectural.
Your next step
The shortest path from reading to measuring: scorecard, then diagnostic.
See it before you gate it.
Authority
What is the AI actually allowed to change — and who decided? Most failures start where nobody set the boundary.
Trust boundary
What can the AI read, touch, and be trusted to act on? Unbounded context is unbounded blast radius.
Verification
What proves the output is correct before it ships? Without a gate, "it compiled" becomes the only test.
If you do one thing this quarter, make the order non-negotiable. Skipping a practice never saves time — it moves the failure downstream, where it costs more.
Read this if you're a CTO who…
…just discovered your team is shipping AI-generated code with no gates in front of it.
…can't answer "how much of our code did AI write, and who reviewed it?"
…need to walk into a board meeting with a plan, not a panic.
…know the EU AI Act is coming and aren't sure your architecture can prove compliance.
It best serves the earliest maturity archetypes — The Ad-Hoc Org (0–20) and The Individual Champions (21–40) — where the method delivers the fastest change.
CRAFT Method wasn't designed in a boardroom. It was forged in production.
It was forged by building production software with AI, every day, for months. FIKR Space — eleven integrated products, built solo plus AI — is the live proof point.
EU AI Act high-risk obligations enforceable
Article 12 logging is architectural, not retrofittable. If it isn't built in, it isn't there when the audit arrives.
Insurance exclusions for generative-AI claims live
The financial backstop for AI-introduced defects is narrowing. The liability is moving onto the balance sheet.
The decision is yours. The clock is not.
Before you ask.
Is this really free?
Yes. The Field Guide is a free download in exchange for your email. You'll get the PDF instantly and the occasional field note — unsubscribe anytime, and we never share your email.
Who is it for?
CTOs, VPs of Engineering, and Heads of Engineering at organisations with 20+ engineers already using AI to write code. It best serves the Ad-Hoc and Individual Champions archetypes, where the method delivers the fastest change.
Is CRAFT Method tied to a specific AI tool?
No. CRAFT Method is tool-agnostic. It governs how any AI coding assistant is curated, refined, architected, fortified, and tested — whether that is Claude, Copilot, Cursor, or whatever ships next.
What's the Enterprise Diagnostic?
125 questions across all five practices, plus a 30-minute live debrief with Luis Gonçalves. It's free during the 2026 launch period. The Free Scorecard (25 questions, 5 minutes) is always free.