Decades-old software management techniques outperform purpose-built AI oversight frameworks, at least for catching backdoors in code.
Researchers tested whether constraints borrowed from human engineering teams - access control, network policies, enforced coding conventions - could improve how well a small AI model audits code written by a larger coding agent. Using Gemma 4 e4b as the reviewer, they seeded a Python codebase with 11 backdoors and measured recall. Without constraints, the model caught roughly half of them (54.5%). With a constrained substrate and a roughly 200-line docs command-line tool, recall jumped to 90.9%. Both the constraints and the tooling contributed independently, meaning neither alone explains the improvement.
The core argument is an economic one: agentic scaffolding built specifically for AI oversight burns tokens and adds complexity, while access controls and linting conventions already exist and cost almost nothing to extend. Python was chosen as the test case precisely because it offers the fewest compile-time guarantees, so the oversight gains are largest. The authors note the same principles apply to more structured languages like Rust, where the baseline is already higher.
The timing is pointed. As coding agents become standard in professional software pipelines, the industry is debating how to keep a human meaningfully in the loop without slowing everything down. This paper's implicit message: the answer was already in the engineering playbook, and the AI industry largely ignored it.