Model safety is necessary, but it is not enough. A product can use a careful model and still be unsafe because the surrounding system has no memory of what happened, no ownership for failed steps, and no way to stop a bad action before it reaches the real world.
The practical work is less glamorous: permission gates for risky tools, durable logs that explain the path a generation took, rollback paths for automated changes, and clear escalation rules when confidence drops. These pieces decide whether a system degrades gracefully or creates a mess that no one can reconstruct.
I think of this as operational safety. It asks product questions as much as technical ones. Who is allowed to approve a tool call? What counts as a reversible action? Which failures should stop the workflow immediately? What does the user see while the system is uncertain?
The model will keep changing. The operational surface should get more boring over time. Boring, here, is a compliment: fewer surprises, more explicit contracts, and systems that know when to ask for a human instead of improvising authority.