arrow_backBack to news feed
AI AgentsPublished: July 6, 2026

Short Leash AI Coding: Expert Human Oversight Beats Fable 5 in Security-Critical Software

Reported by llmdb News Desk

Executive Summary

"okTurtles publishes a method using AI agents under tight human control, outperforming Fable 5 models in code quality for security-critical systems."

Background & Context§

The promise of AI coding agents—autonomous systems that write, review, and maintain software—has been hyped by startups and big tech alike. Yet for security-critical systems, where a single bug can have catastrophic consequences, the reality often falls short. Greg Slepak of okTurtles, a protocol developer and maintainer of security-critical software, has spent over a year researching how to responsibly harness AI agents for high-quality code. His findings culminate in the "short leash method," a disciplined approach that prioritizes human expertise over AI autonomy. This method is designed for expert developers whose skills surpass frontier models like Fable 5 in niche domains, challenging the narrative that AI can replace human engineers.

The News: What Happened Exactly§

In a July 2026 blog post on okTurtles.org, Slepak distills his year-long research into a practical framework for using AI agents to produce Fable-beating software—code that surpasses state-of-the-art AI models in quality. The core insight is that treating AI as an autonomous coder leads to "slop": code that works but is inefficient, ugly, and prone to hidden errors. Slepak explicitly criticizes popular YouTuber workflows involving "12 parallel agents managed by an orchestrator," calling them "vibe coding"—a process where developers disengage, allowing AI to write and review its own output. He argues this is acceptable only when quality is irrelevant.

Instead, the short leash method mandates that a human developer remain tightly in control of every step. The developer treats the AI as a tool akin to a linter for common mistakes, while the human handles higher-level reasoning, directional changes, and structural soundness. Crucially, any pull request (PR) submitted by a human using AI assistance must be reviewed by that human as if it were written by someone else—line by line—before it can be approved. This builds and demonstrates the developer's understanding of the codebase, countering the erosion of skills that comes from over-reliance on AI.

Slepak emphasizes that this method does not require frontier models; it works with any AI agent. He notes that AI models cannot "think beyond their training data," making them particularly weak in niche areas with sparse training coverage. By enforcing a human-in-the-loop review process, the short leash method achieves higher quality than either human-alone or AI-alone reviews. okTurtles has codified this into an official AI Usage Policy, which requires all AI-assisted code to undergo human review before merging.

The post also reveals that Slepak maintains a custom fork of the AI coding agent Crush and has built internal AI review tools matching the performance of multi-billion-dollar systems. This infrastructure supports the short leash workflow, but the principle remains accessible to any expert developer.

Historical Parallels & Similar Incidents§

The short leash method echoes earlier debates in software engineering about the limits of automation. A prominent parallel is the 2018 controversy around Microsoft's AI-powered "IntelliCode" for Visual Studio. IntelliCode used deep learning to suggest code completions and entire method implementations. Early adopters reported productivity gains but also noted that the AI frequently produced subtly incorrect code—especially in domain-specific or legacy codebases. Microsoft recommended that developers treat IntelliCode suggestions as "first drafts" and always review them manually. This mirrors Slepak's call to treat AI-generated code as needing human vetting, but the short leash method goes further by making the human responsible for the entire PR narrative.

Another historical precedent is the rise of static analysis tools like Lint and SonarQube in the 2000s. These tools automated the detection of common bugs and style violations, but they never replaced the human code reviewer. Similarly, GitHub's Copilot (launched 2021) was marketed as a productivity booster, yet studies showed that developers using Copilot accepted suggestions over 40% of the time without verification, leading to more buggy code in some cases. Slepak's method inverts this trend by enforcing systematic review, treating AI as a enhanced linter rather than a replacement.

What sets the short leash method apart is its explicit rejection of the "agent autonomy" paradigm. While previous solutions like IntelliCode or Copilot kept the human in control by design, the current wave of AI agents—exemplified by Crush, Devin, and others—aim to minimize human intervention. Slepak's research directly challenges this trajectory, arguing that for high-quality software, the human must remain the architect and final authority. This is especially critical in security-critical contexts, where the cost of failure is unacceptable.

From a technical standpoint, the short leash method aligns with best practices in formal verification and high-assurance software. For decades, industries like avionics and medical devices have used human-led code reviews supplemented by automated tools. Slepak brings this rigor to the AI era, showing that even when models achieve superhuman performance on benchmarks, expert humans must still own the process.

The lesson is clear: AI will not replace expert developers; instead, it will augment them—provided the developers maintain a short leash. As Slepak notes, the human must understand every line they submit, which is impossible with autonomous agents. This stands as a cautionary tale for companies rushing to replace engineers with AI, and a practical roadmap for those committed to quality.

SHARE NEWS: