Why AI in the enterprise demands more platform engineering | Weave Intelligence

As enterprises race to deploy AI agents and empower citizen developers, the platform engineering discipline is experiencing a dramatic expansion in scope and importance. What began as a journey to streamline developer experience and infrastructure automation has evolved into the critical foundation for AI-driven transformation at scale. If your internal developer platform isn't built to handle agents, citizen developers, and AI-generated code at volume, it's already falling behind.

Main insights

• Platform engineering maturity directly enables enterprise agility - SIXT's decade-long platform investment allowed them to launch a new subscription business in months during COVID, demonstrating how foundational capabilities accelerate strategic pivots

• AI is expanding the platform's audience from hundreds of developers to thousands of business users and, eventually, millions of agents - requiring new approaches to identity, observability, and security

• The vulnerability landscape is entering a new phase where AI-generated code volume and AI-powered exploit tools are converging, making platform-level security guardrails non-negotiable

• Successful AI adoption requires deterministic harnesses around probabilistic systems - automated policy enforcement, multi-model verification, and shared context platforms that agents can leverage

Boyan Dimitrov, CTO at SIXT, brings a rare, ground-level perspective to this conversation. Leading an 800-person product and engineering organization that builds over 95% of its software in-house, Boyan has spent more than a decade building and scaling platform capabilities across one of Europe's largest mobility providers. His experience spans the full evolution from monolithic deployments taking weeks to a modern internal developer platform enabling 120,000+ deployments monthly across thousands of applications.

You can watch the full discussion here if you missed it.

The 10-year platform journey: From fragmentation to 120,000 deployments per month

When Boyan joined SIXT over a decade ago, the organization faced challenges familiar to many enterprises. Fragmentation between engineering, operations, product, and business teams meant deploying their monolith could take two to three weeks. Teams were independently reinventing solutions, creating a sprawling landscape of inconsistent tools and approaches.

"The reality was it could take us two, three weeks to ship an application once, or our monolith once at that point, which is a lot of opportunity cost," Boyan explained. "And it also resulted in us being very slow when it comes to delivering the value that we want and the experience we want."

The prevailing wisdom at the time was to give every team its own cloud account and let them choose the best tool for each job. Boyan reasoned from first principles instead.

"When I started working from just basics, first principles, what I actually want to achieve... if I empower my teams to actually have more responsibility, and they're already 150% busy with what they have today, something is going to give."

The solution was to extend team ownership while simultaneously centralizing and automating the common foundations - observability, build systems, deployment pipelines, and application frameworks. Product teams could then focus entirely on business problems rather than infrastructure plumbing.

The results are concrete. SIXT now manages thousands of applications and over 400,000 web pages, with deployment frequency climbing from one or two per month to 120,000 to 130,000 monthly. When COVID hit and the business needed to pivot quickly, that platform foundation enabled SIXT to launch an entirely new car subscription product in just a couple of months.

"If we had to start from scratch and reinvent everything, I think that would have taken us two or three times longer, even if we committed disproportionate resources to go for this opportunity," Boyan noted.

AI is expanding the platform's audience from hundreds to millions

The emergence of AI is fundamentally changing who uses enterprise platforms. Traditionally, platform engineering focused on serving application developers - perhaps hundreds or thousands of engineers in a large organization. Today, that audience is expanding in three distinct waves.

First, data scientists and ML engineers need platform capabilities tailored to their workflows. SIXT has invested heavily in MLOps platforms alongside their traditional engineering platforms.

Second, and more transformatively, business users are becoming builders. "We welcomed thousands of new builders from our business areas as well, who are able to also build software for themselves to improve their productivity," Boyan explained. These citizen developers - business users who build software without writing code - need platforms that handle version control, deployment, observability, and security entirely behind the scenes.

"They don't touch code. They just speak with Claude or Codex or whatever the tool of the day is and things are happening for them. And now at some point they can assess that the solution is good enough, it solves their problem, and they want to share it. This is where they stand. And we want to take care of everything else behind the scenes for them as much as possible."

The third wave - and ultimately the largest - is agents themselves. "We believe that from everything we see and from the agents that we're running in production that the technology we had in the past is just not enough for that. It's not fine-grained enough and it's not addressing the agent needs in the best possible way."

This requires rethinking fundamental platform capabilities. Identity and access management must become far more dynamic and fine-grained. APIs need to be redesigned for non-deterministic systems that can discover and combine capabilities in novel ways. Observability must shift from static dashboards to on-demand, context-aware analysis.

Building deterministic harnesses around probabilistic AI systems

One of the most practical insights from SIXT's AI platform work is their approach to ensuring quality and security in AI-generated code without requiring human expertise at every step.

"The job of platform engineering, at least when it comes to this scope, is you want to ground the models as much as possible when it comes to what is being produced so that you get to whatever non-functional standards you have in your organization," Boyan explained.
SIXT implements this through a multi-layered approach:

• Standards injection at the source - Best practices are embedded directly into the tools that developers and business users interact with, whether that's an IDE or a conversational interface

• Platform agent as guardian - A dedicated platform agent reviews code at deployment time, collaborating with the local agent to enforce standards before anything ships

• Multi-model verification - Multiple AI models serve in verification roles, so if one model misses an issue, another catches it. "If Claude misses something, Codex catches it," Boyan noted

• Shared context for system-wide reasoning - The platform exposes a unified view of all applications, APIs, and asynchronous communications so models can reason about the downstream impact of any change

That last point is especially important. "What we are doing is we have platform capabilities that are able to give the model understanding about all the different applications, APIs, and asynchronous communications that are taking place within a process," Boyan explained. Without that shared context, models operate with blind spots that become security liabilities.

The coming security challenge: AI-generated vulnerabilities meet AI-powered exploits

Boyan is candid about the security challenges ahead. While AI-generated code may contain fewer vulnerabilities per hundred lines than human-written code, the sheer volume of AI-generated code means the absolute number of vulnerabilities is increasing. At the same time, AI systems are becoming increasingly capable at finding and exploiting those vulnerabilities.

"Even the current models are actually pretty good in finding vulnerabilities in large code bases," Boyan observed. "The biggest vulnerabilities usually come at the boundaries of applications and processes, integration points, when multiple teams come together. Because there is just so much additional context and so much complexity that nobody can reason on its own about all the side effects that a change in a large system or in a large distributed system can cause."

This is precisely where the internal developer platform becomes critical. Individual teams - and individual agents - cannot maintain the full context needed to reason about system-wide security implications. Platform capabilities that expose shared context and enforce standards at integration points are essential, not optional.

Data governance compounds this challenge. "Think about data access and how this is governed. Now it becomes a much more complex problem because you have a lot more permutations of where this data, how this data will be accessed, who's going to be accessing this data, and where this data starts living its own life," Boyan explained. Fine-grained, automated governance of data access becomes a platform responsibility, not a team-level concern.

The future: Agent-first enterprises and 10x team productivity

Looking ahead, Boyan sees platform engineering patterns emerging from two directions simultaneously. Solo founders and small teams running dozens of agents will pioneer new orchestration approaches. Large enterprises, meanwhile, will develop patterns focused on how sizable human-plus-agent teams achieve 10x productivity gains - not just the 20 to 30% improvements common today.

"I think what's unsolved in the industry at this point of time is how a lot of individuals that comprise an engineering product team today get 10x as a team with agents. I think this is going to be super interesting and the patterns for that are going to come from enterprises."

As for whether enterprises will shrink or grow in this new era, Boyan believes it depends on business success rather than technology. Successful businesses will scale up to capture more markets; struggling ones will use AI primarily for efficiency and cost reduction.

If you enjoyed this, find here more great insights and analysis from Weave Intelligence.

Key takeaways

• Platform maturity is a strategic enabler, not just an efficiency play - SIXT's ability to launch new products in months rather than years during COVID demonstrates how platform investments compound over time, creating organizational agility that becomes a competitive advantage when markets shift unexpectedly. Start building that foundation before you need it.

• Design for your future users, not just your current ones - Platform teams must now architect for three distinct audiences: traditional developers, citizen developers with no technical background, and autonomous agents. Each requires different abstractions, guardrails, and interfaces, but all must share common foundations for security, observability, and governance.

• Security in the AI era requires shared context platforms - The most critical vulnerabilities emerge at system boundaries where no single team or agent has full context. Your internal developer platform must provide that shared context and enforce standards at integration points, because individual teams cannot reason about system-wide security implications on their own.

• Multi-layered verification beats single-point trust - Using multiple AI models in verification roles, combined with platform-level policy enforcement at deployment time, provides defense in depth against the probabilistic nature of AI systems. This architectural pattern - deterministic harnesses around probabilistic components - will become increasingly important as AI-generated code volume grows.