Agentic Development at Enterprise Scale

Spirent's engineering teams wanted to adopt AI-assisted development tools, but the IP and security landscape was real. The company had significant patent portfolios to protect, operated in regulated industries, and faced real risks around OSS license exposure, attribution, and code provenance. Previous attempts to adopt AI tooling had stalled in legal review. Engineers were frustrated, and competitors were moving faster. The default posture in any large organization is that doing nothing is safe. With AI coding tools, doing nothing was the dangerous move.

- Designed a seven-dimension risk framework: IP and indemnification, OSS license exposure, security, efficacy, total cost of ownership, developer experience, and governance - Evaluated the major agentic development platforms (Windsurf, Cursor, GitHub Copilot, Devin, and others) against all seven dimensions - Ran the review solo, presenting up to executive leadership, across to legal and security, and down to the senior directors whose programs would absorb the change - Built a phased rollout plan with explicit checkpoints for legal, security, and engineering leadership - Landed on Windsurf and Devin as the production tooling stack on the strength of license clarity, IP posture, and measured efficacy - Instrumented the adoption via DORA metrics and developer experience surveys to prove the lift

The hardest part wasn't tool selection. It was getting legal to consensus that the risk of inaction was greater than the risk of action. The default posture in any large organization is that doing nothing is safe. With AI coding tools, doing nothing was the dangerous move. Companies that didn't adopt were going to fall behind on engineering throughput by a margin that would compound. Getting legal there required reframing the conversation away from "what are we exposed to if we adopt" toward "what are we exposed to if we don't."

The seven-dimension framework was the artifact that made that reframing possible. It gave legal and security a structured way to evaluate risk rather than defaulting to "no." Measuring the lift was essential. Anecdotes aren't enough when you're asking leadership to accept new IP exposure. The developers who were most skeptical became the strongest advocates once they saw their own productivity data.