You haven’t experienced real frustration until you’ve watched an AI agent confidently suggest restarting a production database during a P1 outage — while three engineers are screaming in a Slack thread that the database IS the problem.
That was us. Six months ago, we deployed an automated SRE agent. We thought we were buying speed, scale, and sleep. What we actually bought was a confident liar with access to our infrastructure.
An AI agent doesn’t need to be smart. It needs to be contextually honest. And that’s the one thing no LLM can fake.
Here’s what nobody tells you when you’re shopping for an AI-driven SRE solution: the demo works because the demo is clean. The alerts are well-formed. The runbook exists. The incident has been seen before. But production doesn’t work like a demo. Production is a 3 a.m. page about a service nobody remembers provisioning, triggering an alert that fires because of a DNS change made by a contractor who left the company eight months ago.
Our agent handled the easy stuff fine. CPU spike? Restart the pod. Disk full? Rotate logs. These are incidents that a shell script could handle — and frankly, a shell script would be more trustworthy because at least it doesn’t hallucinate a root cause analysis that sounds plausible but is completely fabricated.
The real incidents — the ones that actually matter, the ones that wake people up — those are where the agent fell apart. Not because the LLM wasn’t capable. Not because the context window was too small. But because the agent didn’t know what every human SRE knows implicitly: this alert has been noisy for two years, nobody’s fixed it because it’s a known false positive tied to a legacy batch job, and the real signal is actually buried in a secondary metric that only Dave understands.
Dave’s knowledge isn’t in a runbook. It’s not in a wiki. It’s not in Jira. It’s in Dave’s head, accumulated over four years of 3 a.m. firefights and tribal lore passed through Slack messages that nobody archived.
The hardest part of incident response isn’t finding the answer. It’s knowing which question to ask — and that knowledge lives in the messy, undocumented space between your engineers and your systems.
We kept trying to fix this. We fed the agent more context. More runbooks. More historical incident data. We built elaborate context layers, hoping that if we just gave it enough background, it would start performing like a human engineer.
It didn’t. It got marginally better at pattern-matching and significantly better at sounding authoritative while being wrong. The agent started producing incident summaries that read like they were written by someone who had read every runbook but had never actually been paged at 3 a.m. — which is exactly what had happened.
And that’s when we realized the real problem wasn’t the LLM. It was us.
We had been treating incident response as a technical problem that could be automated away. But incident response is fundamentally a human problem. It’s interpretation. It’s judgment. It’s the ability to look at a wall of dashboards and say, “I’ve seen this pattern before — the last time it looked like this, it was the load balancer, not the app.” That’s not data. That’s wisdom. And wisdom doesn’t compress into a context window.
Every time you automate away the messy middle of incident response, you don’t just lose accuracy — you lose the learning loop that makes your team better next time.
So we stopped. We pulled the agent out of the critical path. Not because we’re anti-AI — we’re not — but because we realized we were solving the wrong problem. The bottleneck was never LLM capability. It was organizational: we had never invested in making our tacit knowledge explicit. We had years of tribal wisdom scattered across Slack threads, postmortem comments, and engineer brains, and we expected a language model to somehow reconstruct it from logs and metrics.
That’s not an AI problem. That’s a documentation problem. A culture problem. A “we never sat down and wrote down what we actually know” problem.
What we ended up with was semi-automation. The agent handles the first pass — triage, initial correlation, drafting a summary. But a human engineer reviews, contextualizes, and decides. The agent is a copilot, not a captain. It surfaces signals. It doesn’t interpret them.
Is this less glamorous than full automation? Absolutely. Nobody writes a blog post titled “We Built a Semi-Automated Tool That Sometimes Helps.” But it works. It actually works. And more importantly, it keeps our engineers in the loop — learning, adapting, building the muscle memory that makes the next incident shorter.
The most dangerous thing about AI in operations isn’t that it’s wrong. It’s that it’s wrong with such confidence that you stop trusting your own instincts — and that’s how teams slowly lose the knowledge that made them good in the first place.
If you’re deploying an AI SRE agent right now, ask yourself one question: when was the last time your team documented what they actually know? Not the runbooks. Not the dashboards. The stuff that lives in the gaps — the known-noisy alerts, the system quirks, the “don’t touch that service on Tuesdays because of the batch job” knowledge that keeps everything running.
If you can’t answer that question, your agent can’t either. And no amount of context window or model improvement will fix what is, at its core, a human problem dressed up as a technical one.
We fired our AI SRE agent. We’re not done with AI — not by a long shot. But we’re done pretending that better models can substitute for knowledge we never bothered to write down. The real intelligence layer was never the model. It was always the context. And the context was always us.
FAQ
Q: Isn't this just an early-stage problem? Won't better models fix this eventually?
A: No. The bottleneck isn't model capability — it's organizational knowledge that was never documented. You can have a perfect LLM and it still won't know that Alert X has been a known false positive for two years because of a legacy batch job. That's not a model problem; it's a documentation problem. Better models make the gap less obvious, not less real.
Q: What does semi-automation actually look like in practice?
A: The agent handles triage, initial correlation, and drafting summaries. A human engineer reviews, contextualizes, and makes the call. The agent surfaces signals; it doesn't interpret them. Less glamorous than full automation, but it keeps your team learning instead of outsourcing their judgment.
Q: Isn't this just resistance to change?
A: The opposite. We're not resisting AI — we're resisting the fantasy that AI can substitute for knowledge we never bothered to write down. The real change isn't deploying a better model; it's investing in the context layer that makes any tool — human or AI — actually useful. That's the hard, unglamorous work nobody wants to fund.