Question
Your company serves EU customers and has a contractual commitment that personal data stays in the EU. An engineer wants to enable an AI coding agent that, to fix bugs, can read application logs and run queries against a staging database that contains pseudonymized-but-real EU user records. The agent's inference endpoint is hosted in us-east. How do you reason about whether this is allowed, and what guardrails would you require before turning it on?
Treat the AI’s output as a draft to verify, not an answer to trust. Name the specific flaw and the input that triggers it, say how you’d catch it — tests, edge cases, reading critically — and how you’d re-prompt or decompose to get it right.
Vibe coding: describe the solution in plain language (or narrate it) and the coach grades your approach. Generating runnable code from your description is coming next.