Navigating the 34th Technology Radar: A Practical Guide to AI, Security, and Harness Engineering

Overview

Thoughtworks recently released the 34th volume of its Technology Radar—a biannual report that distills hands-on experience from the software industry into actionable insights. This edition features 118 blips organized across four quadrants: tools, techniques, platforms, and languages. While AI-related topics dominate, the Radar also urges teams to revisit foundational practices—from pair programming and mutation testing to DORA metrics and zero‑trust architecture. A key theme is the tension between AI agents that demand broad access and the security safeguards that haven’t yet caught up, along with the emerging discipline of harness engineering to manage that complexity.

Navigating the 34th Technology Radar: A Practical Guide to AI, Security, and Harness Engineering — Source: martinfowler.com

This guide will help you decode the Radar’s signals, apply its recommendations to your own projects, and avoid common pitfalls when integrating AI tools into your development workflow.

Prerequisites

Before diving in, ensure you have:

Basic familiarity with modern software development – Agile practices, CI/CD pipelines, and version control.
Working knowledge of AI/ML concepts – Especially large language models (LLMs) and how they’re used in coding assistants.
Access to the full Technology Radar – Available for free at thoughtworks.com/radar.
A team or project context – The insights are most valuable when applied to real work.

Step‑by‑Step Guide

Step 1: Understand the Radar’s Structure

The Radar is not a ranked list; it’s a strategic map. Blips are placed in one of four rings: Adopt, Trial, Assess, or Hold. Spend time exploring the quadrants and reading the short descriptions for each blip. Note that this edition dedicates many blips to AI topics, but also highlights a return to fundamentals—such as clean code, deliberate design, and testability as first‑class concerns.

Step 2: Identify AI‑Related Blips Relevant to Your Work

AI dominates the Radar, but not all blips are about the latest models. Look for:

LLM‑assisted development tools – e.g., agents that generate code or automate tasks.
Observations about AI’s impact on craftsmanship – The Radar notes that AI forces a re‑examination of fundamentals like pair programming and mutation testing.
Security warnings – Especially around “permission‑hungry” agents that require broad access to private data and production systems.

For each candidate blip, ask: Does this solve a problem we have? Can we trial it safely? Use the Radar’s own ring classification to guide your next move.

Step 3: Apply Security Considerations from the Radar

The Radar’s security theme is blunt: “The safeguards haven’t caught up with the ambition.” To avoid pitfalls:

Follow the “Zero Trust” pattern – Treat every access request as potentially malicious, especially from AI agents. The Radar includes blips on zero‑trust architecture as a must‑revisit technique.
Implement threat modeling early – Use lightweight methods like STRIDE or the Threat Modeling Guide (referenced by Jim Gumbley in the Radar).
Contain permission‑hungry agents – Use sandboxes, API gateways, and tight scoping for agent actions. Example: if an agent needs to read a private repository, grant read‑only access just for that repo, not the entire org.
Monitor for prompt injection – LLMs can’t reliably distinguish trusted instructions from untrusted input. Add validation layers and manual approval for destructive actions.

Step 4: Embrace Harness Engineering

Harness engineering is a new discipline highlighted in this Radar. It refers to the suite of tools, guides, and sensors that shape how AI agents interact with systems. To get started:

Define boundaries – Use explicit permissions, rate limits, and audit logs.
Provide context – Give agents clear, structured prompts that limit their power (e.g., “You may only read files in /project/docs”).
Measure impact – Track DORA metrics (deployment frequency, lead time, change failure rate, time to restore) to see if AI introductions actually improve or degrade delivery.

You can often start with low‑risk tasks like automated test generation or documentation summarization, then gradually increase agent autonomy as you build confidence.

Step 5: Revisit Foundational Practices

The Radar reminds us that AI is not a silver bullet. Pair the new tools with proven techniques:

Pair programming – Use AI as a “third pair” to explore alternatives, not as a replacement.
Mutation testing – Verify that AI‑generated tests actually catch bugs. Run mutation coverage tools (e.g., Stryker, PIT) as part of your pipeline.
Clean code and deliberate design – AI can generate complexity quickly. Maintain code reviews and refactoring cycles.

Step 6: Build Your Own Radar Watchlist

Create a living document similar to the Technology Radar for your team. Schedule a quarterly review to:

Identify new blips from the public Radar that you want to trial or hold.
Move existing items across rings as you gain experience.
Share learnings in a wiki or team presentation.

Common Mistakes

Over‑Trusting AI Agents

Don’t grant an agent carte blanche. The Radar warns of “permission‑hungry” agents that need everything. Treat every new agent as suspicious until proven safe.

Ignoring the Fundamentals

It’s tempting to jump on the latest LLM‑powered tool, but the Radar emphasizes that AI forces us to revisit the basics. Skipping mutation testing or clean code standards will lead to brittle systems.

Misinterpreting the Radar’s Rings

“Adopt” doesn’t mean “use everywhere immediately.” It means the item has proven value in many contexts. Always evaluate against your specific use case.

Neglecting Harness Engineering

Without proper guardrails, agents can cause outages or data leaks. The Radar’s list of harness‑related blips will grow—start investing now.

Summary

The 34th Technology Radar is more than a snapshot of trends; it’s a call to action. AI is not just about new tools—it’s forcing us to strengthen our foundations. By following the steps above—understanding the Radar, identifying relevant AI blips, applying security controls, embracing harness engineering, and revisiting core practices—you can harness the power of AI without sacrificing quality or safety. As the Radar itself says, “the safeguards haven’t caught up”—but with deliberate effort, you can build them yourself.

For the full list of blips and detailed descriptions, visit the official Technology Radar page. Expect the next edition in six months to bring an even longer list of harness engineering insights.