Skip to main content

Domain-Specific Edge Cases

5 min read

Data Eng

Healthcare data has HIPAA. Fintech has SEC rules. Your domain's 'you can't do that' list — AI doesn't know it. You do.

Embedded

Safety-critical systems have certification requirements. AI can't sign off. You own the 'this could kill someone' checks.

Dba

Your schema has 15 years of historical quirks. 'Why is this column nullable?' — You know. AI doesn't.

Domain-Specific Edge Cases

TL;DR

  • 62.07% of C programs from top LLMs (GPT-5 mini, Gemini 3.1 Pro, Code Llama) contained vulnerabilities. AI-generated code is less secure than human-written code—missing defensive programming, buffer overflows, integer overflows.
  • AI produces "counterfeit" programs: code that compiles, passes weak checks, looks correct—but contains logical errors. Models struggle to distinguish these from genuinely correct code.
  • Every company's codebase is different. Proprietary conventions are out of distribution. AI calls non-existent functions, violates internal style, fails CI. You know the rules. AI doesn't.

General-purpose AI is trained on broadly available data. Your industry's specifics—regulatory, historical, or "we learned this the hard way"—are often not in the training set. 169 documented security incidents and operational failures in AI-generated code (2024–2025). At least 8 CVEs linked to AI code tools, including CVSS 9.3 critical in Microsoft 365 Copilot. That's your advantage and your job: catch what AI misses.

What Domain Knowledge Covers

Regulatory and Compliance

  • Healthcare: HIPAA, PHI handling, audit trails. AI might suggest logging patient data in a way that violates regulations. You know the rules.
  • Finance: SEC, PCI-DSS, SOX. "This seems fine" to AI might be a compliance violation. You know what's allowed.
  • Embedded/safety-critical: FDA, FAA, automotive safety standards. AI can't certify. You (or your process) does.

Historical Quirks

  • "This column is nullable because of a 2015 migration we never finished." — AI doesn't know your history. It might "fix" it and break dependencies.
  • "We use this legacy format because Customer X requires it." — Edge case. AI won't know. You do.
  • "That API is deprecated but we can't turn it off until Q3." — Constraints. AI designs for the future. You design for the transition.

"We Learned This the Hard Way"

  • "Never do X—we had an incident in 2022." — Tribal knowledge. Not in docs. Not in public data. AI can't learn it. You're the carrier.
  • 10 distinctive bug patterns in LLM-generated code: misinterpretations, missing corner cases, wrong input types, hallucinated objects, incomplete generation. AI retrieves by syntax, not functionality—so code that looks similar but behaves differently slips through. You catch it.

The Self-Understanding Gap

  • When asked to fix incorrect code, models are often less successful than generating correct solutions from scratch—even when they wrote the bug. AI doesn't reason well about execution behavior. You do the reasoning.

Why This Is a Moat

  • AI can't acquire it from public data. A lot of domain knowledge is internal, regulatory, or learned by doing. It's not in the training set.
  • It's expensive to encode. You could try to write down everything. You'd miss stuff. And it changes. You're the living document.
  • It's the difference between "works" and "works correctly." AI-generated code might run. It might also violate compliance, break a legacy integration, or repeat a past mistake. The vulnerability stats prove it. You catch that.

How to Use This as a Moat

  1. Document your "AI doesn't know" list. Regulatory constraints. Historical quirks. "Never do X." That list is your checklist for reviewing AI output.
  2. Be the domain reviewer. When AI generates something in your domain, you're the final pass. "Does this violate Y?" "Does this assume Z we don't have?" Your job.
  3. Share tribal knowledge. Write it down. Turn "we learned this the hard way" into a doc or a comment. So you're not the only carrier. And so AI-assisted newcomers have something to check against.
  4. Lean into specialization. The more domain-specific your role, the harder it is for generic AI to replace you. Healthcare tech, fintech, embedded, gaming—the edge cases are your moat.

Quick Check

AI suggests logging patient data in a new feature. You're in healthcare. What's the risk?

Quick Check

AI generates code that compiles and passes basic tests. What's the hidden risk?

Do This Next

  1. List 5 "AI doesn't know" facts about your domain. Regulatory, historical, or "we learned the hard way." That's your domain moat. Make it explicit.
  2. Review one AI output through your domain lens. Would it pass compliance? Would it break a legacy constraint? Would it introduce a buffer overflow or missing corner case? That's the domain review skill. Today: run one AI-generated snippet through your mental checklist.