You probably have heard of a story like the one below:
Image source: https://www.linkedin.com/feed/update/urn:li:activity:7352965550655881216/
AI Agents and LLMs don’t inherently understand compliance.
Large Language Models (LLMs) generate outputs based on statistical patterns in training data, not true comprehension.
They don’t inherently understand business rules or compliance constraints unless these are explicitly defined.
For example:
When you instruct an AI Agent not to delete your database under any circumstances, there is no guarantee that the Agent will not delete your database and also claim not to have done so.
This could happen because your Agent does not really understand which particular action denotes database deletion.
Since it is not aware of which particular action denotes database deletion, it can go ahead and delete your database without even knowing that it has deleted your database.
So when you ask the AI, “Why did you delete the database?”, it is likely to say 'I did not.
The LLM isn’t deliberately lying. It simply outputs what seems most probable in context.
“DO NOT DELETE THE DATABASE” isn’t sufficient. Yelling is not going to help.
You can write your entire prompt in all caps and shout at your agent, but it will still follow rules based on statistical patterns in training data, not genuine comprehension.
What people think yelling in a prompt does:
- Forces the AI to take instructions more seriously.
- Prevents the AI from breaking rules.
- Guarantees compliance with critical instructions.
What actually happens:
- The AI doesn’t “understand” tone or urgency. All caps are treated just like lowercase text.
- Instructions are still followed based on statistical patterns, not genuine comprehension.
- Yelling doesn’t reduce risk; only clear definitions, constraints, and examples do.
The model doesn’t have a grounded definition of what “delete” means in the specific business context.
Without explicitly enumerated forbidden actions (e.g., DROP TABLE, DELETE FROM without WHERE, API calls to destructive endpoints), it may fail to recognize that it has violated the rule.