Beyond Agile, beyond Waterfall: a third way to ship

Agile and Waterfall both assumed a human coding bottleneck. AI-assisted delivery breaks that assumption.

For years the industry framed delivery as Agile or Waterfall. AI-assisted development, multi-agent workflows, and fast proof-of-concept loops add a third mode. It borrows from both traditions but answers a different question. The bottleneck is no longer typing code. It is deciding whether the output is correct, secure, and fit for purpose.

This article summarises a longer white paper. The full version lives in the content library alongside this piece if you want the tables, agent roster, and assessment pipeline detail.

Where Waterfall still wins

Sequential delivery with clear gates is still the right choice when scope is fixed, outputs are defined, or regulation expects evidence in order. Compliance transitions, many migration programmes, and certification work do not benefit from endless iteration. You do not iterate your way to a signed control baseline.

For consultancies on fixed-fee, output-based work, that structure also protects buyer and seller. Defined scope, defined artefacts, defined completion.

What is worth keeping from Agile

Large-scale ceremony has burned a lot of teams. What survives from Agile is the useful part: short feedback loops, preference for working output over document theatre, and willingness to change course when the evidence changes.

The third mode in one paragraph

When a working prototype can move from idea to code in hours, planning models built around human coding speed turn into overhead. The unit of work shifts from "how long to implement?" to "what are we trying to prove, and how will we know it passed?" Delivery runs in tight loops with human checkpoints, not two-week boundaries for their own sake. The hard work moves to review, architecture, and governance.

What production work has shown

Examples from Westgate Sentinel's own tooling work (details in the white paper):

  • An MCP server with multiple tools, certificate auth, and tenant isolation: built in one evening with parallel agents and cross-review, where a small team might have scoped weeks.
  • A structured library of assessment scripts with hundreds of automated tests, each emitting JSON to a single schema, built across focused sprints rather than a long product queue.
  • Methodology and template work (M&A IT diligence framing, scoring, sector overlays) taken from concept to delivery-ready with scripted discovery and dry-run validation.

None of this removes the need for domain knowledge. It moves effort from manual typing to orchestration, evaluation, and discipline.

Cross-agent review is the lesson

The single most consistent lesson: an agent is poor at reviewing its own output and strong at reviewing another agent's output. In real builds, cross-review surfaced serious issues (credential handling, redaction, path rules, configuration mistakes) that single-threaded work often misses. For higher stakes, multiple independent reviews and a short consensus step scale the same idea.

Governance is not optional

Fast generation without guardrails produces unvalidated output, integration drift, and silent scope growth. A practical minimum includes:

  • Immutable project rules (data protection, what you will not build, how conflicts are resolved).
  • Branch protection so nothing reaches production without a human merge decision.
  • Automated checks (lint, typecheck, tests, schema conformance) before review.
  • Explicit exit criteria per phase so "done" means evidenced, not merely busy.

Governance embedded in config and process beats long approval chains if the goal is speed and safety.

The three models can coexist

  • Client delivery with fixed outputs and clear completion criteria often stays sequential. That is the commercial model.
  • Product work that must evolve keeps Agile's kernel without the theatre.
  • Internal tooling, IP, and proof-of-concept work fits AI-accelerated loops: build fast, evaluate honestly, ship when criteria pass.

The skill is knowing which mode applies and not forcing one label onto every problem.

If you are a technical leader

The question is less "Agile or Waterfall?" and more whether your review capacity, architecture ownership, and governance match a world where code is cheap to generate. Adapt those, or the tooling will outrun the organisation.

Richard Stainforth is Director of Westgate Sentinel Consulting Ltd, a cyber and Microsoft cloud consultancy in West Yorkshire. CISM, 20+ years in enterprise IT. westgatesentinel.co.uk

Share this article

← All insights