Five lessons from modernizing a safety-critical aviation data platform — and why the sequence matters more than the technology.
Every technology leader wants to move fast on AI. Boards are asking about it. Competitors are announcing it. The pressure to show progress is real. But in regulated, safety-critical environments — and in any organization carrying significant legacy technical debt — the fastest path to AI is not to start with AI. This whitepaper documents five hard-won lessons from a 18-month platform stabilization and modernization effort at Boeing/Jeppesen Foreflight, culminating in the first agentic AI prototype for safety-critical aviation data workflows. The central argument: you cannot build intelligence on an unstable foundation. Stabilize first. Automate second. Apply intelligence third. In that order, without shortcuts.
When I joined the engineering organization at Boeing/Jeppesen Foreflight, the conversation at the leadership level was already about AI. How could it be otherwise — this was 2023, the year generative AI became impossible to ignore. The product roadmap had ambitions for automating complex aviation data workflows. There was genuine excitement about what AI-assisted processing could mean for a team managing safety-critical data that pilots rely on while flying.
The engineering reality underneath that ambition was a different story entirely.
The platform was a hybrid of on-premise infrastructure and early-stage cloud migration attempts — neither fully committed, neither properly governed. More than 40 legacy applications, many built over a decade ago, running in inconsistent environments with inconsistent dependency management, inconsistent deployment practices, and inconsistent security posture.
The compliance score — measuring how many systems met baseline security, patching, and operational standards — sat at approximately 30%. CVE counts were high and growing. Deployments were manual, error-prone, and infrequent. The team was competent and motivated, but operating in an environment where the underlying platform was consuming engineering capacity just to stay running.
In this environment, building AI prototypes on top of the existing stack would have been a category error. Not because the team lacked the capability — but because an AI system is only as reliable as the platform it runs on. In aviation, where data errors carry safety implications for pilots using Electronic Flight Bags in the cockpit and on the ground, "good enough" is not a standard.
"The temptation is to start with the exciting work — the AI, the automation, the transformation. The discipline is to start with the foundation. You can't build intelligence on infrastructure that you don't fully understand or control."
Secure the platform. Eliminate CVEs. Establish deployment standards. Reach compliance. Build the foundation AI can stand on.
Replace manual processes with reliable, repeatable automation. CI/CD pipelines. Monitoring. Alerting. Remove humans from the critical path of routine operations.
Now introduce AI and agentic workflows — on a stable, automated platform where failures are detectable, recoverable, and auditable.
Architecture review of all 40+ applications. CVE inventory. Compliance gap analysis across security, deployment, and operational standards. Established a prioritized remediation roadmap with clear ownership. No new features, no AI pilots — just understanding the actual state of the system.
Systematic dependency updates, patch management processes, and vulnerability remediation across the application portfolio. Established security scanning in the development pipeline so new CVEs were caught before reaching production. Compliance score began climbing from 30% toward 60%, then 75%.
Replaced manual deployment processes with automated pipelines. Standardized environments to eliminate "works on my machine" failures. Introduced monitoring and alerting standards across applications. On-time delivery rates and deployment confidence improved significantly.
Compliance score reached 95%. CVE count reduced by 85% from baseline. Deployments automated and reliable. The platform was now a known quantity — observable, auditable, and stable enough to begin AI prototyping with confidence.
Multi-agent prototype for the 28-day FAA aviation data update cycle. Three-agent architecture: ingestion/parsing agent, FAA validation agent, and update triggering agent. Built on the now-stable platform where failures were detectable and the impact of a processing error could be contained and traced.
The first thing we discovered during the platform assessment was how much of the system was effectively invisible. Applications running on servers nobody was actively monitoring. Dependencies that hadn't been updated in years. Deployment processes that existed as tribal knowledge in one engineer's head rather than documented, repeatable procedures.
In a traditional software environment, invisible infrastructure is a risk. In an AI-augmented environment, it becomes a compounding risk. An AI agent operating on data from a system you don't fully understand can make confident, fast decisions based on corrupt, stale, or malformed inputs — and you may not discover the error until it has propagated through multiple downstream systems.
In aviation data processing, where the output feeds directly into Electronic Flight Bags used by pilots navigating airports and taxiways, a data error that gets amplified by automated processing is not an abstract concern. The prerequisite for trustworthy AI output is trustworthy input — and trustworthy input requires a platform you understand completely.
A compliance score of 30% sounds like a paperwork problem. It isn't. It is a measurement of how much of your platform is operating outside of known, controlled parameters. Every system below the compliance threshold is a system where something could fail in an unexpected way — because the conditions under which it operates haven't been standardized or validated.
The 12-to-18 months we spent taking compliance from 30% to 95% was not time spent filling out forms. It was time spent bringing systems into a state where their behavior was predictable. Predictability is the foundation of automation. Automation is the foundation of AI. A system that surprises you cannot be automated. A system that cannot be automated cannot be made intelligent.
The specific metrics that moved during the stabilization phase tell the story:
| Metric | Before Stabilization | After Stabilization |
|---|---|---|
| Compliance posture | ~30% | 95% |
| CVE count | High baseline (300+ across portfolio) | 85% reduction |
| Deployment process | Manual, inconsistent, error-prone | Automated CI/CD pipelines |
| Environment consistency | Mixed on-premise / partial cloud, ungoverned | Standardized, monitored, documented |
| AI readiness | Not ready — unstable foundation | Ready — stable, observable platform |
The aviation data workflow we eventually automated was not fully manual when we arrived. It was semi-automated — a collection of scripts that handled parts of the 28-day FAA data update cycle, with humans stepping in at multiple validation checkpoints, reconciling outputs across disconnected systems, and making judgment calls on edge cases that the scripts couldn't handle.
This semi-automated state is where many organizations get stuck. It feels like progress — you have scripts, you have some automation — but it carries the worst characteristics of both manual and automated processes. The scripts create a false sense of reliability (it's automated, so it must be consistent) while the manual intervention points create undocumented decision logic that exists only in the heads of the people performing the validation.
When you introduce AI into a semi-automated workflow, you inherit the undocumented logic problem at scale. The AI learns from the observed behavior of the semi-automated process, including all of its undocumented exceptions and human judgment calls that were never captured in any specification.
The right approach — which we applied — was to fully document and formalize the semi-automated workflow before building the AI prototype. Every manual intervention point was analyzed: what decision was being made, what data it depended on, what the acceptance criteria were, what FAA regulation governed it. Only once the workflow was fully specified did we begin building the agentic implementation.
The aviation data we were processing was not abstract. Jeppesen's data products — navigation charts, airport diagrams, obstacle data, procedure specifications — feed directly into Electronic Flight Bags used by pilots during flight and ground operations. FAA regulations require these datasets to be updated on a 28-day AIRAC (Aeronautical Information Regulation and Control) cycle. A missed update, a data error, or a processing failure is not a customer service problem. It is a potential safety event.
This risk profile shaped every architectural decision in the agentic prototype. Rather than a single end-to-end agent, we designed a three-agent pipeline with explicit handoffs and validation gates between stages:
| Agent | Role | Safety Control |
|---|---|---|
| Agent 1 — Ingestion & Parsing | Receives raw aviation data from source systems. Parses into structured format. Identifies data types, revision cycles, and affected geographic regions. | Output validation against expected schema before handoff. Anomalies flagged for human review before proceeding. |
| Agent 2 — FAA Validation | Validates parsed data against FAA regulatory requirements. Checks AIRAC cycle compliance, data completeness, and cross-references against prior cycle for unexpected changes. | Hard stop on validation failure — no data proceeds to update trigger without passing all FAA rule checks. Full audit log of every validation decision. |
| Agent 3 — Update Trigger | Triggers the 28-day data update cycle for validated datasets. Manages sequencing of updates across dependent data types. Confirms successful propagation. | Human-in-the-loop (HITL) gate before final trigger for the initial prototype phase. Designed to be removed as confidence in Agent 2 validation accuracy builds over time. |
The human-in-the-loop gate on Agent 3 was a deliberate prototype-phase design decision, not a limitation. In safety-critical environments, autonomous action should be earned through demonstrated reliability, not assumed from day one. The prototype's purpose was to prove that Agents 1 and 2 could be trusted before Agent 3 acted without human confirmation.
The most common objection to the stabilize-first approach is timeline. Leadership wants AI results now. Competitors are announcing AI initiatives. Spending 12-18 months on compliance remediation and CI/CD pipelines before touching AI feels like delay.
The reframe that matters: the 12-18 months is not a delay before AI — it is the work that determines whether AI succeeds or fails. Organizations that skip the stabilization phase do not get AI faster. They get AI prototypes that fail to reach production, AI systems that produce unreliable outputs because they're operating on inconsistent data, and AI initiatives that consume engineering capacity without delivering business value.
The three-agent aviation data prototype we built operated on a platform where every data source was known, every dependency was current, every environment was consistent, and every deployment was automated and monitored. The prototype worked — not just in testing but as a credible path to production — precisely because the foundation beneath it was solid.
Compare that to a hypothetical where we had attempted to build AI automation on the platform as it existed when we arrived: 30% compliance, high CVE counts, manual deployments, inconsistent environments. The prototype might have produced impressive demos. It would not have produced a system anyone would trust to process safety-critical aviation data for pilots.
"The goal was never AI for its own sake. The goal was reliable automation of a safety-critical workflow that had resisted automation for years. Getting there required building the platform that made reliable automation possible."
The stabilize-automate-apply intelligence sequence is not specific to aviation or to safety-critical systems. The stakes in aviation are uniquely high, but the underlying dynamic — AI amplifying the problems of an unstable platform rather than solving them — applies across industries.
In e-commerce fraud prevention: An AI fraud detection system operating on inconsistent transaction data, poorly integrated payment systems, and manually maintained rule sets will produce high false positive rates and miss novel fraud patterns — not because fraud AI doesn't work, but because the data infrastructure beneath it isn't trustworthy.
In industrial IoT and predictive maintenance: An AI system predicting equipment failures based on sensor data from poorly calibrated devices, inconsistently maintained edge infrastructure, and manual data ingestion processes will generate alerts that operators learn to ignore — recreating alert fatigue with more expensive technology.
In B2B SaaS operations: An AI system automating customer support or internal operations workflows built on top of a legacy monolith with undocumented APIs, inconsistent data models, and manual deployment processes will require constant human intervention to correct errors the AI cannot anticipate.
In every case the pattern is identical. The sequence that works is identical. Stabilize the platform. Automate the repeatable. Then — and only then — apply intelligence.
Before beginning any AI initiative, honest answers to these questions will tell you which phase you're actually in:
| Question | If Yes | If No |
|---|---|---|
| Can you draw a complete, accurate map of every application, dependency, and data source in your target system? | Prerequisite met | Stabilize first — start with a full architecture audit |
| Is your compliance posture above 80% across security, patching, and operational standards? | Prerequisite met | Stabilize first — compliance remediation before AI |
| Are your deployments automated, consistent, and monitored? | Prerequisite met | Automate first — CI/CD before agentic workflows |
| Is every manual intervention point in your target workflow formally documented? | Prerequisite met | Document and formalize before building AI automation |
| Do you have a clear audit trail for decisions made in your target workflow today? | Prerequisite met | Establish observability before autonomous action |
| Can you detect and contain a processing error before it propagates to downstream systems? | Ready for AI with HITL gates | Stabilize and automate monitoring first |
If you answered "No" to two or more of these questions, your organization is in the Stabilize phase — and the highest-leverage investment you can make in AI readiness is completing that phase before building AI prototypes.
The Operational Intelligence Assessment is a 3-week structured diagnostic that scores your platform across five domains and delivers a prioritized roadmap — including a clear recommendation on which phase you're in and what to do next.
Book a Free Discovery Call →