Industrial control systems and LLM-driven agents look unrelated from a distance. One reads sensors and moves equipment; the other reads context and writes code. But the practical failure modes rhyme: stale state, unclear authority, invisible decisions, and commands that are easier to issue than to unwind.
That is the useful bridge for me. I do not want agentic systems to feel mystical. I want them to feel like serious engineering tools: powerful, observable, bounded, and boring in the places where boring is a virtue.
Freshness checks
A stale sensor reading and a stale agent context fail in the same shape. The system acts confidently on data that no longer reflects reality. In agentic coding this shows up as plans based on deleted files, outdated assumptions, or logs from a previous run.
The habit transfers cleanly: make freshness explicit. Re-read the file before editing. Re-run the failing command before claiming the failure is fixed. Treat cached context as helpful, not authoritative.
Authorization boundaries
Operational systems distinguish read access from command access because observation and mutation are different kinds of risk. Agents need the same line. Let them inspect widely, plan deeply, and draft aggressively; gate actions that mutate shared state, publish externally, expose services, or are hard to roll back.
That is not anti-automation. It is what makes automation safe enough to use more often.
Observability before intelligence
When something goes wrong, the first question is not whether the system was clever. It is whether you can reconstruct what happened. What did the agent see? What did it decide? What command did it run? What changed afterwards?
If those questions cannot be answered, adding a stronger model only makes the system fail more impressively. Logs, tests, diffs, review checkpoints, and handoff notes are not paperwork; they are the instruments that make agent work legible.
Command safety
Industrial systems use interlocks and confirmations because some actions should be possible but never casual. Coding agents need the same discipline: dry runs, scoped permissions, explicit approval for public deployment, and verification before any claim of done.
The goal is not to remove the human. It is to let the human spend judgment where judgment matters, while the agent handles the repetitive shape of the work.
What does not transfer
SCADA assumes a more explicit process model than LLM systems have. The analogy breaks if taken too literally. An LLM is not a controller, a repo is not a plant, and natural language is not a ladder diagram.
But the habits still help: verify freshness, separate observation from mutation, make decisions inspectable, and add friction to dangerous commands. That is enough to make agents more useful without pretending they are more deterministic than they are.