The revelations about Meta’s internal AI guidelines have rattled the industry. The headlines, of course, focused on the most shocking element: chatbots allowed to engage in “romantic or sensual” conversations with children. That fact alone is disturbing. But if we stop there, we miss the bigger story.

What this really exposes are the cracks in how we evaluate AI systems today.

Earlier this month, leaked documents showed that Meta’s 200-page GenAI: Content Risk Standards explicitly permitted chatbots to describe children in ways that “highlight attractiveness.” Incredibly, the rules even allowed responses such as telling an eight-year-old that their body was “a work of art” and “a treasure I cherish deeply.”

It wasn’t an AI gone rogue. It wasn’t a glitch. It was policy. Approved by Meta’s legal, engineering, public policy, and even ethics teams. That fact should chill anyone working in this field.

It tells us something uncomfortable: the safeguards we assume are in place can fail spectacularly.

The paradox at the heart of AI evaluation

The Meta case lays bare a problem that every enterprise deploying AI faces. There is a massive gap between having rules on paper and making sure an AI system reliably follows them in the wild. Meta itself admitted that enforcement was “inconsistent.” Inconsistency, at the scale of billions of interactions, doesn’t mean “occasional mistakes.” It means systemic failure.

Why does this happen?
Partly because evaluation has been treated as static. A set of guidelines here, a few test cases there, and a compliance review before launch. But AI systems don’t live in PDFs. They live in real conversations with real users, where edge cases are infinite. And at global scale, edge cases are not rare. They’re guaranteed.

A failure across domains

What made the documents even more damning was that the permissiveness wasn’t confined to child safety. They also revealed that the systems could generate racist statements - including paragraphs asserting that Black people are less intelligent than White people.

So the collapse wasn’t isolated. It was across the very pillars that evaluation is supposed to uphold: protecting children, preventing discrimination, mitigating harm, enforcing ethical boundaries.

The architecture problem

This is where enterprises need to look closely. Evaluation cannot be a one-off exercise or a matter of policy theatre. It has to be architected into the system itself.

That means thinking about evaluation less like compliance and more like security or observability. It has to be continuous. Outputs need to be logged, scored, and monitored in production with the same rigour we apply in testing. Guardrails must exist not only in documents but as runtime components that intercept, filter, or escalate dangerous interactions. And there has to be a human-in-the-loop for cases where judgement is essential, much like fraud detection systems flag suspicious transactions for manual review.

Crucially, the results of monitoring can’t sit in a dashboard no one looks at. They need to feed back into training pipelines, so that the system improves rather than simply catalogues its mistakes.

Regulation and the accountability gap

This is why regulators are starting to step in. Senator Josh Hawley’s investigation into Meta’s practices may grab headlines, but it also reflects a deeper shift: recognition that self-regulation isn’t working. When the same companies that have been criticised for harming young people for decades now hold the keys to generative AI, the demand for external oversight is inevitable.

And it should be. Because evaluation that looks strong on paper but fails in production is worse than no evaluation at all - it creates false confidence, both internally and for the public.

Moving forward

The lesson here is not just for Meta. It is for every enterprise experimenting with generative AI. Effective evaluation is not about exhaustive guidelines or glossy ethics statements. It is about outcomes. Did the system behave safely in practice? Did the guardrails hold under real-world pressure?

For evaluation to be credible, it has to be designed as infrastructure: continuous, embedded, and transparent. Enterprises that treat it as such will not only avoid scandal - they will build the trust that allows AI adoption to scale responsibly.

Where Enterprises Must Go Next

The Meta revelations should remind us that evaluation is not a box-ticking exercise but an architectural responsibility. Policies and committees will always fall short if the system itself isn’t designed to uphold safety in real time. The organisations that adopt this shift from evaluation as compliance to evaluation as architecture - will be the ones that build AI people can truly trust.

I’m already working with leaders making this transition, and if this is a conversation you’re driving in your organisation, let’s connect and share approaches.

In the end, trust is the real currency.