Following on from my last missive (From Zero-Day to Zero-Hour, How Cyber Defence Lost Time) and responding to some of the comments that it has stimulated, particularly on how AI is rapidly extending our capacity to act. I agree, it accelerates decisions, automates complexity and compresses what once took teams of experts into the output of a model in seconds but in doing so it introduces a structural risk that for me is being underplayed, the separation of power from judgement.
Let me express my take. Historically, capability and understanding evolved together. The ability to act, whether in finance, engineering, national security or any field of expertise was constrained by human cognition, experience and institutional knowledge. AI disrupts that balance. It enables individuals and organisations to execute at scale without necessarily possessing the depth of insight that once governed such action.
This creates an asymmetry. Actions become faster, broader and more consequential, while the human capacity to interrogate, contextualise and challenge those actions does not scale at the same rate. The result is not simply error, it is confident error, systematised and amplified.
In cybersecurity, this is already visible as I wrote earlier this week Zero-Click, Zero-Alert, Zero-Chance, The Mobile Blind Spot. AI can identify vulnerabilities, generate exploit paths and simulate attacks with increasing sophistication. See a piece I did last year on how this could manifest A Very Real Breach Symphony. Yet the judgement required to interpret context, intent, proportionality, second-order consequences, remains distinctly human and unevenly distributed. When organisations over rely on AI outputs without embedding authority led oversight, they risk operationalising decisions they do not fully understand.
Whilst these models are not reasoning as we do human led tailoring matters but the shift I sense here is still structural. The same system that helps identify issues can now also generate plausible but flawed code at scale, which means the volume of almost correct, subtly broken software explodes. That means not just a quality issue it is a systemic risk amplifier.
For me AI is still a long way off removing the need for human judgement, in fact it currently raises the premium on it and forces a change in posture . Human reasoning can no longer sit in the loop for everything, it must sit above the system, defining controls, guardrails and continuous assurance. Otherwise, we do not just get worse code we get machine-speed risk accumulation that humans cannot keep up with.
This is not an argument against AI, it is an argument against its ungoverned application. The real danger lies not in the technology itself but in the illusion of comprehension it creates. Outputs appear authoritative; reasoning appears complete but without structured challenge, independent validation and accountable decision frameworks, this is theatre, not assurance.
When organisations over rely on AI tooling outputs without embedding authority led oversight / judgment, they risk operationalising decisions they do not fully understand (black box syndrome), in so doing it risks an almost adverse effect, by extending their capacity to fail, faster and at scale without true comprehension. So the question becomes how to cut through the illusion of comprehension it creates to keep it real and grounded. Unfortunate I suspect we will see a few headline examples before this reality hits home.
The future will not be defined by those who act fastest but by those who retain control over why they act at all. AI may extend our reach but unless matched with deliberate judgement, it will also extend our capacity to fail, faster and at scale.
Posted on April 8, 2026
0