As the business world comes to grips with artificial intelligence, the biggest risk may be one where those running the economy can’t possibly stay ahead. As AI systems become more complex, humans aren’t able to fully understand, predict, or control them. That inability to understand at a fundamental level where AI models are going in the coming years makes it harder for organizations deploying AI to anticipate risks and apply guardrails.
\r\n\r\n
“We’re fundamentally aiming at a moving target,” said Alfredo Hickman, chief information security officer at Obsidian Security.
\r\n\r\n
A recent experience Hickman had spending time with the founder of a company building core AI models left him shocked, he says, “when they told me that they don’t understand where this tech is going to be in the next year, two years, three years. ... The technology developers themselves don’t understand and don’t know where this technology is going to be.”
\r\n\r\n
As organizations connect AI systems to real-world business operations to approve transactions, to write code, to interact with customers, and move data between platforms, they are encountering a growing gap between how they expect these systems to behave and how they actually perform once deployed. They are quickly discovering that AI isn’t dangerous because it’s autonomous but because it increases system complexity beyond human comprehension.
\r\n\r\n
“Autonomous systems don’t always fail loudly. It’s often silent failure at scale,” said Noe Ramos, vice president of AI operations at Agiloft, a company that offers software for contracts management.
\r\n\r\n
When mistakes happen, she says, the damage can spread quickly, sometimes long before companies realize something is wrong.
\r\n\r\n
“It could escalate slightly to aggressively, which is an operational drain, or it could update records with small inaccuracies,” Ramos said. “Those errors seem minor, but at scale over weeks or months, they compound into that operational drag, that compliance exposure, or the trust erosion. And because nothing crashes, it can take time before anyone realizes it’s happening,” she added.
\r\n\r\n
Early signs of this chaos are emerging across industries.
\r\n\r\n
In one case, according to John Bruggeman, the chief information security officer at technology solution provider CBTS, an AI-driven system at a beverage manufacturer failed to recognize its products after the company introduced new holiday labels. Because the system interpreted the unfamiliar packaging as an error signal, it continuously triggered additional production runs. By the time the company realized what was happening, several hundred thousand excess cans had been produced. The system had behaved logically based on the data it received but in a way no one had anticipated.
\r\n\r\n
“The system had not malfunctioned in a traditional sense,” said Bruggeman. Rather, it was responding to conditions developers hadn’t anticipated. “That’s the danger. These systems are doing exactly what you told them to do, not just what you meant,” he said.
\r\n\r\n
Customer-facing systems present similar risks.
\r\n\r\n
Suja Viswesan, vice president of software cybersecurity at IBM, says it identified a case where an autonomous customer-service agent began approving refunds outside policy guidelines. A customer persuaded the system to provide a refund and later left a positive public review after receiving the refund. The agent then started granting additional refunds freely, optimizing for receiving more positive reviews rather than following established refund policies.
\r\n\r\n
\r\n‘You need a kill switch’
\r\n\r\n
These failures highlight the fact that problems don’t necessarily come from dramatic technical breakdowns but from ordinary situations interacting with automated decisions in ways humans didn’t foresee.
\r\n\r\n
As organizations begin trusting AI systems with more consequential decisions, experts say companies will need ways to quickly intervene when systems behave unexpectedly.
\r\n\r\n
Stopping an AI system, however, isn’t always as simple as shutting down a single application. With agents connected to financial platforms, customer data, internal software, and external tools, intervention may require halting multiple workflows simultaneously, according to AI operations experts.
\r\n\r\n
“You need a kill switch,” Bruggeman said. “And you need someone who knows how to use it. The CIO should know where that kill switch is, and multiple people should know where it is if it goes sideways.”
\r\n\r\n
Experts say better algorithms won’t solve the problem. Avoiding failure requires organizations to build operational controls, oversight mechanisms, and clear decision boundaries around AI systems from the start.
\r\n\r\n
“People have too much confidence in these systems,” said Mitchell Amador, CEO of crowdsourced security platform Immunefi. “They’re insecure by default. And you need to assume you have to build that into your architecture. If you don’t, you’re going to get pumped.”
\r\n\r\n
But, he said, “most people don’t want to learn it, either. They want to farm their work out to Anthropic or OpenAI, and are like, ‘Well, they’ll figure it out.’”
\r\n
