This piece lands exactly where it needs to, but I think the deeper signal is even more direct:
We already understand the problem.
WannaCry was a warning. The accumulation of zero-days, the normalization of unknown vulnerabilities, the reactive nature of patch cycles, none of this is new. What’s changed is that AI is removing the illusion that we still have time to manage it incrementally.
The gap between discovery and exploitation collapsing to minutes doesn’t just stress the system, it breaks the model entirely.
At that point, continuing to frame this as a cybersecurity issue misses the larger reality. This is a systems design failure. We’ve built a world where critical infrastructure depends on software that is inherently unverifiable at scale, then layered reactive defenses on top and called it security.
AI isn’t creating the problem. It’s exposing it with precision and speed.
So the real question isn’t whether we need better defenses. It’s why we’re still building systems that require defending in this way at all.
In every other domain, we don’t just respond to failure, we design to prevent and contain it. Software remains the exception, even as it becomes the foundation of everything.
Which brings us to the point you raised around responsibility.
We are past the stage of identifying risk. The risks are clear, widely understood, and increasingly measurable. What’s missing is coordinated implementation.
Not more awareness. Not more warnings.
Execution.
This is where I think the conversation needs to shift. From securing systems to redesigning them. From isolated efforts to coordinated frameworks. From reactive patching to architectures that are continuously verified, adaptive, and aligned with human intent at their core.
Because if private companies are now in positions to determine global cyber risk exposure, that’s not just a governance gap, it’s a signal that we have not yet built the structures required to manage the world we’ve created.
The next phase requires alignment across builders, governments, and institutions to implement what we already know needs to exist.
Do you have any pointers to _what_ has to be built? Design guidelines, high-level architecture, societal, technology and designs gaps that need to be filled, build-out principles and protocols?
Thank you for these questions Ricardo. It gets to the core of what actually matters, because recognizing the problem is one thing, but knowing what to build is where everything either moves forward or stalls.
At a high level, there are five layers that need to be built in parallel, not sequentially:
1. Design Principles (the “why” layer)
Most software today optimizes for engagement, not human outcomes. That has to flip. The guiding principles should be:
Human agency over algorithmic control
Transparency over opacity
Alignment with long-term outcomes, not short-term metrics
Systems that help users reach “first value” quickly, instead of trapping them in complexity or passive consumption
If the incentives at this layer are wrong, everything built on top of it will drift in the same direction.
2. Architecture (the “how it’s structured” layer)
We need a shift away from centralized, extractive platforms toward:
Modular, interoperable systems
User-owned data layers
Intent-driven architectures instead of feed-driven architectures
Traditional software engineering already separates requirements, architecture, implementation, and testing as distinct phases , but what’s missing is intent as a first-class input. Right now, systems respond to behavior. They should respond to declared intent.
3. Societal Layer (the “where it lives” layer)
This isn’t just a technical gap, it’s a coordination gap:
No shared standards for ethical software behavior
No enforcement mechanisms for misaligned systems
Limited interdisciplinary collaboration between technologists, policymakers, and behavioral scientists
Historically, even collaboration across domains in software has been weak due to structural barriers . That has to be intentionally redesigned.
4. Technology Gaps (the “what’s missing” layer)
Some key gaps that need to be filled:
Real-time intent modeling (not just predictive analytics)
Systems that can explain why they are making decisions
Better human-in-the-loop systems instead of full automation
Tooling that reduces complexity for builders, not just users
Even in current software tooling, usability and clarity issues prevent adoption of better practices . That’s a signal that better tools alone are not enough, they must be usable and aligned with human workflows.
5. Build Principles & Protocols (the “execution” layer)
This is where things become concrete:
Iterative, feedback-driven development (prototyping over rigid planning)
Continuous validation with real users, not assumptions
Clear metrics tied to outcomes, not vanity engagement
Modern software development already shows that rigid, linear models fail in complex systems, and iterative approaches with user feedback perform better . The difference now is what we choose to optimize for.
---
The deeper truth behind all of this:
We don’t just need better software. We need a new operating system for how software is conceived.
Right now, most systems are built to react to behavior.
What needs to be built are systems that align with human intent, relationships, and outcomes.
That’s the gap.
And that’s the opportunity.
Your Intent Matters, All are welcome! For more information please send me a direct message or visit my Substack Website:
This is a terrifyingly accurate diagnosis of our "house of cards."
We keep trying to fix the problem with better policies and "safer" software, but the reality is that the architecture itself is the vulnerability like you said.
Sovereignty isn't safe until it runs on physics, not just software.
We need a system where privacy isn't a promise made by a corporation, but a law of the hardware metabolism.
Biggest issue underlying what you’ve so expertly stated is that those in government and board rooms are woefully ignorant about IT “anything” and they need your kind of expertise at the table. 🇨🇦
Thank you Sinead for the explanation, why this matters and how to think about this threat. As a lay person who is following AI closely, I am curious at the speed of happenings. It feels like I am running along side a train, expecting to catch up and jump in. Just as I think I have a handle on where to focus my attention the conversation shifts. I wonder if this is where the public apathy comes from that I often see. Maybe folks are fascinated, then fearful, then apathetic.
Also just wanted to say I am a huge fan. Your podcast and posts have me thinking for days. Thank you for what you do!
So that’s why Anthropic stopped the release! Thanks for explaining. The need for guardrails as a topic keeps surfacing. They have to be baked in somehow.
How can we incentivize private companies to proactivelt give a you-know-what about cybersecurity, and make pro-social decisions? Compliance requirements seem to be very after-the-fact for software, as opposed to compliance requirements for the building process like you mention for car crash tests and drug trials. Those are "sticks" anyway, what could be a "carrot" for this?
Sinéad,
This piece lands exactly where it needs to, but I think the deeper signal is even more direct:
We already understand the problem.
WannaCry was a warning. The accumulation of zero-days, the normalization of unknown vulnerabilities, the reactive nature of patch cycles, none of this is new. What’s changed is that AI is removing the illusion that we still have time to manage it incrementally.
The gap between discovery and exploitation collapsing to minutes doesn’t just stress the system, it breaks the model entirely.
At that point, continuing to frame this as a cybersecurity issue misses the larger reality. This is a systems design failure. We’ve built a world where critical infrastructure depends on software that is inherently unverifiable at scale, then layered reactive defenses on top and called it security.
AI isn’t creating the problem. It’s exposing it with precision and speed.
So the real question isn’t whether we need better defenses. It’s why we’re still building systems that require defending in this way at all.
In every other domain, we don’t just respond to failure, we design to prevent and contain it. Software remains the exception, even as it becomes the foundation of everything.
Which brings us to the point you raised around responsibility.
We are past the stage of identifying risk. The risks are clear, widely understood, and increasingly measurable. What’s missing is coordinated implementation.
Not more awareness. Not more warnings.
Execution.
This is where I think the conversation needs to shift. From securing systems to redesigning them. From isolated efforts to coordinated frameworks. From reactive patching to architectures that are continuously verified, adaptive, and aligned with human intent at their core.
Because if private companies are now in positions to determine global cyber risk exposure, that’s not just a governance gap, it’s a signal that we have not yet built the structures required to manage the world we’ve created.
The next phase requires alignment across builders, governments, and institutions to implement what we already know needs to exist.
We don’t need another wake-up call.
We need to start building the response.
George
Do you have any pointers to _what_ has to be built? Design guidelines, high-level architecture, societal, technology and designs gaps that need to be filled, build-out principles and protocols?
Thank you for these questions Ricardo. It gets to the core of what actually matters, because recognizing the problem is one thing, but knowing what to build is where everything either moves forward or stalls.
At a high level, there are five layers that need to be built in parallel, not sequentially:
1. Design Principles (the “why” layer)
Most software today optimizes for engagement, not human outcomes. That has to flip. The guiding principles should be:
Human agency over algorithmic control
Transparency over opacity
Alignment with long-term outcomes, not short-term metrics
Systems that help users reach “first value” quickly, instead of trapping them in complexity or passive consumption
If the incentives at this layer are wrong, everything built on top of it will drift in the same direction.
2. Architecture (the “how it’s structured” layer)
We need a shift away from centralized, extractive platforms toward:
Modular, interoperable systems
User-owned data layers
Intent-driven architectures instead of feed-driven architectures
Traditional software engineering already separates requirements, architecture, implementation, and testing as distinct phases , but what’s missing is intent as a first-class input. Right now, systems respond to behavior. They should respond to declared intent.
3. Societal Layer (the “where it lives” layer)
This isn’t just a technical gap, it’s a coordination gap:
No shared standards for ethical software behavior
No enforcement mechanisms for misaligned systems
Limited interdisciplinary collaboration between technologists, policymakers, and behavioral scientists
Historically, even collaboration across domains in software has been weak due to structural barriers . That has to be intentionally redesigned.
4. Technology Gaps (the “what’s missing” layer)
Some key gaps that need to be filled:
Real-time intent modeling (not just predictive analytics)
Systems that can explain why they are making decisions
Better human-in-the-loop systems instead of full automation
Tooling that reduces complexity for builders, not just users
Even in current software tooling, usability and clarity issues prevent adoption of better practices . That’s a signal that better tools alone are not enough, they must be usable and aligned with human workflows.
5. Build Principles & Protocols (the “execution” layer)
This is where things become concrete:
Iterative, feedback-driven development (prototyping over rigid planning)
Continuous validation with real users, not assumptions
Clear metrics tied to outcomes, not vanity engagement
Modern software development already shows that rigid, linear models fail in complex systems, and iterative approaches with user feedback perform better . The difference now is what we choose to optimize for.
---
The deeper truth behind all of this:
We don’t just need better software. We need a new operating system for how software is conceived.
Right now, most systems are built to react to behavior.
What needs to be built are systems that align with human intent, relationships, and outcomes.
That’s the gap.
And that’s the opportunity.
Your Intent Matters, All are welcome! For more information please send me a direct message or visit my Substack Website:
https://glinicomn.substack.com/
Instructive post. Well explained. 🙌🏽
This is a terrifyingly accurate diagnosis of our "house of cards."
We keep trying to fix the problem with better policies and "safer" software, but the reality is that the architecture itself is the vulnerability like you said.
Sovereignty isn't safe until it runs on physics, not just software.
We need a system where privacy isn't a promise made by a corporation, but a law of the hardware metabolism.
Biggest issue underlying what you’ve so expertly stated is that those in government and board rooms are woefully ignorant about IT “anything” and they need your kind of expertise at the table. 🇨🇦
4/14/2026 ~ 90Days that changed the race🏁🤖♾️
https://claude.ai/public/artifacts/97342364-8276-449e-8f6b-4b935be4699f
Grace and peace to you sister, Semper Fortis!
Hard to reconcile in a world of let’s release the minimum viable product and work out the kinks as they come. We need a Ralph Nader of tech.
Or Conectrr.
Please visit my latest project, if you have any questions please let me know.
Substack:
https://substack.com/@glinicomn
Substack Website:
https://glinicomn.substack.com/
Thank you Sinead for the explanation, why this matters and how to think about this threat. As a lay person who is following AI closely, I am curious at the speed of happenings. It feels like I am running along side a train, expecting to catch up and jump in. Just as I think I have a handle on where to focus my attention the conversation shifts. I wonder if this is where the public apathy comes from that I often see. Maybe folks are fascinated, then fearful, then apathetic.
Also just wanted to say I am a huge fan. Your podcast and posts have me thinking for days. Thank you for what you do!
So that’s why Anthropic stopped the release! Thanks for explaining. The need for guardrails as a topic keeps surfacing. They have to be baked in somehow.
How can we incentivize private companies to proactivelt give a you-know-what about cybersecurity, and make pro-social decisions? Compliance requirements seem to be very after-the-fact for software, as opposed to compliance requirements for the building process like you mention for car crash tests and drug trials. Those are "sticks" anyway, what could be a "carrot" for this?