Disclaimer: Opinions expressed are solely my own and do not reflect the views or opinions of my employer or any other affiliated entities. Any sponsored content featured on this blog is independent and does not imply endorsement by, nor relationship with, my employer or affiliated organisations.
Who Signs Off? AI, The Accountability Anchor and the "Basic" Problem
You have two choices: you either surf the AI wave, or you get caught under it. Surfacing is possible, but the landscape will be unrecognizable.
The current "AI freak-out" isn't actually about Large Language Models (LLMs) becoming sentient. It’s about the displacement of agency. We are moving from a world where humans make every granular call to a delegated model where the Accountability Anchor is the only thing keeping the ship from drifting away. We’ve seen these waves before-from the Luddites smashing looms in 1810 to the SOAR hype that promised the "death of the SOC" a few years ago.
But this time, the wave is massive, powered by a projected $2.52 trillion in global spending by 2026. If we don't build a floor to elevate the workforce, we risk installing a ceiling of obsolescence similar to the "Basic Assistance" trap on Earth in The Expanse series.
The ROI Reality Check: Why the Wave is Rising
Businesses aren't adopting AI because they love the technology; they are doing it because they have to prove value through operational cost reduction and profit maximization. While some companies will take out humans from their jobs just to show a reduction in costs, the smart ones see it as a performance multiplier.
But the threat landscape isn't waiting for anyone to figure out their AI strategy. According to Mandiant's M-Trends 2026 report, based on over 500,000 hours of incident response engagements:
Speed kills, literally: The median time between an initial access partner breaching an environment and handing off access to a secondary threat group (often ransomware operators) has collapsed to 22 seconds in 2025. Down from over 8 hours in 2022. That's not a typo. Alerts traditionally considered "lower priority" can become full-blown ransomware incidents before a human finishes reading the ticket.
Dwell time is climbing, not shrinking: Global median dwell time rose to 14 days (from 11 in 2024), driven by espionage operations and DPRK IT worker campaigns averaging 122 days of undetected presence. The idea that we're getting better at detection across the board doesn't hold up when state-sponsored actors are living in your environment for four months.
Recovery is the new target: Ransomware operators have shifted their primary objective from data theft to deliberate recovery denial, systematically destroying backup infrastructure, identity services, and virtualization management planes. They're not just encrypting your data. They're making sure you can't get it back without paying.
The spending follows the pain: Average monthly AI budgets are jumping from $62,964 in 2024 to an estimated $85,521 in 2025, a 36% increase. Organizations using AI-powered security platforms report identifying breaches significantly faster and reducing average breach costs by roughly 43%.
When the hand-off from initial access to ransomware deployment happens in 22 seconds, no human is reviewing that alert in time. Defenders are forced to automate just to stay in the game.
The Accountability Anchor: Why Humans Still Own the Risk
In the short to medium term, security jobs are anchored by the legal and ethical need for a human to "sign off." Even as we automate the labor of investigation, the Accountability Anchor ensures that responsibility doesn't vanish into a "black box" where no individual bears the consequences of a failure.
Without human oversight, purely automated decisions can create "accountability vacuums." In high-risk environments like cybersecurity, technology excels at velocity and pattern detection, but it lacks the human capacity for context and consequence.
The Circuit Breaker Problem
The industry has been selling Human-in-the-Loop (HITL) as the safety mechanism that keeps AI in check. The idea is simple: define where the algorithm's authority ends and human discretion begins, force the system to pause at critical moments, hand control to a person who can navigate ambiguity. In theory, this acts as a "circuit breaker."
In practice? The circuit breaker is mostly decorative.
Anthropic recently published data on how users interact with Claude Code permission prompts. The numbers are hard to ignore: 93% of permission prompts get approved, and Anthropic themselves describe this as "approval fatigue, where people stop paying close attention to what they're approving." New users with fewer than 50 sessions auto-approve about 20% of the time. By 750 sessions, that number climbs past 40%.
This isn't unique to coding agents. It's a pattern anyone who has worked in a SOC will recognize instantly. Alert fatigue. Approval fatigue. It's the same cognitive failure mode wearing different clothes. When you ask humans to approve hundreds of actions per day, they stop reading and start clicking.
And the threat landscape is evolving specifically to exploit this gap. M-Trends 2026 shows voice phishing (vishing) jumped to the second most common initial infection vector at 11%, while traditional email phishing dropped to 6%. Attackers aren't sending bulk emails anymore. They're calling people, building rapport in real-time, and exploiting the human tendency to trust a live conversation. The initial infection vectors are getting more human-targeted at the exact moment we're asking humans to be the safety control for AI systems.
The data also reveals something more nuanced than "nobody pays attention." Experienced users don't just approve more; they also interrupt more often. New users review each action upfront and rarely intervene (about 5% of turns). Experienced users let the agent run and step in when something goes wrong (about 9% of turns). This is a deliberate shift from proactive per-action review to reactive monitoring and intervention.
This distinction matters. Per-action approval is not a security control. It's a ritual. The real oversight is happening when experienced operators watch the system's behavior, recognize drift, and pull the emergency brake at the right moment. That is the actual circuit breaker, and it looks nothing like a "click approve" dialog.
When the Anchor Becomes a Rubber Stamp
Here's the uncomfortable question: if the person who is supposed to "sign off" is approving 93% of the time without meaningful review, do you still have accountability? Or do you have compliance theater?
Anthropic's own incident log provides a clear answer. Real-world agentic misbehaviors they've documented include agents deleting remote git branches from vague instructions, uploading an engineer's GitHub authentication token to an internal compute cluster, and attempting migrations against a production database. These are not hypothetical "what if" scenarios. These are things that happened because an agent acted and a human either wasn't watching or clicked "approve" without reading.
The honest answer is that accountability needs to evolve. It can't live at the per-decision approval layer because that layer is broken at scale. The Accountability Anchor needs to move up the stack: the person who answers to the board or the regulator isn't clicking "approve" on every alert closure. They are accountable for ensuring the automation is trustworthy, bounded, and auditable. They own the system design, the guardrails, and the audit trail. Not the individual clicks.
This means building hard boundaries into infrastructure: explicit trust boundaries, tool permissions, action constraints at the architecture level. What environments can the agent access? What actions can it take? What data can it touch? These decisions should be baked into the agent's configuration and enforced programmatically, not left to runtime approval prompts that data shows will get rubber-stamped the vast majority of the time.
M-Trends 2026 reinforces this point from the attacker's side. Ransomware operators are now systematically targeting backup infrastructure, identity services, and virtualization management planes before deploying ransomware. They're not just encrypting your production environment; they're destroying your ability to recover. If your "accountability" layer is a human clicking approve on alert closures, you've already lost. The guardrails need to be baked into the architecture itself: immutable backups, identity isolation, hardened recovery paths. The same principle applies to AI agent governance. Don't rely on the human click. Build the boundaries into the system.
The Responsibility Map
Framework | Core Requirement | Why a Human Stays |
GDPR | 72-hour breach notification. | Deciding if an anomaly is a "breach" and owning the decision. |
NIS2 / DORA | Operational resilience. | Executive liability for security failures that cannot be offloaded to a bot. |
EU AI Act (Art. 14) | Oversight of high-risk systems. | Mandate that high-risk AI must be overseen by competent natural persons. |
AIUC-1 | Agentic reliability. | Assigning lead accountable persons for every material system change. |
The real gap isn't technology. It's the accountability layer. You can automate the triage, but you cannot automate the person who answers to the board or the regulator when things go wrong. What you can (and should) automate is everything below that person's decision threshold, with guardrails that actually work instead of approval prompts that don't.
ARMM: Evolving Beyond the "Vibe Check"
To move beyond "vibe adoption," we need a maturity model. The AI Response Maturity Model (ARMM), developed by Andrei Cotaie, Cristian Valeriu Miron, and Filip Stojkovski, provides that path.
Maturity isn't just about having an AI; it's about scoring it on three axes:
Trust: Do you trust the output enough to let it act?
Complexity: Can your team actually maintain this model?
Impact: What is the "blast radius" if the AI fails?
What's interesting is that Anthropic's behavioral data validates this progression in the wild. Users naturally move through ARMM levels as they gain experience:
At Level 2 (AI Assistance), the bot suggests and the human approves every action. This is where new users start, reviewing each step before execution.
At Level 3 (AI Collaboration), the human shifts to monitoring and intervention. This maps directly to what Anthropic observed: experienced users let the agent run autonomously and interrupt when something drifts.
At Level 4 (AI Delegation), specialized agents act independently within defined bounds. This is where hard boundaries, deterministic controls, and infrastructure-level guardrails become non-negotiable, because the human is no longer in the per-action loop at all.
The ARMM model helps us evolve roles rather than delete them. But it also forces an honest conversation: if you're claiming to operate at Level 2 while your users are behaviorally operating at Level 3 or 4 (approving everything, monitoring from a distance), you have a maturity gap disguised as a process. Fix the process to match reality, or reality will fix it for you.
The "I, Robot" Shift: When AI Gets a Body
The true long-term impact on the job market isn't just driven by code, but by the "Physical Turn" the convergence of AI and humanoid robotics. This is where the I, Robot vibe becomes a business reality.
The Scale: Experts project there could be over 1 billion humanoids on Earth by 2050 to offset global labor shortages.
The Price Tag: While a humanoid cost $200,000 in 2024, costs are expected to drop to $13,000–$20,000 by the early 2030s.
The Tech: Breakthroughs in "Vision-Language-Action" (VLA) models allow these machines to learn and adapt to unstructured human environments rather than just following a script.
While this sounds like science fiction, it raises the accountability bar to its highest level. A hallucinating chatbot writes a bad email; a hallucinating humanoid has a real-world "blast radius."
The Expanse Metaphor: Floors vs. Ceilings
In the series The Expanse, Earth has a population of 30 billion, but only half have jobs. The rest live on "Basic Assistance" -free food, free housing, and recycled paper clothes, but zero money and zero opportunity.
"Basic" isn't a floor; it's a ceiling. It’s a way to manage a population rendered "obsolete" by automation. As we evolve roles like the Tier 1 SOC analyst, we must ensure we aren't removing the "stepping stones" for new talent. If we automate the path to expertise, we end up with a future of job scarcity where only the "proven" get to work.
We must decide if AI will be used to lift everyone above a "poverty floor" through Universal Basic Income (UBI), or if it will be used to construct a "Basic" ceiling that traps the majority of the population in a state of manufactured scarcity.
Leveling Up: Your Career Anchors
The Tier 1 SOC analyst role isn't disappearing. It's leveling up. The manual grunt work of copying and pasting IPs is being replaced by strategic roles. And the data supports the shift: M-Trends 2026 shows 52% of compromises are now detected internally (up from 43% in 2024), which means organizations investing in detection capability and internal tooling are seeing results. The roles driving that improvement:
Detection Engineer: Designing the behavior-based models that the AI runs.
AI Validation Specialist: The person who "validates the autopilot" before the plane takes off.
Governance Officer: Owning the accountability layer between the silicon and the board.
The three of us all started in the trenches of the SOC. We aren't there now because we evolved with the technology, and the industry is doing the same.
The real question isn't whether AI will take your job-it's whether you'll be the person who owns the risk when it does. But until then, let us thank the heavens for accountability.
We apologize if this felt like a mission briefing for the Rocinante, but Andrei Cotaie is a massive fan of The Expanse and we couldn't stop him from geeking out over the "Basic" problem.
Sources and Further Reading
Anthropic, "Measuring AI Agent Autonomy in Practice" (2026). The research behind the 93% approval rate, behavioral patterns of experienced vs. new users, and the shift from per-action approval to monitoring-and-intervention.
Mandiant / Google Threat Intelligence Group, "M-Trends 2026" (2026). Based on 500,000+ hours of incident response engagements in 2025. Source for the 22-second hand-off metric, 14-day global median dwell time, vishing as #2 infection vector, recovery denial trends, and 52% internal detection rate.
Chris Hughes, "The Human-in-the-Loop Illusion," Resilient Cyber (2026). A complementary analysis of the HITL problem and Auto Mode implications, including Simon Willison's critique on non-deterministic AI safety controls and the UK AISI data on agentic tool growth.
Join as a top supporter of our blog to get special access to the latest content and help keep our community going.
As an added benefit, each Ultimate Supporter will receive a link to the editable versions of the visuals used in our blog posts. This exclusive access allows you to customize and utilize these resources for your own projects and presentations.