Now Reading: Build Effective Programs That Work
-
01
Build Effective Programs That Work
1
00:00:00,000 –> 00:00:02,140
Most leaders think governance controls AI.
2
00:00:02,140 –> 00:00:02,940
It doesn’t.
3
00:00:02,940 –> 00:00:05,900
People do policies don’t make decisions at 4 p.m.
4
00:00:05,900 –> 00:00:08,940
when a model drifts or a copilot surfaces salary data
5
00:00:08,940 –> 00:00:09,820
in a board deck.
6
00:00:09,820 –> 00:00:10,560
You do.
7
00:00:10,560 –> 00:00:13,380
The organizations that wind define intent, decision rights,
8
00:00:13,380 –> 00:00:16,260
and escalation before the incident, then enforce them.
9
00:00:16,260 –> 00:00:17,500
Here’s what you’ll get today.
10
00:00:17,500 –> 00:00:20,980
A first draft stewardship russi, a 90-day plan you can run,
11
00:00:20,980 –> 00:00:23,380
a use case inventory structure that scales,
12
00:00:23,380 –> 00:00:26,180
and an escalation workflow that works in minutes, not weeks.
13
00:00:26,180 –> 00:00:27,900
Microsoft is our reference architecture,
14
00:00:27,900 –> 00:00:30,620
an intra-per-view copilot responsible AI,
15
00:00:30,620 –> 00:00:34,020
so you can align decisions without touching a console.
16
00:00:34,020 –> 00:00:36,040
Act one, why governance fails?
17
00:00:36,040 –> 00:00:38,020
Governance fails on contact with reality
18
00:00:38,020 –> 00:00:39,980
because it assumes controls are the system.
19
00:00:39,980 –> 00:00:40,580
They are not.
20
00:00:40,580 –> 00:00:42,660
The system is people making distributed decisions
21
00:00:42,660 –> 00:00:44,660
fast within complete information.
22
00:00:44,660 –> 00:00:47,980
Shadow AI, pilot forever culture, and exception creep,
23
00:00:47,980 –> 00:00:51,180
turn deterministic designs into probabilistic ones,
24
00:00:51,180 –> 00:00:54,100
over time dashboards without owners become theater.
25
00:00:54,100 –> 00:00:56,060
Incidents become lawful but awful.
26
00:00:56,060 –> 00:00:58,300
The accountability gap shows up three ways.
27
00:00:58,300 –> 00:01:00,820
Attributability, answerability, and authority.
28
00:01:00,820 –> 00:01:02,760
Attributing outcomes to values fails
29
00:01:02,760 –> 00:01:04,380
when nobody owns the intent.
30
00:01:04,380 –> 00:01:06,420
Answerability collapses when the only artifact
31
00:01:06,420 –> 00:01:07,700
is a policy PDF.
32
00:01:07,700 –> 00:01:10,780
Authority disappears when no one can stop revenue for safety.
33
00:01:10,780 –> 00:01:13,020
This is not a tooling problem, it’s an ownership problem.
34
00:01:13,020 –> 00:01:14,900
If you’re a Cairo, your decision here
35
00:01:14,900 –> 00:01:16,740
is to define decision surfaces
36
00:01:16,740 –> 00:01:18,980
where human judgment must overrule model output
37
00:01:18,980 –> 00:01:20,700
and who is accountable at each surface.
38
00:01:20,700 –> 00:01:24,220
If you run IT, your decision is to validate enforceability.
39
00:01:24,220 –> 00:01:26,420
Identity and data boundaries must reflect
40
00:01:26,420 –> 00:01:28,340
those surfaces, not wishful org charts.
41
00:01:28,340 –> 00:01:30,540
If you lead data or product, your responsibility
42
00:01:30,540 –> 00:01:33,940
is to map actual decisions in the workflow, who triggers them,
43
00:01:33,940 –> 00:01:36,420
what inputs they consume and how harm is detected.
44
00:01:36,420 –> 00:01:38,860
If you own a business outcome, your responsibility
45
00:01:38,860 –> 00:01:41,380
is to accept or decline residual risk in writing.
46
00:01:41,380 –> 00:01:44,020
Now the uncomfortable truth, entra, purview, and co-pilot
47
00:01:44,020 –> 00:01:46,500
will amplify your intent or your entropy.
48
00:01:46,500 –> 00:01:48,940
Identity without stopship authority is noise,
49
00:01:48,940 –> 00:01:51,060
labels without ownership or wallpaper.
50
00:01:51,060 –> 00:01:52,340
Co-pilot is not leaking.
51
00:01:52,340 –> 00:01:54,620
Your governance is through overshared sites,
52
00:01:54,620 –> 00:01:56,340
open links, and often agents.
53
00:01:56,340 –> 00:01:57,740
The fix is not another policy.
54
00:01:57,740 –> 00:02:00,260
Its stewardship, continuous human ownership
55
00:02:00,260 –> 00:02:03,500
of AI intent, behavior, and outcomes, evidence patterns
56
00:02:03,500 –> 00:02:05,420
are everywhere.
57
00:02:05,420 –> 00:02:06,900
Often AI.
58
00:02:06,900 –> 00:02:08,980
Agents and connectors with no owner.
59
00:02:08,980 –> 00:02:11,980
Still acting, exception creep, temporary bypasses
60
00:02:11,980 –> 00:02:13,500
that never expire.
61
00:02:13,500 –> 00:02:16,500
Dashboards without owners, red metrics, nobody can pause.
62
00:02:16,500 –> 00:02:17,580
Shadow AI.
63
00:02:17,580 –> 00:02:20,460
Teams using personal tenants and unmanaged plugins
64
00:02:20,460 –> 00:02:22,380
because sanctioned parts are slow.
65
00:02:22,380 –> 00:02:24,780
Governance theater, committees that write principles
66
00:02:24,780 –> 00:02:26,140
but never adjudicate incidents.
67
00:02:26,140 –> 00:02:28,260
If you’re a coyote, this is where you must step in.
68
00:02:28,260 –> 00:02:31,700
Set risk appetite per domain and the non-delegable decisions,
69
00:02:31,700 –> 00:02:32,940
including kill switch rules.
70
00:02:32,940 –> 00:02:35,340
If you run IT, this is where people will expect answers
71
00:02:35,340 –> 00:02:37,700
from you, who can invoke which capability,
72
00:02:37,700 –> 00:02:41,220
under which conditions, joiners, movers, levers, service
73
00:02:41,220 –> 00:02:44,340
principles, default deny for sensitive scopes.
74
00:02:44,340 –> 00:02:47,980
If you lead data or product, you decide fitness, lineage,
75
00:02:47,980 –> 00:02:50,540
consent provenance, representativeness,
76
00:02:50,540 –> 00:02:52,300
and unlearning parts per use case.
77
00:02:52,300 –> 00:02:55,020
If you own the business, you decide consequence.
78
00:02:55,020 –> 00:02:57,900
When value is paused, degraded, or retired.
79
00:02:57,900 –> 00:03:00,140
The checkpoint, if policy isn’t stopping drift,
80
00:03:00,140 –> 00:03:01,500
your model is wrong.
81
00:03:01,500 –> 00:03:03,620
Reset to stewardship, define principles, roles,
82
00:03:03,620 –> 00:03:06,060
decision rights, and escalation, then bind intent
83
00:03:06,060 –> 00:03:08,540
to enter and purview and treat co-pilot governance
84
00:03:08,540 –> 00:03:11,820
as your proof of model breakage, not its cause.
85
00:03:11,820 –> 00:03:14,140
The accountability gap in enterprise AI.
86
00:03:14,140 –> 00:03:16,820
Most organizations treat accountability as a document.
87
00:03:16,820 –> 00:03:17,740
It is not.
88
00:03:17,740 –> 00:03:20,660
In AI, accountability is a design property
89
00:03:20,660 –> 00:03:24,580
of your operating model, who sets intent, who explains outcomes,
90
00:03:24,580 –> 00:03:27,380
and who can stop revenue for safety.
91
00:03:27,380 –> 00:03:29,420
Miss anyone and drift turns from a nuisance
92
00:03:29,420 –> 00:03:32,860
into an inevitability, adoption always outpaces control.
93
00:03:32,860 –> 00:03:33,620
That’s normal.
94
00:03:33,620 –> 00:03:35,780
The problem starts where ownership evaporates
95
00:03:35,780 –> 00:03:38,020
at the decision surface, where a system
96
00:03:38,020 –> 00:03:40,940
suggests a human accepts, and no one can attribute
97
00:03:40,940 –> 00:03:43,060
the value trade-off that just happened.
98
00:03:43,060 –> 00:03:44,980
You’re running a distributed decision engine,
99
00:03:44,980 –> 00:03:46,180
policy sit on the shelf.
100
00:03:46,180 –> 00:03:48,620
Decisions happen in chat, in email inside co-pilot
101
00:03:48,620 –> 00:03:51,700
and in code that one team controls, but 10 teams depend on.
102
00:03:51,700 –> 00:03:53,340
Three gaps define the exposure.
103
00:03:53,340 –> 00:03:54,460
First, whose values?
104
00:03:54,460 –> 00:03:56,860
If product defines faster claims, legal assumes,
105
00:03:56,860 –> 00:03:59,500
fair claims, and finance rewards, cheaper claims,
106
00:03:59,500 –> 00:04:01,300
you’ve encoded three incompatible intents
107
00:04:01,300 –> 00:04:02,980
without an adjudicator.
108
00:04:02,980 –> 00:04:04,380
Second, who explains?
109
00:04:04,380 –> 00:04:07,140
If a toxic combination of prompts, data, and defaults
110
00:04:07,140 –> 00:04:09,020
yields a lawful but awful denial,
111
00:04:09,020 –> 00:04:12,060
can anyone reconstruct the inputs, the model behavior,
112
00:04:12,060 –> 00:04:14,780
and the human acceptance that made it stick?
113
00:04:14,780 –> 00:04:15,980
Third, who can stop revenue?
114
00:04:15,980 –> 00:04:17,740
If a safety hit occurs in peak season
115
00:04:17,740 –> 00:04:19,940
and no one is empowered to pause the agent,
116
00:04:19,940 –> 00:04:23,180
your organization just chose velocity over trust by a mission.
117
00:04:23,180 –> 00:04:24,700
Why this happens is structural.
118
00:04:24,700 –> 00:04:26,980
Your environment is a web of distributed services,
119
00:04:26,980 –> 00:04:28,900
vendor models, and exception rules.
120
00:04:28,900 –> 00:04:31,740
Conditional logic stacks until it becomes conditional chaos.
121
00:04:31,740 –> 00:04:34,700
Point tools proliferate, vendor commitments dilute.
122
00:04:34,700 –> 00:04:36,980
Meanwhile, the graph of authorization decisions,
123
00:04:36,980 –> 00:04:40,780
identity, device, data label, tenant boundary,
124
00:04:40,780 –> 00:04:43,620
shifts daily as people move, projects end,
125
00:04:43,620 –> 00:04:45,460
and share links sprawl.
126
00:04:45,460 –> 00:04:49,060
Over time, a deterministic design becomes a probabilistic system.
127
00:04:49,060 –> 00:04:50,660
It will eventually surface the wrong thing
128
00:04:50,660 –> 00:04:53,020
to the right person or the right thing to the wrong person.
129
00:04:53,020 –> 00:04:55,900
You’ll see early signals, reviews arrive late,
130
00:04:55,900 –> 00:04:58,380
after deployment pressure made them ceremonial.
131
00:04:58,380 –> 00:05:01,300
Incidents are lawful but awful, perfectly compliant,
132
00:05:01,300 –> 00:05:03,460
yet reputationally damaging.
133
00:05:03,460 –> 00:05:06,300
Board risk letters mention AI as a thematic exposure
134
00:05:06,300 –> 00:05:09,100
without named owners, often bots keep working.
135
00:05:09,100 –> 00:05:11,580
Temporary exceptions never expire, dashboards grow,
136
00:05:11,580 –> 00:05:12,460
but stops don’t.
137
00:05:12,460 –> 00:05:13,780
These are not accidents.
138
00:05:13,780 –> 00:05:15,940
They are symptoms of missing decision rights.
139
00:05:15,940 –> 00:05:17,860
If you’re a coyote, your decision here
140
00:05:17,860 –> 00:05:20,500
is to define decision surfaces explicitly,
141
00:05:20,500 –> 00:05:23,620
where human judgment must apply, what evidence is required,
142
00:05:23,620 –> 00:05:27,220
and who holds the pen to accept residual risk.
143
00:05:27,220 –> 00:05:30,100
Publish a short list of non-delegables, prohibited uses,
144
00:05:30,100 –> 00:05:32,860
forced human review zones, and stop-ship conditions.
145
00:05:32,860 –> 00:05:33,820
Tie them to incentives.
146
00:05:33,820 –> 00:05:36,980
If you run IT, your decision is to make enforceability real.
147
00:05:36,980 –> 00:05:38,700
Identity is the control plane.
148
00:05:38,700 –> 00:05:40,580
Bind, who can invoke which capability
149
00:05:40,580 –> 00:05:42,220
under which conditions to enter.
150
00:05:42,220 –> 00:05:44,340
Close joiner, mover, lever gaps,
151
00:05:44,340 –> 00:05:47,540
resertify service principles, kill onalous agents,
152
00:05:47,540 –> 00:05:49,300
default deny sensitive scopes.
153
00:05:49,300 –> 00:05:50,820
Your measure is not policy pages,
154
00:05:50,820 –> 00:05:53,020
its access turned off when ownership ends.
155
00:05:53,020 –> 00:05:55,140
If you leave data or product, your responsibility
156
00:05:55,140 –> 00:05:56,860
is to make decisions traceable.
157
00:05:56,860 –> 00:05:59,860
For each use case, prove lineage, consent provenance,
158
00:05:59,860 –> 00:06:02,500
representativeness, and unlearning paths.
159
00:06:02,500 –> 00:06:05,420
Decide the explainability level required for the domain,
160
00:06:05,420 –> 00:06:08,140
then instrument prompts grounding data and outputs,
161
00:06:08,140 –> 00:06:11,900
so post-incident reconstruction takes minutes, not weeks.
162
00:06:11,900 –> 00:06:14,300
If you own the business outcome, your responsibility
163
00:06:14,300 –> 00:06:17,220
is to accept or decline residual risk in writing.
164
00:06:17,220 –> 00:06:19,260
That acceptance must list the harms you’ll tolerate
165
00:06:19,260 –> 00:06:22,060
for the value you want, the indicators that trigger a pause,
166
00:06:22,060 –> 00:06:23,940
and the rollback cost you agree to carry.
167
00:06:23,940 –> 00:06:25,180
No acceptance, no go.
168
00:06:25,180 –> 00:06:27,740
Now the co-pilot case pattern, overshared sharepoint
169
00:06:27,740 –> 00:06:30,820
and open links let co-pilot surface salary or health data
170
00:06:30,820 –> 00:06:32,540
into a perfectly innocent prompt.
171
00:06:32,540 –> 00:06:33,740
The assistant did not leak.
172
00:06:33,740 –> 00:06:36,780
Your governance did, by allowing broad read access
173
00:06:36,780 –> 00:06:39,980
and unlabeled content to live beside sensitive data.
174
00:06:39,980 –> 00:06:43,660
The lesson, data boundaries and identity rules and code intent.
175
00:06:43,660 –> 00:06:46,380
If they encode entropy, co-pilot will amplify entropy.
176
00:06:46,380 –> 00:06:48,020
Shadow AI follows the same law.
177
00:06:48,020 –> 00:06:50,740
Teams root to personal tenants or unmanaged plugins
178
00:06:50,740 –> 00:06:52,980
when sanctioned parts are slower than business need.
179
00:06:52,980 –> 00:06:54,260
The fix is not prohibition.
180
00:06:54,260 –> 00:06:56,580
It’s a faster yes with intake, audit only pilots
181
00:06:56,580 –> 00:06:58,260
and clear escalation.
182
00:06:58,260 –> 00:07:01,100
If the path to yes is slower than a credit card,
183
00:07:01,100 –> 00:07:03,140
you will be surprised in production.
184
00:07:03,140 –> 00:07:05,180
If you’re a coyote, this is where you must step in.
185
00:07:05,180 –> 00:07:07,140
Set a risk taxonomy and a cadence
186
00:07:07,140 –> 00:07:09,180
where escalations are resolved within hours.
187
00:07:09,180 –> 00:07:12,140
If you run IT, this is where people will expect answers from you,
188
00:07:12,140 –> 00:07:14,620
identity conditions that prevent drift by default.
189
00:07:14,620 –> 00:07:18,060
If you lead data or product, decide what evidence proves data fitness.
190
00:07:18,060 –> 00:07:21,300
If you own the business, decide what you will pause and when.
191
00:07:21,300 –> 00:07:23,740
Close the gap by converting values into decision rights,
192
00:07:23,740 –> 00:07:26,500
evidence into traceability and policy into stopping power.
193
00:07:26,500 –> 00:07:29,300
Stewardship makes those choices visible and enforceable.
194
00:07:29,300 –> 00:07:30,980
Governance alone does not.
195
00:07:30,980 –> 00:07:32,980
Why AI governance alone fails?
196
00:07:32,980 –> 00:07:34,580
Policies don’t make decisions.
197
00:07:34,580 –> 00:07:35,380
People do.
198
00:07:35,380 –> 00:07:37,540
That’s why AI governance standing alone
199
00:07:37,540 –> 00:07:40,180
turns into performance at the moment it meets a live system
200
00:07:40,180 –> 00:07:42,580
with deadlines, incentives and ambiguity.
201
00:07:42,580 –> 00:07:43,940
A policy can state values.
202
00:07:43,940 –> 00:07:45,900
It cannot adjudicate a 4-P.M. trade-off
203
00:07:45,900 –> 00:07:49,140
when a model is useful, unreliable and already embedded in revenue.
204
00:07:49,140 –> 00:07:50,980
The foundational mistake is treating governance
205
00:07:50,980 –> 00:07:53,900
as documentation rather than as a source of stopping power.
206
00:07:53,900 –> 00:07:56,100
Checklists, model cards and DPAs are necessary,
207
00:07:56,100 –> 00:07:57,260
but they are not authority.
208
00:07:57,260 –> 00:07:59,420
Without named owners and time box adjudication,
209
00:07:59,420 –> 00:08:01,020
they become polite delay.
210
00:08:01,020 –> 00:08:02,660
Once velocity exceeds review cadence,
211
00:08:02,660 –> 00:08:05,460
exception spread, you’ve built a deterministic intent
212
00:08:05,460 –> 00:08:07,820
and then allowed probabilistic execution.
213
00:08:07,820 –> 00:08:10,540
Audits don’t save you because audits like reality.
214
00:08:10,540 –> 00:08:13,140
An AI system is a distributed decision engine operating
215
00:08:13,140 –> 00:08:14,100
continuously.
216
00:08:14,100 –> 00:08:16,300
By the time an annual review notices drift,
217
00:08:16,300 –> 00:08:18,060
users have normalized workarounds, prompts
218
00:08:18,060 –> 00:08:19,580
have evolved and third party agents
219
00:08:19,580 –> 00:08:21,660
have plugged themselves into your workflows.
220
00:08:21,660 –> 00:08:24,220
If you’re relying on dashboards to infer ownership,
221
00:08:24,220 –> 00:08:25,700
you’ve already lost the thread.
222
00:08:25,700 –> 00:08:26,860
Dashboards aren’t ownership.
223
00:08:26,860 –> 00:08:28,860
A green metric has never paused the release.
224
00:08:28,860 –> 00:08:31,060
An amber box has never convened a quorum.
225
00:08:31,060 –> 00:08:33,020
Metrics are instruments, not governors.
226
00:08:33,020 –> 00:08:34,980
In practice, governance fails,
227
00:08:34,980 –> 00:08:37,500
when no one has the authority or the incentive
228
00:08:37,500 –> 00:08:40,100
to say stop and take the economic hit.
229
00:08:40,100 –> 00:08:43,460
That gap is where lawful but awful incidents breed.
230
00:08:43,460 –> 00:08:44,820
Exception creep does the rest.
231
00:08:44,820 –> 00:08:47,620
Every temporary bypass converts a deterministic rule
232
00:08:47,620 –> 00:08:48,860
into a probabilistic one.
233
00:08:48,860 –> 00:08:50,740
They accumulate, they never expire.
234
00:08:50,740 –> 00:08:52,620
Your system stops behaving according to policy
235
00:08:52,620 –> 00:08:54,820
and starts behaving according to permissions, brawl.
236
00:08:54,820 –> 00:08:57,540
In copilot terms, the assistant didn’t change.
237
00:08:57,540 –> 00:08:58,780
Your substrate did.
238
00:08:58,780 –> 00:09:01,220
Overshared sites, open links and ownerless agents
239
00:09:01,220 –> 00:09:02,740
became the real policy.
240
00:09:02,740 –> 00:09:04,140
This is the uncomfortable truth.
241
00:09:04,140 –> 00:09:07,540
Controls are inert until a human uses them to enforce intent.
242
00:09:07,540 –> 00:09:08,580
Entra can deny.
243
00:09:08,580 –> 00:09:11,100
Per view can contain, copilot can log and attribute.
244
00:09:11,100 –> 00:09:13,540
None of that matters if no one owns the decision surface
245
00:09:13,540 –> 00:09:16,180
where denial, containment or pause is chosen under pressure.
246
00:09:16,180 –> 00:09:18,220
If you’re a Cairo, your decision here
247
00:09:18,220 –> 00:09:20,580
is to convert governance into stopping power.
248
00:09:20,580 –> 00:09:22,860
Publish a short list of non-delegable decisions
249
00:09:22,860 –> 00:09:25,140
with named owners, evidence requirements,
250
00:09:25,140 –> 00:09:26,660
and adjudication SLAs.
251
00:09:26,660 –> 00:09:28,780
Set explicit kills which rules tied to risk tiers
252
00:09:28,780 –> 00:09:31,260
and clarify who accepts residual risk in writing.
253
00:09:31,260 –> 00:09:33,820
Protect this cadence from quarterly revenue pressure.
254
00:09:33,820 –> 00:09:36,660
If you run IT, your decision is to bind authority
255
00:09:36,660 –> 00:09:39,420
to the control plane, tie stopship and pause authority
256
00:09:39,420 –> 00:09:41,220
to identity groups in entra.
257
00:09:41,220 –> 00:09:43,980
Default deny sensitive AI scopes unless a named owner
258
00:09:43,980 –> 00:09:45,140
is on record.
259
00:09:45,140 –> 00:09:46,980
Resertify service principles on a timer
260
00:09:46,980 –> 00:09:49,140
and shut down ownerless agents automatically.
261
00:09:49,140 –> 00:09:52,060
Your measure is revocations executed when ownership ends.
262
00:09:52,060 –> 00:09:55,020
If you lead data or product, your responsibility
263
00:09:55,020 –> 00:09:59,140
is to move beyond, we logged it, too, we can reconstruct it.
264
00:09:59,140 –> 00:10:01,460
Instrument prompts grounding data and outputs
265
00:10:01,460 –> 00:10:04,380
so that post-incident review produces an explainable chain
266
00:10:04,380 –> 00:10:05,020
in minutes.
267
00:10:05,020 –> 00:10:07,340
Decide the explainability level per domain
268
00:10:07,340 –> 00:10:08,500
and build the evidence.
269
00:10:08,500 –> 00:10:10,980
If it can’t be explained, it can’t be defended.
270
00:10:10,980 –> 00:10:13,740
If you own the business outcome, your responsibility
271
00:10:13,740 –> 00:10:14,500
is consequence.
272
00:10:14,500 –> 00:10:17,020
Define when you will pause value for safety,
273
00:10:17,020 –> 00:10:20,180
what degraded modes are acceptable, and how rollback costs
274
00:10:20,180 –> 00:10:20,780
are carried.
275
00:10:20,780 –> 00:10:22,340
Don’t outsource this to policy.
276
00:10:22,340 –> 00:10:23,220
Own the trade-offs.
277
00:10:23,220 –> 00:10:24,260
Write them down.
278
00:10:24,260 –> 00:10:26,300
Consider the co-pilot case pattern.
279
00:10:26,300 –> 00:10:28,180
A leader asks for a headcount trend.
280
00:10:28,180 –> 00:10:30,020
Co-pilot surfaces an elegant chart
281
00:10:30,020 –> 00:10:31,980
grounded on a SharePoint folder that includes
282
00:10:31,980 –> 00:10:34,620
an unlabeled salary export, nothing broke.
283
00:10:34,620 –> 00:10:37,620
Identity and data policy encoded entropy, not intent.
284
00:10:37,620 –> 00:10:39,500
A policy saying, “protect sensitive data
285
00:10:39,500 –> 00:10:41,340
didn’t prevent exposure because no one
286
00:10:41,340 –> 00:10:43,700
owned the read surface or the share links, life spans.”
287
00:10:43,700 –> 00:10:45,820
Stewardship fixes that by forcing ownership,
288
00:10:45,820 –> 00:10:47,260
expiry, and escalation.
289
00:10:47,260 –> 00:10:49,020
Shadow AI exposes the same floor.
290
00:10:49,020 –> 00:10:52,420
Teams go off-tenant because sanctioned paths are slow or unclear.
291
00:10:52,420 –> 00:10:55,540
A policy banning shadow tools won’t survive a Q3 target.
292
00:10:55,540 –> 00:10:57,620
A stewarded intake with audit only pilots
293
00:10:57,620 –> 00:10:59,980
and a deterministic escalation path will.
294
00:10:59,980 –> 00:11:02,020
The difference is speed to yes and a human
295
00:11:02,020 –> 00:11:04,180
with pause authority when signals turn.
296
00:11:04,180 –> 00:11:06,300
Governance names, the principles.
297
00:11:06,300 –> 00:11:08,380
Stewardship enforces them at speed.
298
00:11:08,380 –> 00:11:10,980
If you’re still writing policies after your first incident,
299
00:11:10,980 –> 00:11:12,380
you’re documenting drift.
300
00:11:12,380 –> 00:11:15,060
Appoint the owners, tie decisions to identity,
301
00:11:15,060 –> 00:11:16,980
make escalation work in minutes, not weeks.
302
00:11:16,980 –> 00:11:20,580
Then let the tools amplify your intent, not your entropy.
303
00:11:20,580 –> 00:11:22,700
What AI stewardship really means.
304
00:11:22,700 –> 00:11:24,220
Stewardship is not a committee.
305
00:11:24,220 –> 00:11:26,780
It is continuous human ownership of AI intent,
306
00:11:26,780 –> 00:11:28,860
behavior and outcomes expressed as decisions
307
00:11:28,860 –> 00:11:31,940
you can enforce at speed, governance states values.
308
00:11:31,940 –> 00:11:34,180
Stewardship executes them under pressure.
309
00:11:34,180 –> 00:11:35,940
Start with the definition.
310
00:11:35,940 –> 00:11:38,220
AI stewardship is the operating discipline
311
00:11:38,220 –> 00:11:40,140
that keeps three loops alive.
312
00:11:40,140 –> 00:11:42,980
Intent is set and refreshed, behavior is monitored
313
00:11:42,980 –> 00:11:46,660
and corrected, outcomes are owned, and when necessary reversed.
314
00:11:46,660 –> 00:11:48,660
It turns principles into decisions, decisions
315
00:11:48,660 –> 00:11:50,700
into authority and authority into action.
316
00:11:50,700 –> 00:11:52,420
If you’re a Cairo, your decision here
317
00:11:52,420 –> 00:11:55,060
is to declare stewardship as a program, not a project,
318
00:11:55,060 –> 00:11:56,740
funded, staffed, and measured.
319
00:11:56,740 –> 00:11:57,980
Why this matters is simple.
320
00:11:57,980 –> 00:11:59,500
AI does not fail politely.
321
00:11:59,500 –> 00:12:02,020
It fails probabilistically and continuously.
322
00:12:02,020 –> 00:12:03,980
When drift abuse or oversharing appear,
323
00:12:03,980 –> 00:12:05,140
paperwork cannot intervene.
324
00:12:05,140 –> 00:12:05,940
People do.
325
00:12:05,940 –> 00:12:08,100
Stewardship establishes the people, the cadence,
326
00:12:08,100 –> 00:12:10,580
and the escalation that converts signal into pause
327
00:12:10,580 –> 00:12:12,860
or fix before harm compounds.
328
00:12:12,860 –> 00:12:15,700
If you run IT, your decision is to bind that authority
329
00:12:15,700 –> 00:12:18,980
into the control plane, so a stewards pause is not a slack message.
330
00:12:18,980 –> 00:12:20,780
It is a revocation.
331
00:12:20,780 –> 00:12:23,780
What it is not, stewardship is not a policy writer,
332
00:12:23,780 –> 00:12:26,100
a compliance checkpoint or a tool admin.
333
00:12:26,100 –> 00:12:28,500
Those are artifacts, gates, and instruments.
334
00:12:28,500 –> 00:12:31,420
The steward orchestrates the loop across the lifecycle.
335
00:12:31,420 –> 00:12:34,060
Intake, pre-deploy review, post-deploy monitoring,
336
00:12:34,060 –> 00:12:35,820
drift review, and retirement.
337
00:12:35,820 –> 00:12:37,180
And they own escalation.
338
00:12:37,180 –> 00:12:40,900
Triggers, quorum, adjudication window, and stopship authority.
339
00:12:40,900 –> 00:12:43,500
If you lead data or product, your responsibility
340
00:12:43,500 –> 00:12:45,420
is to supply evidence at each checkpoint
341
00:12:45,420 –> 00:12:47,500
that a steward can adjudicate in minutes.
342
00:12:47,500 –> 00:12:48,420
Think lifecycle.
343
00:12:48,420 –> 00:12:51,540
From intake to unlearning, who owns the decision surfaces?
344
00:12:51,540 –> 00:12:54,540
At intake, a steward demands intent clarity, data plan,
345
00:12:54,540 –> 00:12:56,780
harms analysis, and exit criteria.
346
00:12:56,780 –> 00:12:59,500
Pre-deploy, they convene the quorum to confirm controls,
347
00:12:59,500 –> 00:13:01,020
red team results, and owners.
348
00:13:01,020 –> 00:13:04,780
Post-deploy, they watch signals, confidence, content safety,
349
00:13:04,780 –> 00:13:07,060
sentiment spikes, unusual grounding,
350
00:13:07,060 –> 00:13:08,980
and they escalate when thresholds hit.
351
00:13:08,980 –> 00:13:11,060
Drift review tests, whether performance and equity
352
00:13:11,060 –> 00:13:11,980
still hold.
353
00:13:11,980 –> 00:13:14,660
Retirement defines triggers, notices, and data unlearning.
354
00:13:14,660 –> 00:13:16,740
If you own the business, your responsibility
355
00:13:16,740 –> 00:13:19,460
is to accept residual risk at intake and reaffirm
356
00:13:19,460 –> 00:13:22,020
or withdraw it at drift review, the minimum viable steward
357
00:13:22,020 –> 00:13:23,500
is small and fast.
358
00:13:23,500 –> 00:13:25,980
One empowered steward, a named executive sponsor,
359
00:13:25,980 –> 00:13:29,540
partners in IT security, legal privacy, data, and the business.
360
00:13:29,540 –> 00:13:32,340
A weekly intake cadence, a same-day escalation window,
361
00:13:32,340 –> 00:13:34,220
evidence artifacts that fit on one page,
362
00:13:34,220 –> 00:13:37,620
if you are a small organization, one person wears three hats,
363
00:13:37,620 –> 00:13:40,500
steward, data owner, and program manager.
364
00:13:40,500 –> 00:13:43,380
Fine, just write down the decision rights and escalation rules
365
00:13:43,380 –> 00:13:44,700
so they survive your calendar.
366
00:13:44,700 –> 00:13:46,380
Now the comparison that matters.
367
00:13:46,380 –> 00:13:49,220
Governance documents values, stewardship executes values,
368
00:13:49,220 –> 00:13:51,700
governance publishes red lines, stewardship pauses
369
00:13:51,700 –> 00:13:53,140
revenue to uphold them.
370
00:13:53,140 –> 00:13:55,580
Governance catalog systems, stewardship names
371
00:13:55,580 –> 00:13:57,460
owners with kill switch authority.
372
00:13:57,460 –> 00:13:59,940
If you’re a KIO, this is where you must step in,
373
00:13:59,940 –> 00:14:03,460
define the non-delegables, the quorum, and the timing.
374
00:14:03,460 –> 00:14:06,420
If you run IT, ensure the stewards authority is real.
375
00:14:06,420 –> 00:14:08,500
Entragroups map to pause actions.
376
00:14:08,500 –> 00:14:10,900
Owneless agents die on a timer, default deny,
377
00:14:10,900 –> 00:14:14,100
protect sensitive scopes, apply it to the co-pilot pattern.
378
00:14:14,100 –> 00:14:16,980
Overshared SharePoint plus OpenLinks plus unlabeled exports
379
00:14:16,980 –> 00:14:19,380
equals co-pilot service salary into a slide.
380
00:14:19,380 –> 00:14:21,220
Governance says label data.
381
00:14:21,220 –> 00:14:24,020
Stewardship assigns an owner, sets link expiry,
382
00:14:24,020 –> 00:14:26,980
monitors exposure, and pauses access when a hit lands,
383
00:14:26,980 –> 00:14:28,260
apply it to shadow AI.
384
00:14:28,260 –> 00:14:29,980
Governance bands off tenant tools.
385
00:14:29,980 –> 00:14:32,100
Stewardship creates an audit-only lane
386
00:14:32,100 –> 00:14:33,740
with intake and fast escalation.
387
00:14:33,740 –> 00:14:35,740
So the path to yes beats a credit card.
388
00:14:35,740 –> 00:14:38,620
If you lead data or product, decide what good enough evidence
389
00:14:38,620 –> 00:14:39,420
looks like.
390
00:14:39,420 –> 00:14:41,740
Lineage, consent, representativeness,
391
00:14:41,740 –> 00:14:44,060
explainability level, rollback plan.
392
00:14:44,060 –> 00:14:47,100
If you own the business, decide consequence upfront.
393
00:14:47,100 –> 00:14:49,900
When to pause, how to degrade, how to communicate,
394
00:14:49,900 –> 00:14:51,140
and who funds a rollback.
395
00:14:51,140 –> 00:14:53,180
The reason this works is architectural.
396
00:14:53,180 –> 00:14:57,060
Entra, purview, and co-pilot amplify whatever intent is encoded.
397
00:14:57,060 –> 00:15:00,260
Stewardship encodes intent as decision rights, identity,
398
00:15:00,260 –> 00:15:02,140
and boundaries that can be enforced.
399
00:15:02,140 –> 00:15:03,980
Without it, you get conditional chaos.
400
00:15:03,980 –> 00:15:05,860
With it, you get deterministic responses
401
00:15:05,860 –> 00:15:06,980
to probabilistic behavior.
402
00:15:06,980 –> 00:15:07,860
That is the job.
403
00:15:07,860 –> 00:15:11,540
Acta 2, the Stewardship model, principles without a rhythm drift,
404
00:15:11,540 –> 00:15:13,980
rolls without authority stall, tools without intent
405
00:15:13,980 –> 00:15:15,500
create conditional chaos.
406
00:15:15,500 –> 00:15:17,100
The Stewardship model fixes all three
407
00:15:17,100 –> 00:15:18,940
by turning values into an operating cadence
408
00:15:18,940 –> 00:15:21,940
with owners, gates, and evidence that survive pressure.
409
00:15:21,940 –> 00:15:23,620
Here’s the frame, principles, roles,
410
00:15:23,620 –> 00:15:25,180
decision rights, escalation.
411
00:15:25,180 –> 00:15:26,580
Four parts, one loop.
412
00:15:26,580 –> 00:15:29,180
It runs from intake to retirement, and it never stops.
413
00:15:29,180 –> 00:15:31,300
If you’re a car, yo, your decision here
414
00:15:31,300 –> 00:15:33,580
is to sponsor this loop as a standing program
415
00:15:33,580 –> 00:15:36,700
with a published cadence, not as a project with a finish line.
416
00:15:36,700 –> 00:15:39,540
If you run IT, your decision is to bind that loop
417
00:15:39,540 –> 00:15:42,340
to identity and data, so ownership is enforceable,
418
00:15:42,340 –> 00:15:43,300
not aspirational.
419
00:15:43,300 –> 00:15:45,820
If you lead data or product, your responsibility
420
00:15:45,820 –> 00:15:48,100
is to deliver the evidence that fuels decisions
421
00:15:48,100 –> 00:15:49,980
that each gate, if you own the business outcome,
422
00:15:49,980 –> 00:15:52,180
your responsibility is to accept or decline risk
423
00:15:52,180 –> 00:15:53,940
on record at the moments that matter.
424
00:15:53,940 –> 00:15:55,700
Start with cadence.
425
00:15:55,700 –> 00:15:57,580
Borough a simple steering rhythm.
426
00:15:57,580 –> 00:16:01,140
Govn, map, measure, manage.
427
00:16:01,140 –> 00:16:03,460
Govn sets principles and decision rights.
428
00:16:03,460 –> 00:16:06,260
Map classifies use cases by risk and context.
429
00:16:06,260 –> 00:16:08,220
Measure tests and monitors fitness.
430
00:16:08,220 –> 00:16:12,140
Manage, mitigates, escalates, and when necessary pauses or retires.
431
00:16:12,140 –> 00:16:13,260
This is not paperwork.
432
00:16:13,260 –> 00:16:15,900
It is a weekly intake, a pre-deployed quorum,
433
00:16:15,900 –> 00:16:18,020
a post-deployed dashboard with triggers,
434
00:16:18,020 –> 00:16:20,180
a drift review on a timer, and a retirement plan
435
00:16:20,180 –> 00:16:21,860
that includes unlearning paths.
436
00:16:21,860 –> 00:16:23,660
That distinction matters.
437
00:16:23,660 –> 00:16:25,260
Convert philosophy to gates.
438
00:16:25,260 –> 00:16:28,540
At intake, the Stuart collects intent, owner, data plan,
439
00:16:28,540 –> 00:16:32,100
harms analysis, and exit criteria on one page.
440
00:16:32,100 –> 00:16:35,460
Pre-deploy, they convene a quorum to review controls,
441
00:16:35,460 –> 00:16:38,780
red team results, and sign the risk acceptance.
442
00:16:38,780 –> 00:16:41,940
Post-deploy, they watch signals and adjudicate thresholds.
443
00:16:41,940 –> 00:16:44,180
Drift review reconferms performance and equity.
444
00:16:44,180 –> 00:16:46,540
Retirement executes triggers and notifies users.
445
00:16:46,540 –> 00:16:49,220
If you’re a cahill, this is where you must step in.
446
00:16:49,220 –> 00:16:52,180
Define quorum roles, set adjudication SLAs,
447
00:16:52,180 –> 00:16:54,780
and protect pause authority from quarterly pressure.
448
00:16:54,780 –> 00:16:56,020
Now decision rights.
449
00:16:56,020 –> 00:16:58,180
Three that never drift, approved to launch,
450
00:16:58,180 –> 00:17:02,100
pause or kill on triggers, and accept residual risk in writing.
451
00:17:02,100 –> 00:17:04,740
Assign them to named people, not job families.
452
00:17:04,740 –> 00:17:07,780
Tie them to identity groups, so the authority is real at 4pm,
453
00:17:07,780 –> 00:17:09,340
not theoretical at 9am.
454
00:17:09,340 –> 00:17:11,980
If you run IT, bind pause to enter groups,
455
00:17:11,980 –> 00:17:14,780
default deny sensitive scopes without an owner on record,
456
00:17:14,780 –> 00:17:15,860
and expire exceptions.
457
00:17:15,860 –> 00:17:18,820
Your measure is actions executed, not policies published.
458
00:17:18,820 –> 00:17:21,500
Escalation is the heartbeat, triggers defined in advance,
459
00:17:21,500 –> 00:17:23,940
a context packet sent with every handoff.
460
00:17:23,940 –> 00:17:27,780
Prompt, output, features, lineage, last changes,
461
00:17:27,780 –> 00:17:30,060
a quorum that meets inside a time box.
462
00:17:30,060 –> 00:17:31,780
Outcomes that are deterministic pause,
463
00:17:31,780 –> 00:17:34,980
degrade, gate, retrain, retire, lock and notify,
464
00:17:34,980 –> 00:17:36,220
learn and update controls.
465
00:17:36,220 –> 00:17:37,820
If you leave data or product,
466
00:17:37,820 –> 00:17:41,380
you decide what evidence makes a five minute decision responsible.
467
00:17:41,380 –> 00:17:44,340
If you own the business, you decide the acceptable degraded modes
468
00:17:44,340 –> 00:17:47,060
and the communication path when value is paused.
469
00:17:47,060 –> 00:17:48,900
Apply this to the co-pilot pattern.
470
00:17:48,900 –> 00:17:50,620
Oversharing is not a co-pilot feature.
471
00:17:50,620 –> 00:17:52,380
It is a boundary failure that stewardship
472
00:17:52,380 –> 00:17:55,700
corrects by enforcing ownership, expiry, and escalation.
473
00:17:55,700 –> 00:17:57,260
Apply it to shadow AI.
474
00:17:57,260 –> 00:17:59,300
The path to yes beats a credit card
475
00:17:59,300 –> 00:18:01,220
because the intake ritual is fast.
476
00:18:01,220 –> 00:18:04,860
Pilots run audit only, and escalations resolve in hours.
477
00:18:04,860 –> 00:18:07,980
Same loop, different context, deterministic outcomes.
478
00:18:07,980 –> 00:18:09,780
The model is simple, the discipline is not,
479
00:18:09,780 –> 00:18:11,900
that’s why we anchor it to a reference architecture
480
00:18:11,900 –> 00:18:13,300
leaders already know.
481
00:18:13,300 –> 00:18:15,180
Microsoft’s responsible AI foundations,
482
00:18:15,180 –> 00:18:17,500
reference architecture, use Microsoft’s foundations
483
00:18:17,500 –> 00:18:19,100
as a map, not a shield.
484
00:18:19,100 –> 00:18:20,660
They give you language for your principles,
485
00:18:20,660 –> 00:18:23,460
a rhythm for your loop and clear places to bind authority.
486
00:18:23,460 –> 00:18:25,820
We’ll stay conceptual and executive.
487
00:18:25,820 –> 00:18:27,820
Six principles anchor the intent.
488
00:18:27,820 –> 00:18:31,700
Fairness, reliability, and safety, privacy and security,
489
00:18:31,700 –> 00:18:34,780
inclusiveness, transparency, and accountability.
490
00:18:34,780 –> 00:18:36,700
If you’re a Cairo, your decision here
491
00:18:36,700 –> 00:18:39,020
is to translate these into risk appetite statements
492
00:18:39,020 –> 00:18:39,900
per domain.
493
00:18:39,900 –> 00:18:41,620
Fairness becomes no disparate impact
494
00:18:41,620 –> 00:18:43,860
above X for claims adjudication.
495
00:18:43,860 –> 00:18:47,100
Safety becomes forced human review for treatment suggestions.
496
00:18:47,100 –> 00:18:48,940
Privacy and security becomes no prompt
497
00:18:48,940 –> 00:18:51,780
so outputs with regulated data outside labeled monitored
498
00:18:51,780 –> 00:18:52,740
boundaries.
499
00:18:52,740 –> 00:18:55,300
Inclusiveness becomes design feedback captured
500
00:18:55,300 –> 00:18:57,060
from affected populations.
501
00:18:57,060 –> 00:19:00,300
Transparency becomes explainability level set per use case
502
00:19:00,300 –> 00:19:01,500
and enforced.
503
00:19:01,500 –> 00:19:04,420
Accountability becomes named owners with pause authority.
504
00:19:04,420 –> 00:19:05,300
Now the rhythm.
505
00:19:05,300 –> 00:19:08,700
Microsoft’s alignment to the NIST loop, govern, map, measure,
506
00:19:08,700 –> 00:19:10,980
manage is your operating cadence.
507
00:19:10,980 –> 00:19:13,620
Governance codifies principles and decision rights.
508
00:19:13,620 –> 00:19:16,500
Mapping classifies use cases by population, autonomy,
509
00:19:16,500 –> 00:19:18,580
reversibility, and explainability need.
510
00:19:18,580 –> 00:19:21,700
Measuring means red teaming, bias checks, content safety,
511
00:19:21,700 –> 00:19:23,940
jailbreak resistance, and drift detection.
512
00:19:23,940 –> 00:19:26,940
Managing means escalation that works in minutes, not weeks.
513
00:19:26,940 –> 00:19:29,740
If you run ET, your decision is to align identity and data
514
00:19:29,740 –> 00:19:32,820
controls to each function so the loop is enforceable.
515
00:19:32,820 –> 00:19:36,660
Entra groups for rights, purview labels, and DLP for boundaries.
516
00:19:36,660 –> 00:19:39,060
Copilot governance for prompts and outputs,
517
00:19:39,060 –> 00:19:41,100
logs wired to owners.
518
00:19:41,100 –> 00:19:43,620
Human oversight must be meaningful, not ceremonial.
519
00:19:43,620 –> 00:19:46,700
The principle is simple authority resides where harm lands.
520
00:19:46,700 –> 00:19:49,780
If a system can affect rights, safety, or finance,
521
00:19:49,780 –> 00:19:52,900
a human with pause authority adjudicates triggers.
522
00:19:52,900 –> 00:19:55,380
That person needs context, training, and a direct path
523
00:19:55,380 –> 00:19:57,260
to stopship without career risk.
524
00:19:57,260 –> 00:19:59,540
If you lead data or product, your responsibility
525
00:19:59,540 –> 00:20:02,700
is to make oversight effective by design, instrument the chain
526
00:20:02,700 –> 00:20:04,860
so prompt grounding output and acceptance
527
00:20:04,860 –> 00:20:08,380
are recoverable in minutes, present decision-ready summaries,
528
00:20:08,380 –> 00:20:11,620
and define degraded modes you can flip to safely.
529
00:20:11,620 –> 00:20:13,820
Sensitive users are the places you slow down
530
00:20:13,820 –> 00:20:16,100
to write intent in plain language.
531
00:20:16,100 –> 00:20:19,140
Healthcare, employment, credit, education, and public services
532
00:20:19,140 –> 00:20:20,300
are obvious.
533
00:20:20,300 –> 00:20:23,260
But sensitive also means high autonomy, low-reversibility,
534
00:20:23,260 –> 00:20:24,420
high impact.
535
00:20:24,420 –> 00:20:26,780
If you’re a Cairo, this is where you must step in.
536
00:20:26,780 –> 00:20:29,580
Require intake clarity, a harms analysis
537
00:20:29,580 –> 00:20:31,420
beyond compliance, red team artifacts,
538
00:20:31,420 –> 00:20:33,780
and an owner who signs the risk acceptance.
539
00:20:33,780 –> 00:20:36,660
Lawful but awful lives in the gap between legal minimums
540
00:20:36,660 –> 00:20:38,060
and your equity standards.
541
00:20:38,060 –> 00:20:40,340
Close it deliberately.
542
00:20:40,340 –> 00:20:43,100
Defense in depth ties the life cycle together.
543
00:20:43,100 –> 00:20:46,500
Pre-deploy review with red teaming, content safety guardrails
544
00:20:46,500 –> 00:20:49,540
at runtime, continuous monitoring for abuse and drift,
545
00:20:49,540 –> 00:20:52,300
and post-incident learning updates to controls.
546
00:20:52,300 –> 00:20:56,060
If you run IT, bind each layer to a control plane action.
547
00:20:56,060 –> 00:20:59,220
Pre-deploy, no production access without an owner in entra.
548
00:20:59,220 –> 00:21:01,460
Runtime, default deny sensitive scopes
549
00:21:01,460 –> 00:21:03,900
without label data and DLP in place.
550
00:21:03,900 –> 00:21:05,820
Monitoring alerts root to the steward
551
00:21:05,820 –> 00:21:07,420
with the authority to pause.
552
00:21:07,420 –> 00:21:11,500
Post-incident, access revocations, label updates,
553
00:21:11,500 –> 00:21:14,100
and exception expiry happen automatically.
554
00:21:14,100 –> 00:21:16,180
Your controls are not a hope.
555
00:21:16,180 –> 00:21:17,780
They are a sequence.
556
00:21:17,780 –> 00:21:20,860
Now make this concrete with the reference architecture roles.
557
00:21:20,860 –> 00:21:24,620
Microsoft’s internal model uses an office of responsible AI,
558
00:21:24,620 –> 00:21:27,380
division champions, and an ethics and effects committee.
559
00:21:27,380 –> 00:21:29,700
You don’t need that scale, but you need the pattern.
560
00:21:29,700 –> 00:21:32,180
Essential stewarding function, distributed owners
561
00:21:32,180 –> 00:21:35,100
in the domains, and an escalation forum that can decide.
562
00:21:35,100 –> 00:21:38,020
If you own the business, your responsibility is to sit in that forum
563
00:21:38,020 –> 00:21:41,220
for your domain and carry the consequence of pause decisions.
564
00:21:41,220 –> 00:21:44,340
No proxies on the hard calls, identity as control plane,
565
00:21:44,340 –> 00:21:47,660
entra answers, who can invoke which AI capability,
566
00:21:47,660 –> 00:21:48,980
under which conditions.
567
00:21:48,980 –> 00:21:50,540
This is where stopship becomes real.
568
00:21:50,540 –> 00:21:53,740
If you’re a KIO, decide the non-delagable scopes,
569
00:21:53,740 –> 00:21:56,340
no cross-tenant access to sensitive models,
570
00:21:56,340 –> 00:22:00,060
audit only path for pilots, no agents without named owners.
571
00:22:00,060 –> 00:22:02,380
If you run IT, enforce joiner, mover, lever,
572
00:22:02,380 –> 00:22:05,020
or resertifications, service principle rotations,
573
00:22:05,020 –> 00:22:07,380
and automatic decommission of ownerless agents.
574
00:22:07,380 –> 00:22:09,380
Your organization will create entropy.
575
00:22:09,380 –> 00:22:11,260
Your job is to counter it every day.
576
00:22:11,260 –> 00:22:13,980
Data is substrate, per view answers.
577
00:22:13,980 –> 00:22:17,420
What data can be seen by whom, where it can flow.
578
00:22:17,420 –> 00:22:19,620
Labels, DLP, and lineage are not decorations.
579
00:22:19,620 –> 00:22:21,460
They are your intent manifested.
580
00:22:21,460 –> 00:22:23,660
If you lead data or product, your responsibility
581
00:22:23,660 –> 00:22:26,340
is to classify, label, and prove lineage for grounding data.
582
00:22:26,340 –> 00:22:29,140
If the data can’t be traced, the model can’t be defended.
583
00:22:29,140 –> 00:22:31,340
If you own the business, decide the rollback cost
584
00:22:31,340 –> 00:22:33,700
you’re willing to carry when sensitive data is mislabeled
585
00:22:33,700 –> 00:22:34,700
or overshared.
586
00:22:34,700 –> 00:22:36,380
Decide now, not after the headline.
587
00:22:36,380 –> 00:22:38,460
Co-pilot governance is proof of model breakage.
588
00:22:38,460 –> 00:22:40,220
When co-pilot surfaces the wrong thing,
589
00:22:40,220 –> 00:22:42,340
assume your governance encoded entropy.
590
00:22:42,340 –> 00:22:43,700
The fix is not a prompt tip.
591
00:22:43,700 –> 00:22:46,780
It’s a boundary fix, an identity fix, and an owner fix.
592
00:22:46,780 –> 00:22:48,500
If you’re a KIO, set the rule.
593
00:22:48,500 –> 00:22:50,500
No pilots without audit only mode,
594
00:22:50,500 –> 00:22:52,260
no plugins without owner signatures,
595
00:22:52,260 –> 00:22:54,820
and usage dashboards wired to stewards.
596
00:22:54,820 –> 00:22:57,300
If you run IT, ensure prompt and output logging
597
00:22:57,300 –> 00:22:59,380
roots to owners, and that reduction rules
598
00:22:59,380 –> 00:23:01,460
are on by default for sensitive labels.
599
00:23:01,460 –> 00:23:02,580
Tie it back to the loop.
600
00:23:02,580 –> 00:23:04,180
Govern, adopt the six principles
601
00:23:04,180 –> 00:23:06,260
and write risk appetite per domain.
602
00:23:06,260 –> 00:23:09,500
Map triage use cases by risk tier, measure, red team,
603
00:23:09,500 –> 00:23:10,940
bias test, and instrument.
604
00:23:10,940 –> 00:23:13,900
Manage, escalate, pause, degrade, retrain, retire,
605
00:23:13,900 –> 00:23:15,220
stewardship runs this rhythm.
606
00:23:15,220 –> 00:23:16,820
Identity and data enforce it.
607
00:23:16,820 –> 00:23:18,340
Co-pilot reveals where it breaks.
608
00:23:18,340 –> 00:23:20,820
If you’re a KIO, this is where you must step in.
609
00:23:20,820 –> 00:23:23,900
Publish the loop, fund the steward, and tie incentives
610
00:23:23,900 –> 00:23:26,300
to pause quality, not speed alone.
611
00:23:26,300 –> 00:23:29,020
If you run IT, wire the control planes to decision-ride
612
00:23:29,020 –> 00:23:31,180
so authority is a group, not a slide.
613
00:23:31,180 –> 00:23:34,140
If you lead data or product, deliver one page evidence
614
00:23:34,140 –> 00:23:36,340
at each gate, and if you own the business accept risk
615
00:23:36,340 –> 00:23:38,420
in writing and show up for the escalations,
616
00:23:38,420 –> 00:23:40,740
this is a reference architecture treated as law
617
00:23:40,740 –> 00:23:42,700
for how your organization behaves under pressure.
618
00:23:42,700 –> 00:23:45,620
Because under pressure, intent collapses back to design.
619
00:23:45,620 –> 00:23:48,740
From principles to programs, the operating model shift,
620
00:23:48,740 –> 00:23:51,660
principles without an operating model decay into posters.
621
00:23:51,660 –> 00:23:53,420
You need a cadence that converts values
622
00:23:53,420 –> 00:23:56,180
into repeatable decisions, evidence, and actions.
623
00:23:56,180 –> 00:23:59,020
The shift is simple to describe and hard to execute.
624
00:23:59,020 –> 00:24:02,780
Translate fairness, safety, privacy, inclusiveness,
625
00:24:02,780 –> 00:24:06,660
transparency and accountability into cadences, gates, owners,
626
00:24:06,660 –> 00:24:09,740
and artifacts you can defend at 4 p.m. start with rhythms,
627
00:24:09,740 –> 00:24:10,940
not committees.
628
00:24:10,940 –> 00:24:13,340
Establish a weekly intake, a pre-deploy quorum,
629
00:24:13,340 –> 00:24:15,420
post-deploy monitoring with name triggers,
630
00:24:15,420 –> 00:24:18,860
a drift review on a timer, and retirement rules with unlearning.
631
00:24:18,860 –> 00:24:19,700
That’s your backbone.
632
00:24:19,700 –> 00:24:21,020
If you’re a KIO, your decision here
633
00:24:21,020 –> 00:24:23,220
is to sponsor that backbone with budget and headcount
634
00:24:23,220 –> 00:24:25,700
and to protect its timing from quarterly pressure.
635
00:24:25,700 –> 00:24:28,580
If you run IT, your decision is to wire identity and data
636
00:24:28,580 –> 00:24:30,260
so each rhythm is enforceable.
637
00:24:30,260 –> 00:24:32,940
No owner, no access, no label, no grounding,
638
00:24:32,940 –> 00:24:34,860
no quorum sign of, no production.
639
00:24:34,860 –> 00:24:36,620
Convert values into gates.
640
00:24:36,620 –> 00:24:39,460
Intake demands a one-page statement of intent, owner,
641
00:24:39,460 –> 00:24:42,220
data plan, harms analysis and exit criteria.
642
00:24:42,220 –> 00:24:44,220
Pre-deploy confirms controls, red team results
643
00:24:44,220 –> 00:24:46,900
and signs risk acceptance, post-deploy monitors, confidence,
644
00:24:46,900 –> 00:24:49,740
content safety, jailbreak attempts, sentiments, bikes
645
00:24:49,740 –> 00:24:50,860
and unusual grounding.
646
00:24:50,860 –> 00:24:52,860
Drift review asks whether equity and performance
647
00:24:52,860 –> 00:24:54,380
hold under real traffic.
648
00:24:54,380 –> 00:24:56,540
Retirement states the triggers, notifications
649
00:24:56,540 –> 00:24:58,460
and data unlearning path.
650
00:24:58,460 –> 00:25:00,900
If you lead data or product, your responsibility
651
00:25:00,900 –> 00:25:02,820
is to produce evidence that fits those gates
652
00:25:02,820 –> 00:25:03,820
without ceremony.
653
00:25:03,820 –> 00:25:05,180
Two-speed governance is the only way
654
00:25:05,180 –> 00:25:07,180
to move fast without lying to yourself.
655
00:25:07,180 –> 00:25:10,340
Create one rulebook with two lanes, innovation and high-risk.
656
00:25:10,340 –> 00:25:13,420
In the innovation lane, pilots run in audit-only mode
657
00:25:13,420 –> 00:25:17,060
with strict boundaries, short time boxes and explicit owners.
658
00:25:17,060 –> 00:25:20,340
In the high-risk lane, health, employment, credit, safety,
659
00:25:20,340 –> 00:25:22,980
controls are heavier, oversight is meaningful
660
00:25:22,980 –> 00:25:25,940
and pause authority is automatic when triggers hit.
661
00:25:25,940 –> 00:25:28,100
If you own the business, your responsibility
662
00:25:28,100 –> 00:25:29,740
is to choose the lane per use case
663
00:25:29,740 –> 00:25:31,820
and accept the implied velocity and burden.
664
00:25:31,820 –> 00:25:34,260
Evidence artifacts make decisions defensible.
665
00:25:34,260 –> 00:25:36,780
For every use case, keep a model card
666
00:25:36,780 –> 00:25:39,980
that states purpose, autonomy, explainability level,
667
00:25:39,980 –> 00:25:42,020
data sets and known limitations.
668
00:25:42,020 –> 00:25:44,500
Maintain decision logs that capture prompt, grounding,
669
00:25:44,500 –> 00:25:47,340
output and human acceptance for reconstructability.
670
00:25:47,340 –> 00:25:49,500
Record escalations, trigger, context packet,
671
00:25:49,500 –> 00:25:53,340
query and outcome.
672
00:25:53,340 –> 00:25:55,100
Require these artifacts before scale
673
00:25:55,100 –> 00:25:57,540
and refuse dashboards without owners.
674
00:25:57,540 –> 00:26:00,020
Program metrics reveal whether stewardship exists
675
00:26:00,020 –> 00:26:01,420
or theater persists.
676
00:26:01,420 –> 00:26:03,940
Track decisions made and by whom escalations raised
677
00:26:03,940 –> 00:26:06,380
and resolved inside SLA, incidents prevented
678
00:26:06,380 –> 00:26:09,300
by pause or degraded modes, time to adjudication
679
00:26:09,300 –> 00:26:11,420
and exceptions closed on schedule.
680
00:26:11,420 –> 00:26:13,380
Reward justified pause is not just launches.
681
00:26:13,380 –> 00:26:14,900
If you run IT, instrument, entrain,
682
00:26:14,900 –> 00:26:17,660
and purviews or revocations, expiry and boundary corrections
683
00:26:17,660 –> 00:26:19,180
are visible and attributable,
684
00:26:19,180 –> 00:26:22,580
your reality is what the logs say, not what the policy says.
685
00:26:22,580 –> 00:26:24,540
Now the operating implication for Microsoft
686
00:26:24,540 –> 00:26:26,060
as reference architecture,
687
00:26:26,060 –> 00:26:28,460
Entra groups become the spine for decision rights
688
00:26:28,460 –> 00:26:30,900
approve pause, kill, mapped to owners.
689
00:26:30,900 –> 00:26:33,020
Per view labels and DLP encode your data plan
690
00:26:33,020 –> 00:26:34,340
and harms analysis.
691
00:26:34,340 –> 00:26:38,060
Copilot governance settings mirror your lane choice.
692
00:26:38,060 –> 00:26:40,940
Audit only for innovation, restricted plugins
693
00:26:40,940 –> 00:26:42,380
and reduction for high risk.
694
00:26:42,380 –> 00:26:45,140
Responsible AI principles mapped to your intake template
695
00:26:45,140 –> 00:26:46,820
and explainability decisions.
696
00:26:46,820 –> 00:26:49,660
If you lead data or product, your responsibility is to ensure
697
00:26:49,660 –> 00:26:52,980
the lineage in purview matches the data sets in your model card.
698
00:26:52,980 –> 00:26:55,660
If it doesn’t, your evidence will collapse under scrutiny.
699
00:26:55,660 –> 00:26:57,180
Case patterns validate the shift.
700
00:26:57,180 –> 00:26:58,820
In copilot exposure incidents,
701
00:26:58,820 –> 00:27:02,460
the absence of a pre-deploy gate and a boundary-inforced audit lane
702
00:27:02,460 –> 00:27:04,740
allowed overshadowed links and unlabeled exports
703
00:27:04,740 –> 00:27:06,260
to masquerade as governance.
704
00:27:06,260 –> 00:27:08,540
In shadow AI, the lack of an intake rhythm
705
00:27:08,540 –> 00:27:12,780
and audit-only pilots made the path to yes slower than a credit card.
706
00:27:12,780 –> 00:27:14,940
In governance theater, dashboards grew
707
00:27:14,940 –> 00:27:17,860
while no metric tied to pause quality existed.
708
00:27:17,860 –> 00:27:19,460
The operating model solves all three
709
00:27:19,460 –> 00:27:23,020
by making who decides on what evidence and how fast explicit.
710
00:27:23,020 –> 00:27:26,180
If you’re a KIO, publish the operating model on one page.
711
00:27:26,180 –> 00:27:29,140
Rhythms, gates, rolls, artifacts, SLAs.
712
00:27:29,140 –> 00:27:31,940
Tiantentives to escalations resolved and exceptions closed,
713
00:27:31,940 –> 00:27:33,420
not volume of launches.
714
00:27:33,420 –> 00:27:36,620
If you run IT, bind every gate to a control plane check,
715
00:27:36,620 –> 00:27:39,100
owners in entra, labels in purview,
716
00:27:39,100 –> 00:27:41,660
locks to Stuart’s ownerless agent’s expire.
717
00:27:41,660 –> 00:27:44,700
If you lead data or product deliver decision-ready evidence,
718
00:27:44,700 –> 00:27:48,180
if you own the business, accept residual risk in writing at intake
719
00:27:48,180 –> 00:27:49,940
and reaffirm at drift review.
720
00:27:49,940 –> 00:27:52,980
This is the shift from philosophy to a loop with stopping power
721
00:27:52,980 –> 00:27:56,220
and code intent, enforce it, learn fast, repeat,
722
00:27:56,220 –> 00:27:59,940
core building blocks, principles, roles, rights, escalation.
723
00:27:59,940 –> 00:28:02,380
Principles roles, decision rights, escalation.
724
00:28:02,380 –> 00:28:04,660
Four building blocks, one operating system.
725
00:28:04,660 –> 00:28:07,580
If anyone is vague, the loop collapses under pressure.
726
00:28:07,580 –> 00:28:11,620
If you’re a KIO, your decision here is to lock these four in writing and fund them.
727
00:28:11,620 –> 00:28:14,500
If you run IT, bind them to identity and data.
728
00:28:14,500 –> 00:28:17,220
If you lead data or product, deliver evidence
729
00:28:17,220 –> 00:28:19,620
that makes five-minute decisions responsible.
730
00:28:19,620 –> 00:28:22,300
If you own the business, carry consequence on record.
731
00:28:22,300 –> 00:28:23,980
Start with principles you can enforce.
732
00:28:23,980 –> 00:28:28,260
Adopt the six, fairness, reliability and safety, privacy and security,
733
00:28:28,260 –> 00:28:31,300
inclusiveness, transparency and accountability.
734
00:28:31,300 –> 00:28:34,740
Then add three local amplifiers, risk appetite statements per domain,
735
00:28:34,740 –> 00:28:38,020
an exception protocol with expiry and a disclosure stance for
736
00:28:38,020 –> 00:28:39,780
lawful but awful scenarios.
737
00:28:39,780 –> 00:28:43,420
Fairness becomes no disparity above X for lending.
738
00:28:43,420 –> 00:28:46,940
Safety becomes forced human review at Y confidence.
739
00:28:46,940 –> 00:28:49,580
Privacy and security becomes no sensitive prompt
740
00:28:49,580 –> 00:28:52,060
so outputs outside labeled monitored boundaries.
741
00:28:52,060 –> 00:28:55,220
If you’re a KIO, publish these as one page appetite statements.
742
00:28:55,220 –> 00:28:57,420
They are the adjudication anchors, not posters.
743
00:28:57,420 –> 00:28:59,020
Roads convert intent into action.
744
00:28:59,020 –> 00:29:02,380
You need an executive sponsor with non-delagable decisions,
745
00:29:02,380 –> 00:29:06,460
an AI steward who runs the loop, a data steward who owns lineage and consent,
746
00:29:06,460 –> 00:29:09,900
security and IT, who bind enforcement to enter and purview,
747
00:29:09,900 –> 00:29:13,220
legal and privacy, who draw red lines and disclosures,
748
00:29:13,220 –> 00:29:16,340
and a business owner who owns value and pause consequences.
749
00:29:16,340 –> 00:29:18,300
Small orgs will stack hats.
750
00:29:18,300 –> 00:29:21,460
Large orgs will distribute stewards across domains
751
00:29:21,460 –> 00:29:23,220
with a central council for coherence.
752
00:29:23,220 –> 00:29:27,380
If you run IT, your decision is to map each role to identity groups
753
00:29:27,380 –> 00:29:29,700
so authority is a permission, not a meeting.
754
00:29:29,700 –> 00:29:31,220
Decision rights are the spine.
755
00:29:31,220 –> 00:29:32,660
Three rights never drift.
756
00:29:32,660 –> 00:29:35,380
Approved to launch, pause or kill on triggers,
757
00:29:35,380 –> 00:29:37,700
and accept residual risk in writing.
758
00:29:37,700 –> 00:29:39,300
Name the people, not job families.
759
00:29:39,300 –> 00:29:41,020
Tie each right to an entry group
760
00:29:41,020 –> 00:29:43,260
with explicit membership rules and expiry.
761
00:29:43,260 –> 00:29:45,660
If you’re a chirod, define who signs high-risk approvals,
762
00:29:45,660 –> 00:29:48,940
who can pause without permission and who accepts risk per domain.
763
00:29:48,940 –> 00:29:52,500
If you run IT, enforce default deny for sensitive scopes
764
00:29:52,500 –> 00:29:54,460
unless a named owner is active.
765
00:29:54,460 –> 00:29:57,460
If you lead data or product, decide the explainability level
766
00:29:57,460 –> 00:29:59,500
and the evidence package needed before launch.
767
00:29:59,500 –> 00:30:02,380
If you own the business, decide degraded modes in advance.
768
00:30:02,380 –> 00:30:04,420
Escalation is the speed governor.
769
00:30:04,420 –> 00:30:06,820
Triggers defined upfront, low confidence bands,
770
00:30:06,820 –> 00:30:09,780
content safety hits, drift thresholds, abnormal grounding,
771
00:30:09,780 –> 00:30:13,860
user-harm reports, a context packet travels with every handoff.
772
00:30:13,860 –> 00:30:19,460
Prompt, output, features, lineage, last changes, user impact.
773
00:30:19,460 –> 00:30:22,020
A quorum convenes inside a fixed window,
774
00:30:22,020 –> 00:30:24,740
steward, business owner security legal,
775
00:30:24,740 –> 00:30:27,700
no proxies on high-risk calls.
776
00:30:27,700 –> 00:30:31,940
Outcomes are deterministic, pause, degrade, gate, retrain, retire,
777
00:30:31,940 –> 00:30:34,180
log and notify, learn and update controls.
778
00:30:34,180 –> 00:30:36,820
If you’re a KIO, set the adjudication SLA
779
00:30:36,820 –> 00:30:38,580
and protect it from quarterly pressure.
780
00:30:38,580 –> 00:30:41,380
If you run IT, make pause a control plane action,
781
00:30:41,380 –> 00:30:43,140
not a Slack message, make this concrete
782
00:30:43,140 –> 00:30:45,220
with Microsoft as reference architecture,
783
00:30:45,220 –> 00:30:46,780
principles map to policies that drive
784
00:30:46,780 –> 00:30:49,940
ENTRA groups, per view labels and copilot safeguards.
785
00:30:49,940 –> 00:30:52,580
Rolls map to owners in ENTRA with least privileged access
786
00:30:52,580 –> 00:30:54,100
and termination timers.
787
00:30:54,100 –> 00:30:56,820
Decision writes map to specific groups.
788
00:30:56,820 –> 00:31:00,660
AI launch approvers, AI pause authority,
789
00:31:00,660 –> 00:31:04,260
AI risk acceptors, membership issued by the steward,
790
00:31:04,260 –> 00:31:06,980
revoked by default on ownership change.
791
00:31:06,980 –> 00:31:10,100
Escalation maps to automation, content safety hits,
792
00:31:10,100 –> 00:31:13,220
DLP violations or confidence dips open a case
793
00:31:13,220 –> 00:31:15,860
with the context packet prefilled from logs.
794
00:31:15,860 –> 00:31:18,100
The steward’s group has the pause switch.
795
00:31:18,100 –> 00:31:20,980
If you lead data or product, your job is to ensure lineage
796
00:31:20,980 –> 00:31:23,940
and consent in purview, match the data sets referenced
797
00:31:23,940 –> 00:31:26,100
in your model card so the packet is credible.
798
00:31:26,100 –> 00:31:27,380
Apply the case patterns.
799
00:31:27,380 –> 00:31:29,940
In copilot exposure, the absence of a named owner
800
00:31:29,940 –> 00:31:33,300
and link expiry means a salary export persists unlabeled
801
00:31:33,300 –> 00:31:34,660
beside an open link.
802
00:31:34,660 –> 00:31:38,980
Principle privacy and security exists, role ownership doesn’t,
803
00:31:38,980 –> 00:31:40,900
decision rights aren’t bound.
804
00:31:40,900 –> 00:31:43,540
Escalation discovers after the board meeting.
805
00:31:43,540 –> 00:31:47,460
Stewardship fixes it, owner on record, link expiry enforced,
806
00:31:47,460 –> 00:31:50,180
label required for grounding, content safety reduction
807
00:31:50,180 –> 00:31:52,500
on by default, and a trigger that pauses read
808
00:31:52,500 –> 00:31:55,540
when a sensitive label appears in prompts or outputs.
809
00:31:55,540 –> 00:31:57,620
If you’re a Cairo, your decision is to require
810
00:31:57,620 –> 00:32:00,340
audit only pilots and owner signatures for plugins.
811
00:32:00,340 –> 00:32:03,460
If you run IT, bind pause to identity and DLP.
812
00:32:03,460 –> 00:32:05,380
If you lead data, label at source.
813
00:32:05,380 –> 00:32:08,340
If you own the business, accept the cost of degraded mode.
814
00:32:08,340 –> 00:32:10,500
In shadow AI, the sanctioned path to yes
815
00:32:10,500 –> 00:32:12,100
was slower than a credit card.
816
00:32:12,100 –> 00:32:15,300
The fix is two speed governance encoded as rights.
817
00:32:15,300 –> 00:32:17,380
An innovation lane with audit only access,
818
00:32:17,380 –> 00:32:19,540
short time boxes and owner signatures.
819
00:32:19,540 –> 00:32:21,300
A high-risk lane with heavier oversight
820
00:32:21,300 –> 00:32:22,980
and automatic pause on triggers.
821
00:32:22,980 –> 00:32:25,220
If you’re a Cairo, define lanes and SLAs.
822
00:32:25,220 –> 00:32:27,060
If you run IT, implement them as
823
00:32:27,060 –> 00:32:28,580
entra groups in purview policies.
824
00:32:28,580 –> 00:32:31,300
If you lead data or product, ship evidence fast.
825
00:32:31,300 –> 00:32:34,580
If you own the business, pick the lane and own the velocity and burden.
826
00:32:34,580 –> 00:32:36,260
Now write your one pages.
827
00:32:36,260 –> 00:32:38,180
Principles with appetites.
828
00:32:38,180 –> 00:32:39,620
Rolls with names.
829
00:32:39,620 –> 00:32:41,380
Decision rights with groups.
830
00:32:41,380 –> 00:32:43,620
Escalation with triggers, quorum and timing.
831
00:32:43,620 –> 00:32:44,420
Publish them.
832
00:32:44,420 –> 00:32:45,220
Bind them.
833
00:32:45,220 –> 00:32:46,260
Then measure one thing.
834
00:32:46,260 –> 00:32:48,420
Did the Stuart pause something for a good reason?
835
00:32:48,420 –> 00:32:49,940
If not, you have theater.
836
00:32:49,940 –> 00:32:51,380
If yes, you have stewardship.
837
00:32:51,380 –> 00:32:52,020
Actory.
838
00:32:52,020 –> 00:32:53,140
Ownership and rolls.
839
00:32:53,140 –> 00:32:54,180
Ownership is not a slide.
840
00:32:54,180 –> 00:32:57,060
It’s a set of non-deligable decisions bound to identity
841
00:32:57,060 –> 00:32:58,660
that survive pressure.
842
00:32:58,660 –> 00:33:00,740
Up to now we frame stewardship as a loop.
843
00:33:00,740 –> 00:33:02,020
Now we name who carries it.
844
00:33:02,020 –> 00:33:04,340
If you’re a Cairo, this is where you must step in.
845
00:33:04,340 –> 00:33:06,100
Define the authority surface.
846
00:33:06,100 –> 00:33:07,380
Non-deluggable live here.
847
00:33:07,380 –> 00:33:09,300
You own the risk appetite per domain.
848
00:33:09,300 –> 00:33:10,660
The stopship rules.
849
00:33:10,660 –> 00:33:12,900
The exception protocol with expiry.
850
00:33:12,900 –> 00:33:14,820
And the cadence that adjudicates trade-offs
851
00:33:14,820 –> 00:33:15,940
under time pressure.
852
00:33:15,940 –> 00:33:18,100
Protect the surface from quarterly gravity.
853
00:33:18,100 –> 00:33:21,220
If you run IT, people will expect answers from you here.
854
00:33:21,220 –> 00:33:24,100
Which identities can invoke which AI capabilities
855
00:33:24,100 –> 00:33:26,900
under what conditions and who has the literal switch to pause?
856
00:33:26,900 –> 00:33:28,180
That’s entra, not intent.
857
00:33:28,180 –> 00:33:29,700
Bind decisions to groups.
858
00:33:29,700 –> 00:33:32,420
If you lead data or product, your responsibility
859
00:33:32,420 –> 00:33:35,300
is the evidentiary spine that makes five-minute decisions
860
00:33:35,300 –> 00:33:36,100
responsible.
861
00:33:36,100 –> 00:33:38,980
Lineage, consent provenance, explainability level,
862
00:33:38,980 –> 00:33:40,420
and rollback mechanics.
863
00:33:40,420 –> 00:33:42,660
If you can’t reconstruct, you can’t defend.
864
00:33:42,660 –> 00:33:46,180
If you own the business outcome, your responsibility is consequence.
865
00:33:46,180 –> 00:33:49,060
You decide when value pauses, how degraded modes work,
866
00:33:49,060 –> 00:33:50,980
who communicates and who funds rollback.
867
00:33:50,980 –> 00:33:52,740
No proxies on the hard calls.
868
00:33:52,740 –> 00:33:54,020
Three patterns enforce this.
869
00:33:54,020 –> 00:33:56,580
First, distributed stewards embedded in domains
870
00:33:56,580 –> 00:33:59,060
orchestrated by a central stewarding function.
871
00:33:59,060 –> 00:34:02,900
Second, a named adjudication quorum that meets inside a fixed window
872
00:34:02,900 –> 00:34:04,580
with authority to pause.
873
00:34:04,580 –> 00:34:07,220
Third, decision rights mapped to identity groups,
874
00:34:07,220 –> 00:34:09,780
so a pause is a control plane action, not a memo.
875
00:34:09,780 –> 00:34:11,620
This is where role lenses matter.
876
00:34:11,620 –> 00:34:14,180
In a small org, one person wears three hats.
877
00:34:14,180 –> 00:34:16,260
Write the rights down and bind them.
878
00:34:16,260 –> 00:34:18,900
In a midsize org, a pointer steward and publisher quorum.
879
00:34:18,900 –> 00:34:22,340
In a large enterprise, distribute stewards, centralize principles,
880
00:34:22,340 –> 00:34:24,100
and keep accountability local.
881
00:34:24,100 –> 00:34:27,700
Same loop, different scale, deterministic outcomes.
882
00:34:27,700 –> 00:34:29,700
Apply the case patterns.
883
00:34:29,700 –> 00:34:33,060
In co-pilot exposure, executive ownership was absent.
884
00:34:33,060 –> 00:34:35,060
No one set link expiry as a rule.
885
00:34:35,060 –> 00:34:39,060
No one owned the read surface, and no one had authority to pause it impact.
886
00:34:39,060 –> 00:34:42,100
In Shadow AI, leadership failed to create a fast yes,
887
00:34:42,100 –> 00:34:44,820
so the path of least resistance became off-tenant.
888
00:34:44,820 –> 00:34:47,140
In governance theatre, committees wrote principles
889
00:34:47,140 –> 00:34:49,540
while incidents escalated to no one.
890
00:34:49,540 –> 00:34:52,340
The fix in all three is ownership with stopping power.
891
00:34:52,340 –> 00:34:54,900
If you’re a Cairo, publish the one-pager,
892
00:34:54,900 –> 00:34:58,740
non-deluggables, quorum, SLAs, and the names who carry consequence.
893
00:34:58,740 –> 00:35:01,460
If you run IT, back it with groups and timers.
894
00:35:01,460 –> 00:35:04,420
If you lead data or product, ship decision-ready evidence.
895
00:35:04,420 –> 00:35:08,100
If you own the business, accept risk in writing and show up for adjudications.
896
00:35:08,100 –> 00:35:11,780
Executive ownership, the non-deluggable decisions,
897
00:35:11,780 –> 00:35:16,900
set intent, approve appetite, create authority, tie incentives, engage the board.
898
00:35:16,900 –> 00:35:18,420
Those are the five non-deluggables.
899
00:35:18,420 –> 00:35:21,460
They cannot be outsourced to policy or buried in a committee.
900
00:35:21,460 –> 00:35:22,500
Start with intent.
901
00:35:22,500 –> 00:35:24,900
What may AI optimize and what will it never trade off?
902
00:35:24,900 –> 00:35:27,380
Write the value hierarchy per domain in plain language.
903
00:35:27,380 –> 00:35:28,980
Optimize claim cycle time.
904
00:35:28,980 –> 00:35:31,540
Never at the expense of fairness beyond x.
905
00:35:31,540 –> 00:35:32,740
Summarise patient notes.
906
00:35:32,740 –> 00:35:34,820
Never propose treatment without human review.
907
00:35:34,820 –> 00:35:36,260
If you’re a Cairo, this is yours.
908
00:35:36,260 –> 00:35:38,100
If you don’t set it, your incentives will.
909
00:35:38,100 –> 00:35:39,860
Risk taxonomy and tolerance is coming next.
910
00:35:39,860 –> 00:35:43,780
Define tiers by rights, safety, and finance impact.
911
00:35:43,780 –> 00:35:48,260
Publish thresholds, confidence bands that force human review,
912
00:35:48,260 –> 00:35:51,860
disparity levels that trigger pause and autonomy limits by context.
913
00:35:51,860 –> 00:35:55,380
This is your adjudication anchor when the chart is green and the headline is bad.
914
00:35:55,380 –> 00:35:58,900
Authority surfaces the heart, name who can stop revenue for safety.
915
00:35:58,900 –> 00:36:00,020
Map that to identity.
916
00:36:00,020 –> 00:36:04,900
Create three entra-groups, launch approvals, pause authority, risk acceptors.
917
00:36:04,900 –> 00:36:08,100
Set issuance rules, expiry timers, and a visible roster.
918
00:36:08,100 –> 00:36:10,820
If a person leaves, access dies the same day.
919
00:36:10,820 –> 00:36:14,900
If you’re a Cairo, protect the pause groups independence from quarterly pressure.
920
00:36:14,900 –> 00:36:17,300
Tie incentives to stewardship outcomes, not launch volume.
921
00:36:17,300 –> 00:36:20,420
Reward, justified pauses, fast adjudications,
922
00:36:20,420 –> 00:36:24,260
exceptions closed on schedule, and incidents prevented by degraded modes.
923
00:36:24,260 –> 00:36:25,620
Penalize concealment.
924
00:36:25,620 –> 00:36:28,740
If you’re a business leader, your scorecard must include these signals.
925
00:36:28,740 –> 00:36:31,380
Otherwise, intent will erode under velocity.
926
00:36:31,380 –> 00:36:33,060
Board engagement isn’t optional.
927
00:36:33,060 –> 00:36:36,660
The board needs inventories by risk tier, incidents with learning letters,
928
00:36:36,660 –> 00:36:39,620
and the names who carry each domain’s risk acceptance.
929
00:36:39,620 –> 00:36:41,060
Schedule quarterly reviews,
930
00:36:41,060 –> 00:36:44,020
west duets, business owners, and IT present the loop.
931
00:36:44,020 –> 00:36:46,100
What paused, what learned, what changed?
932
00:36:46,100 –> 00:36:47,380
No dashboards without owners.
933
00:36:47,380 –> 00:36:48,740
Roll lenses explicitly.
934
00:36:48,740 –> 00:36:51,940
If you’re a Cairo, your decision now is to publish non-deluggable,
935
00:36:51,940 –> 00:36:55,140
sign the risk taxonomy, and appoint the steward with authority.
936
00:36:55,140 –> 00:36:57,700
You also set the cadence and SLAs for adjudication,
937
00:36:57,700 –> 00:37:00,180
including weekend coverage for high-risk domains.
938
00:37:00,180 –> 00:37:03,780
You decide what meaningful, human oversight means in your company
939
00:37:03,780 –> 00:37:05,220
and verify it happens.
940
00:37:05,220 –> 00:37:09,380
If you run IT, your decision is to make this real in the control plane.
941
00:37:09,380 –> 00:37:11,700
Buying pause and launch rights to enter groups,
942
00:37:11,700 –> 00:37:14,580
default deny sensitive scopes without active owners,
943
00:37:14,580 –> 00:37:18,900
research by service principles on a timer, and auto-kill ownerless agents.
944
00:37:18,900 –> 00:37:21,860
Wire-per-views or sensitive labels are required for grounding
945
00:37:21,860 –> 00:37:24,340
and DLP redacts by default in co-pilot.
946
00:37:24,340 –> 00:37:27,620
Your measure is revocations executed and exceptions expired.
947
00:37:27,620 –> 00:37:32,260
If you lead data or product, your responsibility is to operationalize explainability by domain.
948
00:37:32,260 –> 00:37:36,100
Decide the level, attribution, feature relevance, or counterfactuals.
949
00:37:36,100 –> 00:37:39,700
Instrument prompts grounding data and outputs to reconstruct decisions.
950
00:37:39,700 –> 00:37:42,980
To maintain model cards and decision logs as one page evidence,
951
00:37:42,980 –> 00:37:45,300
keep lineage and consent current in purview.
952
00:37:45,300 –> 00:37:47,140
Own unlearning paths for retirement.
953
00:37:47,140 –> 00:37:51,220
If you own the business outcome, your responsibility is to carry consequence on record,
954
00:37:51,220 –> 00:37:54,180
accept or decline residual risk in writing at intake.
955
00:37:54,180 –> 00:37:57,300
Define degraded modes you’ll run when a pause hits.
956
00:37:57,300 –> 00:37:59,860
Decide the communication plan to internal users
957
00:37:59,860 –> 00:38:02,500
and if needed, external stakeholders.
958
00:38:02,500 –> 00:38:04,500
Show up to escalations, don’t delegate your name.
959
00:38:04,500 –> 00:38:06,260
Case patterns make this concrete.
960
00:38:06,260 –> 00:38:07,860
In the co-pilot exposure scenario,
961
00:38:07,860 –> 00:38:10,580
an executive had never set a link expiry rule
962
00:38:10,580 –> 00:38:13,700
so an unlabeled salary export lived beside an open link.
963
00:38:13,700 –> 00:38:14,980
The assistant didn’t leak.
964
00:38:14,980 –> 00:38:16,420
The absence of non-deluggables did.
965
00:38:16,420 –> 00:38:21,060
Fix, intent, no sensitive data without labels and expiry,
966
00:38:21,060 –> 00:38:23,380
authority, pause group flips access,
967
00:38:23,380 –> 00:38:25,460
incentives, rewarded pause,
968
00:38:25,460 –> 00:38:28,740
and board visibility, an incident letter and control update.
969
00:38:28,740 –> 00:38:32,340
In shadow AI, sales plugged and unmanaged plug-in
970
00:38:32,340 –> 00:38:34,100
because sanctioned intake took weeks.
971
00:38:34,100 –> 00:38:37,620
The executive non-deluggable was to create a two-speed lane
972
00:38:37,620 –> 00:38:40,420
or did only pilots with 48 hour intake and clear owners
973
00:38:40,420 –> 00:38:42,740
plus a high-risk lane with heavier oversight.
974
00:38:42,740 –> 00:38:46,660
Fix, small, yes, fast, big no with evidence
975
00:38:46,660 –> 00:38:49,220
and a steward who can pause pilots when signals turn.
976
00:38:49,220 –> 00:38:51,700
In governance theatre, a committee published principles
977
00:38:51,700 –> 00:38:53,220
but never adjudicated.
978
00:38:53,220 –> 00:38:55,380
Incidents were lawful but awful
979
00:38:55,380 –> 00:38:57,380
because no one owned consequence.
980
00:38:57,380 –> 00:39:00,180
Fix, a pointer steward, create the quorum,
981
00:39:00,180 –> 00:39:02,980
map rights to identity and tie leadership incentives
982
00:39:02,980 –> 00:39:03,860
to pause quality.
983
00:39:03,860 –> 00:39:04,980
The difference isn’t intent.
984
00:39:04,980 –> 00:39:07,060
Its authority, org size lens.
985
00:39:07,060 –> 00:39:10,980
Small, the CEO or GM carries non-deluggables,
986
00:39:10,980 –> 00:39:14,340
a single steward runs intake, IT binds a few groups,
987
00:39:14,340 –> 00:39:16,100
evidence fits on one page,
988
00:39:16,100 –> 00:39:18,020
escalations resolve in hours.
989
00:39:18,020 –> 00:39:21,220
Mid-size named Cairo or equivalent stewards per major domain
990
00:39:21,220 –> 00:39:22,820
weekly intake, monthly drift reviews,
991
00:39:22,820 –> 00:39:26,260
quarterly board letters, large, distributed stewards,
992
00:39:26,260 –> 00:39:28,900
central principles, local accountability,
993
00:39:28,900 –> 00:39:31,460
a central council adjudicates cross-domain risk
994
00:39:31,460 –> 00:39:33,460
board oversight expects inventory,
995
00:39:33,460 –> 00:39:35,780
incidents and named owners per domain.
996
00:39:35,780 –> 00:39:38,180
One last point, stop-ship authority must be boring,
997
00:39:38,180 –> 00:39:39,060
not brave.
998
00:39:39,060 –> 00:39:41,700
If pausing requires heroism, you designed it wrong.
999
00:39:41,700 –> 00:39:43,700
Make it a role with identity bound switches,
1000
00:39:43,700 –> 00:39:45,780
clear SLA’s and incentive protection.
1001
00:39:45,780 –> 00:39:49,140
Then practice it in table tops until muscle memory replaces debate.
1002
00:39:49,140 –> 00:39:50,820
If you’re a Cairo, step in now.
1003
00:39:50,820 –> 00:39:51,940
Publish the non-deluggables.
1004
00:39:51,940 –> 00:39:53,620
If you run IT, bind them.
1005
00:39:53,620 –> 00:39:56,500
If you lead data or product, supply decision-ready evidence.
1006
00:39:56,500 –> 00:39:58,740
If you own the business except risk and show up,
1007
00:39:58,740 –> 00:40:02,180
stewardship becomes real the moment these decisions are enforceable at speed.
1008
00:40:02,900 –> 00:40:04,180
The AI steward role.
1009
00:40:04,180 –> 00:40:06,340
Scope, authority, deliverables.
1010
00:40:06,340 –> 00:40:09,940
The steward is not a policy writer, a tool admin or a committee secretary.
1011
00:40:09,940 –> 00:40:12,740
The steward is the operator of the loop you just funded,
1012
00:40:12,740 –> 00:40:15,540
intake to retirement with real stopping power in between.
1013
00:40:15,540 –> 00:40:18,500
But they are the single throw to choke for cadence, evidence,
1014
00:40:18,500 –> 00:40:19,460
and escalation.
1015
00:40:19,460 –> 00:40:23,060
If you’re a Cairo, your decision here is to appoint a steward who can say pause
1016
00:40:23,060 –> 00:40:25,540
without asking for permission and survive it.
1017
00:40:25,540 –> 00:40:28,100
Scope first, the steward runs program orchestration.
1018
00:40:28,100 –> 00:40:31,060
That means a weekly intake that forces clarity of intent,
1019
00:40:31,060 –> 00:40:34,740
owner, data plan, harm analysis and exit criteria on one page.
1020
00:40:34,740 –> 00:40:37,140
It means a pre-deployed quorum that confirms controls,
1021
00:40:37,140 –> 00:40:39,060
red team results and risk acceptance.
1022
00:40:39,060 –> 00:40:40,820
It means post-deploy monitoring.
1023
00:40:40,820 –> 00:40:42,820
That’s wired to triggers you defined.
1024
00:40:42,820 –> 00:40:47,700
It means drift reviews on a timer and planned retirement with unlearning paths.
1025
00:40:47,700 –> 00:40:48,980
The steward doesn’t do all the work.
1026
00:40:48,980 –> 00:40:51,300
They ensure it happens on time with evidence.
1027
00:40:51,300 –> 00:40:53,300
Scope includes intake discipline.
1028
00:40:53,300 –> 00:40:55,220
No intake, no access.
1029
00:40:55,220 –> 00:40:58,020
The steward owns the queue, the template, and the SLA.
1030
00:40:58,580 –> 00:41:00,980
Or did only pilots live here, not in production.
1031
00:41:00,980 –> 00:41:02,900
They also own life cycle evidence,
1032
00:41:02,900 –> 00:41:04,660
model cards that match reality,
1033
00:41:04,660 –> 00:41:06,740
decision logs that reconstruct prompts,
1034
00:41:06,740 –> 00:41:09,860
grounding, outputs, and human acceptance in minutes.
1035
00:41:09,860 –> 00:41:13,220
Escalation records that show trigger context packet quorum and outcome.
1036
00:41:13,220 –> 00:41:17,220
If you lead data or product, your responsibility is to supply these artifacts.
1037
00:41:17,220 –> 00:41:21,380
The steward’s job is to reject ceremony and demand substance.
1038
00:41:21,380 –> 00:41:25,700
Authority next, the steward holds pause authority on defined triggers in the risk taxonomy,
1039
00:41:25,700 –> 00:41:27,780
not suggest not recommend pause.
1040
00:41:27,780 –> 00:41:31,540
That authority is mapped to an entra group with least privilege and expiry.
1041
00:41:31,540 –> 00:41:34,100
It is not a slack escalation hoping someone reads it.
1042
00:41:34,100 –> 00:41:36,020
The steward convenes adjudication.
1043
00:41:36,020 –> 00:41:39,940
Business owner, security, legal, and the steward inside a fixed window.
1044
00:41:39,940 –> 00:41:41,780
Tybreaker authority is named in advance.
1045
00:41:41,780 –> 00:41:43,780
No proxies on high-risk calls.
1046
00:41:43,780 –> 00:41:47,460
If you run IT, your decision is to make this real in the control plane.
1047
00:41:47,460 –> 00:41:49,460
Steward group flips access.
1048
00:41:49,460 –> 00:41:51,460
Ownerless agents die on a timer.
1049
00:41:51,460 –> 00:41:53,300
Exceptions expire automatically.
1050
00:41:53,300 –> 00:41:54,820
Deliverables are concrete.
1051
00:41:54,820 –> 00:41:58,660
An AI register that inventories systems by use case, owner, autonomy,
1052
00:41:58,660 –> 00:42:01,860
explainability level, data sources, controls, and risk tier.
1053
00:42:01,860 –> 00:42:05,860
A first draft raky that names who is responsible, accountable, consulted,
1054
00:42:05,860 –> 00:42:07,860
and informed at each life cycle gate.
1055
00:42:07,860 –> 00:42:10,500
A risk taxonomy tailored to your domains.
1056
00:42:10,500 –> 00:42:16,500
Rights, safety, finance, with thresholds that force human review or pause.
1057
00:42:16,500 –> 00:42:20,660
An escalation matrix with triggers quorum adjudication, SLAs, and outcomes.
1058
00:42:20,660 –> 00:42:22,500
A review pack for the board.
1059
00:42:22,500 –> 00:42:26,260
Incidents, escalations, decisions, changes to controls,
1060
00:42:26,260 –> 00:42:28,740
and the learning letter that proves the loop improved.
1061
00:42:28,740 –> 00:42:29,700
Skills matter.
1062
00:42:29,700 –> 00:42:33,700
The steward needs architecture literacy to understand how identity, data boundaries,
1063
00:42:33,700 –> 00:42:35,300
and agents behave under load.
1064
00:42:35,300 –> 00:42:40,020
Audit fluency to separate evidence from narrative and to prepare for external scrutiny.
1065
00:42:40,020 –> 00:42:44,500
Conflict tolerance because every real escalation pits revenue against risk in real time.
1066
00:42:44,500 –> 00:42:47,540
Communication that is plain, precise, and time-boxed.
1067
00:42:47,540 –> 00:42:49,460
If you’re a kaiho, this is where you must step in.
1068
00:42:49,460 –> 00:42:51,220
Do not hire a poster author.
1069
00:42:51,220 –> 00:42:54,580
Hire a systems thinker who’s been in the room when stop cost money.
1070
00:42:54,580 –> 00:42:56,260
Anti-patterns are easy to spot.
1071
00:42:56,260 –> 00:42:59,620
No power stewards who can schedule meetings but not flip a switch.
1072
00:42:59,620 –> 00:43:04,420
Policy writer, stewards who generate elegant PDFs and leave decisions undefined.
1073
00:43:04,420 –> 00:43:08,660
Tool admin stewards who know every toggle but cannot convene in a adjudication quorum,
1074
00:43:08,660 –> 00:43:09,460
replace them.
1075
00:43:09,460 –> 00:43:12,580
If you run IT, people will expect answers from you here.
1076
00:43:12,580 –> 00:43:16,420
Bind the steward’s authority to identity and logs so their decisions leave traces
1077
00:43:16,420 –> 00:43:17,780
your auditors can trust.
1078
00:43:17,780 –> 00:43:18,900
Roll lenses.
1079
00:43:18,900 –> 00:43:22,580
If you’re a kaiho, your decision is to appoint a steward, publish their mandate,
1080
00:43:22,580 –> 00:43:26,100
and protect their adjudication SLA’s from quarterly pressure.
1081
00:43:26,100 –> 00:43:28,580
Tie leadership incentives to steward outcomes.
1082
00:43:28,580 –> 00:43:31,460
Justified pauses, escalations resolved on time,
1083
00:43:31,460 –> 00:43:34,740
exceptions closed on schedule, incidents prevented by degraded modes.
1084
00:43:34,740 –> 00:43:38,660
If you run IT, your responsibility is to make the stewards authority boring.
1085
00:43:38,660 –> 00:43:41,620
Groups, timers, revocations, and dashboards wired to owners.
1086
00:43:41,620 –> 00:43:46,100
If you lead data or product, deliver one page evidence that enables five minute decisions.
1087
00:43:46,100 –> 00:43:50,580
If you own the business, show up to escalations except or withdraw risk on record
1088
00:43:50,580 –> 00:43:52,580
and carry consequence without delay.
1089
00:43:52,580 –> 00:43:53,700
Apply the pattern.
1090
00:43:53,700 –> 00:43:57,140
Co-pilot exposure, the stewards intake would have forced an owner,
1091
00:43:57,140 –> 00:43:58,580
a data plan with labels,
1092
00:43:58,580 –> 00:44:01,060
and audit only pilot and link expiry.
1093
00:44:01,060 –> 00:44:04,820
Trigger hits, content safety detects sensitive labels and outputs.
1094
00:44:04,820 –> 00:44:06,820
The stewards group pauses red,
1095
00:44:06,820 –> 00:44:11,140
the quorum meets in an hour, outcome logged, controls updated, shadow AI.
1096
00:44:11,140 –> 00:44:12,820
Intake.
1097
00:44:12,820 –> 00:44:14,420
SLA beats a credit card.
1098
00:44:14,420 –> 00:44:19,300
Audit only lane exists, owner signs, steward pauses when signals turn.
1099
00:44:19,300 –> 00:44:21,620
Governance theatre, not on the stewards watch,
1100
00:44:21,620 –> 00:44:25,300
non-delagable identities and artifacts make drift visible and stoppable.
1101
00:44:25,300 –> 00:44:28,100
Your steward is the difference between intent and enforcement,
1102
00:44:28,100 –> 00:44:29,460
a point one who can carry it.
1103
00:44:29,460 –> 00:44:32,100
Cross-functional collaborations that work.
1104
00:44:32,100 –> 00:44:34,740
Stewardship only works when the people who control risk
1105
00:44:34,740 –> 00:44:37,300
and the people who create value sit in the same loop
1106
00:44:37,300 –> 00:44:38,340
and decide fast.
1107
00:44:38,340 –> 00:44:42,740
That means legal, security, IT, data, product, business,
1108
00:44:42,740 –> 00:44:45,620
and privacy compliance are not observers.
1109
00:44:45,620 –> 00:44:49,220
They are co-owners of decision surfaces with evidence and authority.
1110
00:44:49,220 –> 00:44:52,020
Legal’s role is not towards Smith policies after the fact.
1111
00:44:52,020 –> 00:44:54,660
Legal draws red lines, drafts procurement clauses
1112
00:44:54,660 –> 00:44:56,420
that bind vendors to your oversight
1113
00:44:56,420 –> 00:44:59,860
and ensures disclosures don’t wander into lawful but awful.
1114
00:44:59,860 –> 00:45:03,140
If you’re a car, your decision here is to require legal sign-off
1115
00:45:03,140 –> 00:45:05,460
on risk taxonomy, prohibited uses,
1116
00:45:05,460 –> 00:45:08,100
and vendor attestations before pilot scale.
1117
00:45:08,100 –> 00:45:11,300
If you run IT, you’ll be expected to map those red lines
1118
00:45:11,300 –> 00:45:13,860
to “entra-groups” and “per-view” policies,
1119
00:45:13,860 –> 00:45:14,820
so they’re enforceable.
1120
00:45:14,820 –> 00:45:16,340
If you lead data or product,
1121
00:45:16,340 –> 00:45:18,660
you feed legal with model cards, lineage,
1122
00:45:18,660 –> 00:45:20,740
and explainability levels they can defend.
1123
00:45:20,740 –> 00:45:23,140
If you own the business, you carry the disclosure consequence
1124
00:45:23,140 –> 00:45:24,900
when a poor touches customers.
1125
00:45:24,900 –> 00:45:27,700
Security and IT are the enforcement surface.
1126
00:45:27,700 –> 00:45:29,460
Identity is the control plane.
1127
00:45:29,460 –> 00:45:31,620
Data boundaries are the substrate.
1128
00:45:31,620 –> 00:45:34,900
Security owns “joiner”, “mover”, “liver”, “high-jean”,
1129
00:45:34,900 –> 00:45:36,500
“service-principal rotation”
1130
00:45:36,500 –> 00:45:38,020
and “ownerless agent death”.
1131
00:45:38,020 –> 00:45:40,180
IT binds audit-only pilots, default deny
1132
00:45:40,180 –> 00:45:42,180
on sensitive scopes and logs to owners.
1133
00:45:42,180 –> 00:45:44,980
If you’re a car, your decision is to prioritize automation
1134
00:45:44,980 –> 00:45:47,940
over memos, no owner, no access.
1135
00:45:47,940 –> 00:45:50,660
If you run IT, people will expect answers from you,
1136
00:45:50,660 –> 00:45:52,740
which identities can invoke, which AI
1137
00:45:52,740 –> 00:45:55,780
and how pausing works at 4pm, not on slide 12.
1138
00:45:55,780 –> 00:45:58,260
Data isn’t fuel its liability without stewardship.
1139
00:45:58,260 –> 00:46:00,500
The data team proves lineage, consent provenance,
1140
00:46:00,500 –> 00:46:02,500
representativeness, and unlearning parts.
1141
00:46:02,500 –> 00:46:05,140
They close inheritance gaps where labels don’t travel
1142
00:46:05,140 –> 00:46:06,740
and they make drift detectable.
1143
00:46:06,740 –> 00:46:08,260
If you lead data or product,
1144
00:46:08,260 –> 00:46:10,820
your responsibility is to produce decision-ready evidence
1145
00:46:10,820 –> 00:46:14,580
on one page, data sets, labels, restrictions,
1146
00:46:14,580 –> 00:46:17,860
and the explainability level, the steward will adjudicate.
1147
00:46:17,860 –> 00:46:20,180
If you’re a kio, require this at intake,
1148
00:46:20,180 –> 00:46:22,100
otherwise you’re approving vibes.
1149
00:46:22,100 –> 00:46:24,340
Product and business carry value and consequence.
1150
00:46:24,340 –> 00:46:28,180
They define value and harm hypotheses, success and stop matrix,
1151
00:46:28,180 –> 00:46:30,500
degraded modes, and rollback mechanics.
1152
00:46:30,500 –> 00:46:32,820
They own residual risk acceptance in writing.
1153
00:46:32,820 –> 00:46:35,060
If you own the business, your responsibility is to decide
1154
00:46:35,060 –> 00:46:36,740
what you will pause and when.
1155
00:46:36,740 –> 00:46:38,980
If you lead product, you design the feedback capture
1156
00:46:38,980 –> 00:46:42,980
and ensure instrumentation makes post-incident reconstruction take minutes.
1157
00:46:42,980 –> 00:46:46,500
Privacy and compliance embed assessments into the intake ritual.
1158
00:46:46,500 –> 00:46:50,500
AIAs, DPIAs, and disclosure rules that scale with risk tiers.
1159
00:46:50,500 –> 00:46:52,660
Their job is to prevent checkbox theatre
1160
00:46:52,660 –> 00:46:54,660
by tying thresholds to triggers and training
1161
00:46:54,660 –> 00:46:56,900
meaningful human oversight into actual practice.
1162
00:46:56,900 –> 00:46:59,540
If you’re a kio, this is where you must step in.
1163
00:46:59,540 –> 00:47:02,020
Agree what meaningful means by domain
1164
00:47:02,020 –> 00:47:03,540
and verify it with table tops.
1165
00:47:03,540 –> 00:47:04,980
Now the collaboration pattern.
1166
00:47:04,980 –> 00:47:09,140
A usable weekly cadence has three moments, intake with all five at the table,
1167
00:47:09,140 –> 00:47:11,780
a pre-deploy quorum to sign risk acceptance
1168
00:47:11,780 –> 00:47:14,420
and a time-boxed escalation window that never slips.
1169
00:47:14,420 –> 00:47:16,740
Each function brings evidence.
1170
00:47:16,740 –> 00:47:18,980
Legal brings red lines and clauses.
1171
00:47:18,980 –> 00:47:22,420
Security IT brings enforceable identity and boundary controls.
1172
00:47:22,420 –> 00:47:25,540
Data brings lineage and explainability.
1173
00:47:25,540 –> 00:47:28,740
Product, business brings value and stop criteria.
1174
00:47:28,740 –> 00:47:32,660
Privacy, compliance brings assessments mapped to risk tiers.
1175
00:47:32,660 –> 00:47:35,540
The Stuart orchestrates then pauses when triggers hit.
1176
00:47:35,540 –> 00:47:38,020
Case pattern surfaced the failure modes and fixes.
1177
00:47:38,020 –> 00:47:40,260
Copilot exposure is never a copilot problem.
1178
00:47:40,260 –> 00:47:43,060
It’s a boundary failure that legal could have framed.
1179
00:47:43,060 –> 00:47:45,380
No unlabeled sensitive data in shared sites.
1180
00:47:45,380 –> 00:47:49,140
Security Losh IT could have enforced labels required.
1181
00:47:49,140 –> 00:47:50,340
Links expire.
1182
00:47:50,340 –> 00:47:53,060
Data could have evidenced, lineage and consent.
1183
00:47:53,060 –> 00:47:56,020
Product or business could have anticipated, stop metrics,
1184
00:47:56,020 –> 00:47:59,300
and privacy compliance could have embedded assessment tied to triggers.
1185
00:47:59,300 –> 00:48:01,860
Shadow AIAs is speed failure.
1186
00:48:01,860 –> 00:48:05,620
Fixed with an audit-only lane, procurement clauses requiring attestations,
1187
00:48:05,620 –> 00:48:09,620
IT enforcement of audit-only scopes and a stewarded 48-hour intake.
1188
00:48:09,620 –> 00:48:11,460
Governance theatre is an ownership failure.
1189
00:48:11,460 –> 00:48:15,620
Fixed by forcing residual risk acceptance in writing and rewarding justified pauses.
1190
00:48:15,620 –> 00:48:18,500
Roll lenses explicitly.
1191
00:48:18,500 –> 00:48:21,300
If you’re a Cairo, your decision is to convene this coalition with
1192
00:48:21,300 –> 00:48:23,140
a published cadence and non-deluggable.
1193
00:48:23,140 –> 00:48:26,180
If you run IT, bind every promise to a control plane action.
1194
00:48:26,180 –> 00:48:29,300
If you leave data or product, deliver one page evidence on time.
1195
00:48:29,300 –> 00:48:34,260
Every time, if you own the business, accept risk in writing and show up to escalations.
1196
00:48:34,260 –> 00:48:37,460
Do this and collaboration becomes an enforcement engine, not a meeting.
1197
00:48:37,460 –> 00:48:39,940
Decision surfaces across the AI life cycle.
1198
00:48:39,940 –> 00:48:43,620
Every failure you’ve seen lives on a decision surface, someone didn’t own.
1199
00:48:43,620 –> 00:48:47,060
Map them, problem framing, data acquisition, model choice, and tuning,
1200
00:48:47,060 –> 00:48:49,140
deployment operations and retirement.
1201
00:48:49,140 –> 00:48:52,980
At each define the owner, the evidence, and the authority to pause.
1202
00:48:52,980 –> 00:48:55,140
Problem framing asks three things.
1203
00:48:55,140 –> 00:48:56,340
Who is affected?
1204
00:48:56,340 –> 00:48:59,540
Which decisions change and where harm plausibly lands?
1205
00:48:59,540 –> 00:49:04,180
If you’re a Cairo, your decision here is to require a one-page intent and harm hypothesis
1206
00:49:04,180 –> 00:49:05,620
before anyone touches data.
1207
00:49:05,620 –> 00:49:10,180
If you run IT, you’ll be expected to block production access until that page
1208
00:49:10,180 –> 00:49:11,860
exists and has a named owner.
1209
00:49:11,860 –> 00:49:15,860
If you leave data or product, you supply initial metrics and stop criteria.
1210
00:49:15,860 –> 00:49:19,780
If you own the business, you accept the use case in writing or you don’t.
1211
00:49:19,780 –> 00:49:22,180
Data acquisition is lawful basis, minimization,
1212
00:49:22,180 –> 00:49:24,260
representativeness and consent provenance.
1213
00:49:24,260 –> 00:49:28,020
If you’re a Cairo, mandate labeled boundaries and lineage before pilots,
1214
00:49:28,020 –> 00:49:29,700
ET binds labels and DLP.
1215
00:49:29,700 –> 00:49:34,580
Data proves sampling and bias checks, business acknowledges data debt and rollback costs.
1216
00:49:34,580 –> 00:49:38,340
Model selection and tuning is constrained and explainability by domain.
1217
00:49:38,340 –> 00:49:40,580
Cairo sets the explainability bar.
1218
00:49:40,580 –> 00:49:46,020
IT enforces audit only in non-prod, data produces red team and fairness artifacts.
1219
00:49:46,020 –> 00:49:48,020
Business approves autonomy limits.
1220
00:49:48,020 –> 00:49:51,460
Deployment is identity, environment, content safety,
1221
00:49:51,460 –> 00:49:53,140
and feedback capture.
1222
00:49:53,140 –> 00:49:57,300
IT maps invoke rights to intro groups, default denies, sensitive scopes,
1223
00:49:57,300 –> 00:49:58,900
and routes logs to owners.
1224
00:49:58,900 –> 00:50:02,500
Data ensures instrumentation, business defines degraded modes.
1225
00:50:02,500 –> 00:50:04,340
Cairo protects pause authority.
1226
00:50:04,340 –> 00:50:08,900
Operations covers monitoring, confidence, drift, jail breaks, and unusual grounding.
1227
00:50:08,900 –> 00:50:10,820
The steward watches thresholds and escalates.
1228
00:50:10,820 –> 00:50:11,860
IT makes pause real.
1229
00:50:11,860 –> 00:50:13,540
Data brings the context packet.
1230
00:50:13,540 –> 00:50:16,420
Business carries consequence, retirement triggers unlearning,
1231
00:50:16,420 –> 00:50:18,420
notices and register updates.
1232
00:50:18,420 –> 00:50:20,500
If you’re a Cairo, set the retirement triggers now.
1233
00:50:20,500 –> 00:50:22,260
Don’t let entropy decide.
1234
00:50:22,260 –> 00:50:24,980
Use case-based risk, categorization and consequence.
1235
00:50:24,980 –> 00:50:28,740
Use case-based risk, categorization and consequence risk is not a generic label.
1236
00:50:28,740 –> 00:50:31,300
Categorized by rights, safety, and finance impact.
1237
00:50:31,300 –> 00:50:33,780
Minimal, moderate, high, systemic.
1238
00:50:33,780 –> 00:50:37,140
If you’re a Cairo, your decision here is to publish the taxonomy and thresholds.
1239
00:50:37,140 –> 00:50:41,300
Population affected, autonomy, reversibility, and explainability needs drive tearing.
1240
00:50:41,300 –> 00:50:42,740
Controls scale with risk.
1241
00:50:42,740 –> 00:50:46,260
Minimal audit only pilots, short time boxes, owner on record.
1242
00:50:46,260 –> 00:50:50,180
Moderate, bias checks, content safety, human review at confidence bands.
1243
00:50:50,180 –> 00:50:53,700
High, red teaming, fairness thresholds with automatic pause,
1244
00:50:53,700 –> 00:50:58,180
strong explainability, board visibility, systemic cross-domain coordination,
1245
00:50:58,180 –> 00:51:00,820
external disclosure posture, crisis tabletop.
1246
00:51:00,820 –> 00:51:02,020
If it’s lawful, we’re fine.
1247
00:51:02,020 –> 00:51:04,100
It’s how lawful, but awful happens.
1248
00:51:04,100 –> 00:51:05,940
Your equity bar is higher than the statute.
1249
00:51:05,940 –> 00:51:09,620
If you run IT, bind risk tiers to entry and purview policies.
1250
00:51:09,620 –> 00:51:12,980
If you lead data or product, deliver evidence proportional to tier.
1251
00:51:12,980 –> 00:51:17,060
If you own the business, accept the burden of slower velocity and high risk lanes.
1252
00:51:17,060 –> 00:51:18,340
The stewardship rise.
1253
00:51:18,340 –> 00:51:19,940
First draft you can defend.
1254
00:51:19,940 –> 00:51:20,900
Write the names.
1255
00:51:20,900 –> 00:51:23,220
Responsible, business owner for outcome,
1256
00:51:23,220 –> 00:51:26,500
steward for the loop, security for controls, data for quality,
1257
00:51:26,500 –> 00:51:30,180
accountable, executive sponsor for risk acceptance,
1258
00:51:30,180 –> 00:51:32,980
legal for red lines, CIO for alignment,
1259
00:51:32,980 –> 00:51:37,060
consulted, privacy, accessibility, brand, customer success.
1260
00:51:37,060 –> 00:51:40,020
Inform finance HR communications procurement,
1261
00:51:40,020 –> 00:51:43,300
include kill switch rules and the adjudication core-room in notes.
1262
00:51:43,300 –> 00:51:47,860
If you’re a Cairo, your decision is to publish this Rassi and expire roles with departures.
1263
00:51:47,860 –> 00:51:49,300
I’d bind the two groups.
1264
00:51:49,300 –> 00:51:52,900
Data and product attach evidence owners, business science consequence,
1265
00:51:52,900 –> 00:51:55,540
escalation that works in minutes, not weeks.
1266
00:51:55,540 –> 00:51:57,060
Triggers defined in advance.
1267
00:51:57,060 –> 00:51:59,860
Low confidence, safety hits, drift, user harm.
1268
00:51:59,860 –> 00:52:01,460
Handoff carries a context packet.
1269
00:52:01,460 –> 00:52:05,300
Prompt, output, features, lineage, last changes.
1270
00:52:05,300 –> 00:52:08,500
A quorum meets inside a time box with tiebreaker named.
1271
00:52:08,500 –> 00:52:10,100
Outcomes are deterministic.
1272
00:52:10,100 –> 00:52:12,820
Pause the great gate, retrain, retire.
1273
00:52:12,820 –> 00:52:13,780
Lock and notify.
1274
00:52:13,780 –> 00:52:16,020
Post-incident, learn and update controls.
1275
00:52:16,020 –> 00:52:19,140
If you run IT, make pause a control plane action.
1276
00:52:19,140 –> 00:52:21,620
If you’re a Cairo, protect the adjudication SLA.
1277
00:52:21,620 –> 00:52:23,140
Data makes reconstruction fast.
1278
00:52:23,140 –> 00:52:24,740
Business owns communications.
1279
00:52:24,740 –> 00:52:26,500
Identity as the control plane.
1280
00:52:26,500 –> 00:52:28,020
Entra ID decisions.
1281
00:52:28,020 –> 00:52:30,580
Who can invoke which capability under which conditions?
1282
00:52:30,580 –> 00:52:34,500
Joiners, movers, levers, resertified, service principles bound to owners.
1283
00:52:34,500 –> 00:52:38,180
Conditional access for AI, device, location, sensitivity, default deny.
1284
00:52:38,180 –> 00:52:39,780
Owneless agents die on a timer.
1285
00:52:39,780 –> 00:52:42,580
If you run IT, people will expect answers from you here.
1286
00:52:42,580 –> 00:52:44,100
Bind stopship to enter our groups.
1287
00:52:44,100 –> 00:52:46,820
If you’re a Cairo, define non-deligable scopes.
1288
00:52:46,820 –> 00:52:49,220
Data ensures logging ties actions to identities.
1289
00:52:49,220 –> 00:52:51,140
Business signs usage boundaries.
1290
00:52:51,140 –> 00:52:53,060
Data boundary thinking with purview.
1291
00:52:53,060 –> 00:52:57,860
Classify, label and enforce DLP on prompts, outputs and grounding.
1292
00:52:57,860 –> 00:52:59,380
Kill company-wide links.
1293
00:52:59,380 –> 00:53:00,420
Time-bound access.
1294
00:53:00,420 –> 00:53:04,820
Close inheritance gaps in non-office files and teams containers or monitor aggressively.
1295
00:53:04,820 –> 00:53:07,220
Remediate oversharing at source, not at the prompt.
1296
00:53:07,220 –> 00:53:10,660
Evidence is lineage, consent and retention mapped to use cases.
1297
00:53:10,660 –> 00:53:13,620
If you lead data, your responsibility is to prove it.
1298
00:53:13,620 –> 00:53:14,660
IT enforces.
1299
00:53:14,660 –> 00:53:15,780
Business funds fixes.
1300
00:53:15,780 –> 00:53:18,020
Cairo demands proof before scale.
1301
00:53:18,020 –> 00:53:20,420
Copilot governance, where old models break.
1302
00:53:20,420 –> 00:53:23,780
Prompts surface sensitive content when identity and data drift.
1303
00:53:23,780 –> 00:53:24,980
Copilot didn’t leak.
1304
00:53:24,980 –> 00:53:26,500
Our governance did.
1305
00:53:26,500 –> 00:53:29,540
Shadow prompts, unmanaged plugins, personal tenants.
1306
00:53:29,540 –> 00:53:30,660
The control response.
1307
00:53:30,660 –> 00:53:34,500
Audit-only pilots, redaction, usage dashboards, owner hygiene.
1308
00:53:34,500 –> 00:53:35,220
The lesson.
1309
00:53:35,220 –> 00:53:36,500
Tools amplify substrate.
1310
00:53:36,500 –> 00:53:38,260
Only stewardship sets intent.
1311
00:53:38,260 –> 00:53:40,500
If you’re a Cairo, this is where you must step in.
1312
00:53:40,500 –> 00:53:41,860
Encode audit only.
1313
00:53:41,860 –> 00:53:43,540
Owners on record and escalation.
1314
00:53:43,780 –> 00:53:44,820
I’d binds.
1315
00:53:44,820 –> 00:53:46,020
Data labels.
1316
00:53:46,020 –> 00:53:47,620
Business accepts residual risk.
1317
00:53:47,620 –> 00:53:50,980
Decision surfaces across the AI life cycle.
1318
00:53:50,980 –> 00:53:54,660
Every incident you’ve read about can be traced to a decision surface no one owned.
1319
00:53:54,660 –> 00:53:56,820
There aren’t many of them, but they repeat.
1320
00:53:56,820 –> 00:53:57,860
Problem framing.
1321
00:53:57,860 –> 00:53:59,060
Data acquisition.
1322
00:53:59,060 –> 00:54:00,660
Model selection and tuning.
1323
00:54:00,660 –> 00:54:01,460
Deployment.
1324
00:54:01,460 –> 00:54:02,180
Operations.
1325
00:54:02,180 –> 00:54:03,140
And retirement.
1326
00:54:03,140 –> 00:54:04,820
At each surface, you name the owner.
1327
00:54:04,820 –> 00:54:07,700
Define the evidence and bind the authority to pause.
1328
00:54:07,700 –> 00:54:10,260
If you skip anyone, drift becomes policy.
1329
00:54:10,260 –> 00:54:12,180
Problem framing is intent with consequence.
1330
00:54:12,180 –> 00:54:13,060
Three questions.
1331
00:54:13,060 –> 00:54:13,940
Who is affected?
1332
00:54:13,940 –> 00:54:15,860
Which human decisions change?
1333
00:54:15,860 –> 00:54:17,860
And where harm plausibly lands?
1334
00:54:17,860 –> 00:54:23,540
If you’re a Cairo, your decision here is to require a one-page statement before work starts.
1335
00:54:23,540 –> 00:54:26,180
Users, value and harm hypotheses.
1336
00:54:26,180 –> 00:54:29,380
Success and stop metrics and oversight mode.
1337
00:54:29,380 –> 00:54:33,300
If you run IT, your decision is to block any environment with production data
1338
00:54:33,300 –> 00:54:35,700
until that page exists and an owner is on record.
1339
00:54:35,700 –> 00:54:39,700
If you leave data or product, you provide measurable signals for success
1340
00:54:39,700 –> 00:54:41,780
and the conditions that force degraded modes.
1341
00:54:41,780 –> 00:54:45,780
If you own the business outcome, you accept or decline this in writing
1342
00:54:45,780 –> 00:54:48,180
because you carry the consequence when it ships.
1343
00:54:48,180 –> 00:54:50,740
Data acquisition turns slogans into liabilities.
1344
00:54:50,740 –> 00:54:55,060
Lawful basis, minimization, representativeness and consent provenance are non-negotiable.
1345
00:54:55,060 –> 00:54:59,220
If you’re a Cairo, mandate that labels and lineage exist before pilots.
1346
00:54:59,220 –> 00:55:00,980
No label, no load.
1347
00:55:00,980 –> 00:55:04,820
If you run IT, you bind sensitivity labels to DLP and root prompts,
1348
00:55:04,820 –> 00:55:08,820
grounding data and outputs through policies that can redact automatically.
1349
00:55:08,820 –> 00:55:13,940
If you leave data, you evident sampling methods, bias checks and retention plans.
1350
00:55:13,940 –> 00:55:16,340
You also price unlearning so rollback is credible.
1351
00:55:16,340 –> 00:55:20,180
If you own the business, you acknowledge data debt and fund the fixes now.
1352
00:55:20,180 –> 00:55:21,380
Not after the headline.
1353
00:55:21,380 –> 00:55:24,980
Model selection and tuning is where explainability and constraint live.
1354
00:55:24,980 –> 00:55:26,820
Different domains demand different levels.
1355
00:55:26,820 –> 00:55:29,860
Attribution for marketing uplift, feature relevance for credit,
1356
00:55:29,860 –> 00:55:32,020
counterfactuals for clinical assist.
1357
00:55:32,020 –> 00:55:35,460
If you’re a Cairo, set the explainability bar per domain
1358
00:55:35,460 –> 00:55:39,780
and the autonomy ceiling by tier. If you run IT, you enforce audit-only pathways
1359
00:55:39,780 –> 00:55:42,260
for red teaming and fairness tests in non-prod,
1360
00:55:42,260 –> 00:55:43,940
nothing self-promotes to production.
1361
00:55:43,940 –> 00:55:48,260
If you lead data or product, you deliver red team results, calibration curves,
1362
00:55:48,260 –> 00:55:52,500
disparity metrics, and a model card that matches reality, not slideware.
1363
00:55:52,500 –> 00:55:56,100
If you own the business, you approve autonomy limits and the confidence bands
1364
00:55:56,100 –> 00:55:57,620
that force human review.
1365
00:55:57,620 –> 00:56:01,460
Deployment is identity environment, content safety and feedback capture.
1366
00:56:01,460 –> 00:56:04,100
Identity is the control plane who can invoke what,
1367
00:56:04,100 –> 00:56:05,860
from where under which conditions.
1368
00:56:05,860 –> 00:56:09,060
If you run IT, you map invoked rights to entry groups,
1369
00:56:09,060 –> 00:56:12,420
default deny sensitive scopes, time box exceptions,
1370
00:56:12,420 –> 00:56:15,460
tie every action to a human or service principle owner
1371
00:56:15,460 –> 00:56:17,940
and auto-expire ownerless agents.
1372
00:56:17,940 –> 00:56:22,020
Data owners ensure instrumentation, prompts, grounding references,
1373
00:56:22,020 –> 00:56:25,380
outputs, and human acceptance logged for reconstruction in minutes.
1374
00:56:25,380 –> 00:56:28,740
If you own the business, you define degraded modes in advance,
1375
00:56:28,740 –> 00:56:31,060
so pause doesn’t equal off.
1376
00:56:31,060 –> 00:56:34,340
If you’re a coyote, you protect stopship authority from quarterly pressure.
1377
00:56:34,340 –> 00:56:37,700
Operations is where drift, abuse, and change meet reality.
1378
00:56:37,700 –> 00:56:40,740
Humanitor confidence, distribution shifts, jailbreak attempts,
1379
00:56:40,740 –> 00:56:43,620
prompt injection on plugins, and unusual grounding,
1380
00:56:43,620 –> 00:56:46,580
thresholds drive action, they’re not FOIA alerts.
1381
00:56:46,580 –> 00:56:51,300
If you’re a coyote, you set adjudication SLAs and the quorum that convenes on trigger.
1382
00:56:51,300 –> 00:56:55,060
If you run IT, you make pause a control plane action, not a slack thread.
1383
00:56:55,060 –> 00:56:58,260
If you lead data or product, you maintain the context packet.
1384
00:56:58,260 –> 00:57:02,260
Prompt, output, features, lineage, last changes, and user reports.
1385
00:57:02,260 –> 00:57:04,980
If you own the business, you carry communications
1386
00:57:04,980 –> 00:57:07,700
and decide degraded modes on the record.
1387
00:57:07,700 –> 00:57:10,180
Retirement is not a memo, it’s a plan.
1388
00:57:10,180 –> 00:57:13,460
Triggers include performance decay, risk threshold exceeded,
1389
00:57:13,460 –> 00:57:16,420
regulatory change, or replacement by a safer method.
1390
00:57:16,420 –> 00:57:19,380
If you’re a coyote, define retirement triggers now
1391
00:57:19,380 –> 00:57:21,940
and require unlearning paths at intake.
1392
00:57:21,940 –> 00:57:24,820
If you run IT, you enforce service decommission,
1393
00:57:24,820 –> 00:57:27,140
access revocation, and archive evidence.
1394
00:57:27,140 –> 00:57:29,780
If you lead data, you execute deletion and verify it,
1395
00:57:29,780 –> 00:57:31,860
you retain the lawful minimum and update lineage.
1396
00:57:31,860 –> 00:57:33,860
If you own the business, you notify users
1397
00:57:33,860 –> 00:57:36,020
and when appropriate external stakeholders.
1398
00:57:36,020 –> 00:57:39,300
You also accept service impact while decommission completes.
1399
00:57:39,300 –> 00:57:41,220
Tired together with an enforcement rhythm,
1400
00:57:41,220 –> 00:57:43,460
weekly intake with all owners, a pre-deploy quorum
1401
00:57:43,460 –> 00:57:46,900
that signs risk acceptance, and a time-boxed escalation window.
1402
00:57:46,900 –> 00:57:49,780
Each surface produces evidence, intent page,
1403
00:57:49,780 –> 00:57:52,660
data lineage, model card and red team results,
1404
00:57:52,660 –> 00:57:54,820
identity bound deployment controls,
1405
00:57:54,820 –> 00:57:58,580
operational thresholds with alerts and retirement confirmations.
1406
00:57:58,580 –> 00:58:01,060
The Stuart orchestrates the loop, the authority to pause
1407
00:58:01,060 –> 00:58:03,540
sits in identity, the board sees the inventory,
1408
00:58:03,540 –> 00:58:04,820
incidents and names.
1409
00:58:04,820 –> 00:58:06,980
If you’re a coyote, mandate these surfaces
1410
00:58:06,980 –> 00:58:09,060
and the evidence per surface, if you run IT,
1411
00:58:09,060 –> 00:58:10,420
bind them to the control plane.
1412
00:58:10,420 –> 00:58:13,380
If you lead data or product, deliver decision-ready artifacts
1413
00:58:13,380 –> 00:58:14,100
on time.
1414
00:58:14,100 –> 00:58:16,420
If you own the business, accept residual risk
1415
00:58:16,420 –> 00:58:18,980
and writing and show up when escalation calls.
1416
00:58:18,980 –> 00:58:20,900
That’s how you prevent conditional chaos
1417
00:58:20,900 –> 00:58:23,300
from becoming your operating model.
1418
00:58:23,300 –> 00:58:27,060
Use case-based risk, categorization and consequence.
1419
00:58:27,060 –> 00:58:30,180
Risk is not a general mood, it is a property of a use case.
1420
00:58:30,180 –> 00:58:34,260
You categorize by consequence, rights, safety and finance.
1421
00:58:34,260 –> 00:58:36,660
Then you tear minimal moderate high systemic.
1422
00:58:36,660 –> 00:58:38,340
The taxonomy is your steering column.
1423
00:58:38,340 –> 00:58:40,100
Without it, everything feels important
1424
00:58:40,100 –> 00:58:41,940
and nothing earns stopping power.
1425
00:58:41,940 –> 00:58:44,500
Start with criteria that don’t drift with opinion.
1426
00:58:44,500 –> 00:58:46,980
Population affected, autonomy of the system,
1427
00:58:46,980 –> 00:58:50,660
reversibility of harm and explainability required by the domain.
1428
00:58:50,660 –> 00:58:53,860
A chatbot summarizing public docs for 10 users with human review
1429
00:58:53,860 –> 00:58:55,460
and easy rollback?
1430
00:58:55,460 –> 00:58:56,100
Minimal.
1431
00:58:56,100 –> 00:58:58,660
An internal pricing recommender guiding thousands of quotes
1432
00:58:58,660 –> 00:59:00,820
with bounded autonomy and clear explanations?
1433
00:59:00,820 –> 00:59:01,620
Moderate.
1434
00:59:01,620 –> 00:59:04,340
Accredit pre-approval model that changes access to capital
1435
00:59:04,340 –> 00:59:06,980
or a clinical assist that shapes care plans high.
1436
00:59:06,980 –> 00:59:09,300
A cross-domain agent tied to identity, finance
1437
00:59:09,300 –> 00:59:10,660
and safety decisions at once?
1438
00:59:10,660 –> 00:59:11,620
Systemic.
1439
00:59:11,620 –> 00:59:14,020
If you’re a coyote, your decision here is to publish
1440
00:59:14,020 –> 00:59:16,180
this taxonomy with thresholds that force action.
1441
00:59:16,180 –> 00:59:17,220
Name the bands.
1442
00:59:17,220 –> 00:59:20,100
Minimal means audit only pilots, short time boxes,
1443
00:59:20,100 –> 00:59:22,580
an owner on record and exit criteria.
1444
00:59:22,580 –> 00:59:26,580
Moderate means bias checks, content safety and human review
1445
00:59:26,580 –> 00:59:28,580
at defined confidence ranges.
1446
00:59:28,580 –> 00:59:31,460
High means red teaming, disparity thresholds with automatic pause,
1447
00:59:31,460 –> 00:59:34,260
explainability at the level your regulators and your users can defend
1448
00:59:34,260 –> 00:59:36,340
and board visibility.
1449
00:59:36,340 –> 00:59:38,340
Systemic means coordination across domains,
1450
00:59:38,340 –> 00:59:40,900
external disclosure posture, crisis table tops
1451
00:59:40,900 –> 00:59:43,460
and explicit stopship authority rehearsed in public.
1452
00:59:43,460 –> 00:59:46,900
If you run IT, people will expect answers from you on day one.
1453
00:59:46,900 –> 00:59:50,500
Bind the tiers to the control plane, minimal lanes inherit default deny
1454
00:59:50,500 –> 00:59:52,660
but allow audit only access in sandboxes.
1455
00:59:52,660 –> 00:59:56,180
Moderate lanes require entra groups scoped to specific capabilities
1456
00:59:56,180 –> 00:59:59,300
and purview policies that redact sensitive prompts and outputs.
1457
00:59:59,300 –> 01:00:01,860
High lanes tie invocation to managed devices,
1458
01:00:01,860 –> 01:00:03,940
strong authentication and time boxed exceptions
1459
01:00:03,940 –> 01:00:05,620
that expire without reminders.
1460
01:00:05,620 –> 01:00:07,780
Systemic lanes demand separate environments,
1461
01:00:07,780 –> 01:00:11,380
owner attestations and kill switches that degrade not only disabled.
1462
01:00:11,380 –> 01:00:15,140
If you lead data or product, your responsibility is proportional evidence.
1463
01:00:15,140 –> 01:00:17,780
Minimal needs a one page model card and basic lineage.
1464
01:00:17,780 –> 01:00:23,060
Moderate needs calibration curves, sampling details and content safety logs.
1465
01:00:23,060 –> 01:00:26,340
High needs red team reports, disparity metrics, data set representativeness
1466
01:00:26,340 –> 01:00:27,700
and counterfactual explanations.
1467
01:00:27,700 –> 01:00:30,340
Systemic needs all of that plus change control,
1468
01:00:30,340 –> 01:00:32,660
rollback plans and unlearning paths,
1469
01:00:32,660 –> 01:00:33,860
cost it and scheduled.
1470
01:00:33,860 –> 01:00:36,340
If you own the business, your decision is to accept
1471
01:00:36,340 –> 01:00:38,740
slower velocity in higher tiers in writing.
1472
01:00:38,740 –> 01:00:41,300
That’s the trade you make to keep customers and regulators.
1473
01:00:41,300 –> 01:00:42,820
You also define degraded modes.
1474
01:00:43,380 –> 01:00:45,060
What the system does when it pauses.
1475
01:00:45,060 –> 01:00:50,100
Off is not a plan, fallback to human workflow with reduced scope is
1476
01:00:50,100 –> 01:00:51,060
now the consequences.
1477
01:00:51,060 –> 01:00:54,900
Controls scale with risk, but so do incentives and review cadence.
1478
01:00:54,900 –> 01:00:57,860
Minimal use cases graduate or retire quickly,
1479
01:00:57,860 –> 01:01:00,020
you reward speed within guard rails.
1480
01:01:00,020 –> 01:01:02,980
Moderate requires monthly drift checks and quarterly access
1481
01:01:02,980 –> 01:01:06,980
research. High gets weekly signal reviews and quarterly board updates.
1482
01:01:06,980 –> 01:01:10,420
Systemic gets continuous monitoring with thresholds that escalate to the steward
1483
01:01:10,420 –> 01:01:13,700
inside minutes. Common failure patterns map cleanly to tiers.
1484
01:01:13,700 –> 01:01:18,500
Copilot exposure is rarely high by intent but becomes high by blast radius,
1485
01:01:18,500 –> 01:01:23,060
treated as moderate by taxonomy, then enforce high discipline data boundaries.
1486
01:01:23,060 –> 01:01:27,700
Shadow AI looks minimal until you discover it powers pricing emails or HR guidance.
1487
01:01:27,700 –> 01:01:30,980
Recategorize upward on discovery.
1488
01:01:30,980 –> 01:01:33,940
Your taxonomy must allow promotion on evidence, not ego.
1489
01:01:33,940 –> 01:01:38,740
Governance theatre calls everything “high” to look serious, then ignores the burden.
1490
01:01:38,740 –> 01:01:41,460
Your taxonomy prevents that by attaching costs to tier.
1491
01:01:41,460 –> 01:01:43,220
Lawful but awful lives here too.
1492
01:01:43,220 –> 01:01:45,860
A use case can be compliant and still inequitable.
1493
01:01:45,860 –> 01:01:47,860
Your equity bar is higher than the statute.
1494
01:01:47,860 –> 01:01:50,180
That’s why explainability level is in the tiering
1495
01:01:50,180 –> 01:01:53,060
and why fairness thresholds trigger pause automatically.
1496
01:01:53,060 –> 01:01:55,380
If you’re a chaio, this is where you must step in.
1497
01:01:55,380 –> 01:01:58,020
Require equity reviews for high and systemic tiers,
1498
01:01:58,020 –> 01:02:00,020
not as memos but as numbers tied to action.
1499
01:02:00,020 –> 01:02:01,220
Buying money to tiers.
1500
01:02:01,220 –> 01:02:04,260
Budget red teaming and tabletops for high and systemic.
1501
01:02:04,260 –> 01:02:07,060
Budget labeling remediation where moderate relies on sensitive data.
1502
01:02:07,700 –> 01:02:10,260
Budget user education where explainability is the control.
1503
01:02:10,260 –> 01:02:13,300
If you run IT, bake tier metadata into logs.
1504
01:02:13,300 –> 01:02:16,820
So audit trails show not just what happened, but under which risk contract.
1505
01:02:16,820 –> 01:02:20,900
If you lead data or product, tag artifacts by tier, so the Stuart’s queue
1506
01:02:20,900 –> 01:02:22,340
enforces evidence steps.
1507
01:02:22,340 –> 01:02:26,980
If you own the business, fund the difference and resist the reflex to downgrade risk to ship.
1508
01:02:26,980 –> 01:02:27,940
Finally make it visible.
1509
01:02:27,940 –> 01:02:31,940
The AI register shows tier owner, autonomy, explainability and next review.
1510
01:02:31,940 –> 01:02:35,780
The review pack shows incidents by tier, escalations resolved on time,
1511
01:02:35,780 –> 01:02:37,620
and exceptions closed on schedule.
1512
01:02:37,620 –> 01:02:39,140
The taxonomy is not a poster.
1513
01:02:39,140 –> 01:02:40,660
It’s the reason your pause is credible.
1514
01:02:40,660 –> 01:02:43,940
The stewardship rassy, first draft you can defend.
1515
01:02:43,940 –> 01:02:46,420
Write the names, not roles, not departments.
1516
01:02:46,420 –> 01:02:46,980
Names.
1517
01:02:46,980 –> 01:02:49,940
This is the document that converts intent into stopping power
1518
01:02:49,940 –> 01:02:51,940
because everyone knows where authority lives,
1519
01:02:51,940 –> 01:02:53,460
which evidence they owe.
1520
01:02:53,460 –> 01:02:56,180
And when the kill switch fires, start with responsible,
1521
01:02:56,180 –> 01:02:58,100
four seats, no substitutes.
1522
01:02:58,100 –> 01:03:01,300
Business owner, responsible for the outcome and its consequences.
1523
01:03:01,300 –> 01:03:04,980
They define value and harm hypotheses, success and stop metrics,
1524
01:03:04,980 –> 01:03:08,100
degraded modes and accept residual risk in writing.
1525
01:03:08,100 –> 01:03:11,300
AI Stuart, responsible for the loop, intake discipline,
1526
01:03:11,300 –> 01:03:14,740
life cycle evidence, escalation, orchestration and post-incident learning.
1527
01:03:14,740 –> 01:03:17,700
They don’t own the model, they own the decision rhythm.
1528
01:03:17,700 –> 01:03:21,220
Security IT, responsible for enforceable controls,
1529
01:03:21,220 –> 01:03:23,540
identity as the control plane, data boundary policies,
1530
01:03:23,540 –> 01:03:26,740
logging and making pause a control plane action, not a meeting.
1531
01:03:26,740 –> 01:03:28,980
Data, responsible for data fitness,
1532
01:03:28,980 –> 01:03:31,540
lineage, consent provenance, representativeness,
1533
01:03:31,540 –> 01:03:34,660
explainability artifacts and unlearning paths.
1534
01:03:34,660 –> 01:03:37,940
Accountable is where escalation lands when trade-offs get political.
1535
01:03:37,940 –> 01:03:41,860
Executive sponsor, accountable for risk acceptance and stop-ship authority,
1536
01:03:41,860 –> 01:03:44,100
the person who can stop revenue for safety.
1537
01:03:44,100 –> 01:03:48,100
Legal? Accountable for red lines, procurement closes and disclosure posture,
1538
01:03:48,100 –> 01:03:50,580
they decide what cannot ship under any circumstance.
1539
01:03:50,580 –> 01:03:53,460
Cairo, accountable for alignment to the steward ship model,
1540
01:03:53,460 –> 01:03:56,980
risk taxonomy and explainability standards across domains.
1541
01:03:56,980 –> 01:04:00,340
Consulted keeps the loop wide enough to avoid lawful but awful.
1542
01:04:00,340 –> 01:04:03,860
Privacy, accessibility, brand, customer success.
1543
01:04:03,860 –> 01:04:06,020
Informed is the operational blast radius.
1544
01:04:06,020 –> 01:04:09,060
Finance, HR, communications, procurement.
1545
01:04:09,060 –> 01:04:13,060
If you’re a Cairo, your decision is to publish this russy attach names
1546
01:04:13,060 –> 01:04:15,860
and set aspirations tied to employment changes.
1547
01:04:15,860 –> 01:04:17,060
No ghost ownership.
1548
01:04:17,060 –> 01:04:19,460
If you run IT, people will expect answers from you,
1549
01:04:19,460 –> 01:04:23,460
bind these roles to groups in interest or approvals and pauses map to identity.
1550
01:04:23,460 –> 01:04:27,620
If you lead data or product, your responsibility is to attach evidence owners
1551
01:04:27,620 –> 01:04:30,500
to each life cycle checkpoint and keep the artifacts fresh.
1552
01:04:30,500 –> 01:04:34,180
If you own the business, you sign the residual risk block and degraded mode plan.
1553
01:04:34,180 –> 01:04:36,980
Now the notes that make this defensible, kill switch rules,
1554
01:04:36,980 –> 01:04:39,380
define the systems that carry stop-ship authority,
1555
01:04:39,380 –> 01:04:42,100
the conditions that trigger it and the scope of pause,
1556
01:04:42,100 –> 01:04:43,940
capabilities, cohorts, regions.
1557
01:04:43,940 –> 01:04:48,340
Make the switch a control plane action with audit, not a slack message.
1558
01:04:48,340 –> 01:04:49,620
Adjudication quorum.
1559
01:04:49,620 –> 01:04:52,420
Name the three to five roles that convene on escalation,
1560
01:04:52,420 –> 01:04:54,180
the tiebreaker and the time box.
1561
01:04:54,180 –> 01:04:56,020
Publish the SLA minutes not days.
1562
01:04:56,020 –> 01:04:57,940
Authority surfaces must be explicit.
1563
01:04:57,940 –> 01:05:01,140
Business owner authorizes production deployment after pre-deploy review
1564
01:05:01,140 –> 01:05:03,300
and owns customer communications on pause.
1565
01:05:03,300 –> 01:05:05,540
AI Stewart convenes adjudication on thresholds,
1566
01:05:05,540 –> 01:05:08,340
logs decisions and updates controls post-incident,
1567
01:05:08,340 –> 01:05:10,500
security IT implements pause,
1568
01:05:10,500 –> 01:05:12,340
degrades capability per plan,
1569
01:05:12,340 –> 01:05:14,980
verifies identity and data boundary integrity
1570
01:05:14,980 –> 01:05:16,580
and restores service on decision.
1571
01:05:16,580 –> 01:05:19,060
Data prepares the context packet.
1572
01:05:19,060 –> 01:05:21,860
Prompt, output, features, lineage,
1573
01:05:21,860 –> 01:05:24,180
last changes and user reports.
1574
01:05:24,180 –> 01:05:26,020
They certify unlearning on retire.
1575
01:05:26,020 –> 01:05:29,220
Legal validates disclosures confirms vendor obligations
1576
01:05:29,220 –> 01:05:31,060
and approves any external statements
1577
01:05:31,060 –> 01:05:32,660
that imply model behavior.
1578
01:05:32,660 –> 01:05:35,780
Executive sponsor arbitrates, scope creep and shields,
1579
01:05:35,780 –> 01:05:37,300
stop-ship from quarterly pressure.
1580
01:05:37,300 –> 01:05:39,700
Cairo enforces the taxonomy,
1581
01:05:39,700 –> 01:05:41,860
no exceptions without end dates and evidence.
1582
01:05:41,860 –> 01:05:43,940
If you’re a Cairo, this is where you must step in.
1583
01:05:43,940 –> 01:05:46,900
Outlaw, vague verbs, replace, supports,
1584
01:05:46,900 –> 01:05:51,060
advises and owns with decides, approves, pauses, accepts.
1585
01:05:51,060 –> 01:05:53,060
Racy language drives behavior.
1586
01:05:53,060 –> 01:05:55,460
If you run IT, translate approvals into access.
1587
01:05:55,940 –> 01:05:58,500
Only accountable can grant production invocation groups.
1588
01:05:58,500 –> 01:06:01,540
Only business owner can approve degraded mode playbooks.
1589
01:06:01,540 –> 01:06:04,180
Only steward can flip escalation state.
1590
01:06:04,180 –> 01:06:05,780
If you lead data or product,
1591
01:06:05,780 –> 01:06:07,380
schedule artifact refresh.
1592
01:06:07,380 –> 01:06:09,540
Model cards and bias reports age,
1593
01:06:09,540 –> 01:06:11,940
set quarterly reviews aligned to risk tier.
1594
01:06:11,940 –> 01:06:13,140
If you own the business,
1595
01:06:13,140 –> 01:06:15,220
attend the first three escalations.
1596
01:06:15,220 –> 01:06:16,900
Teach the organization that pauses
1597
01:06:16,900 –> 01:06:18,420
or leadership work, not optics,
1598
01:06:18,420 –> 01:06:20,340
common failure patterns and fixes.
1599
01:06:20,340 –> 01:06:21,540
Dual hat ambiguity,
1600
01:06:21,540 –> 01:06:23,860
the same person feels steward and product.
1601
01:06:23,860 –> 01:06:25,780
Fix, separate loop from build,
1602
01:06:25,780 –> 01:06:27,540
conflict of interest is entropy.
1603
01:06:27,540 –> 01:06:29,380
Committee owns it, no one does.
1604
01:06:29,380 –> 01:06:32,260
Fix, one name pa rassi cell,
1605
01:06:32,260 –> 01:06:34,500
committees may be consulted, not responsible.
1606
01:06:34,500 –> 01:06:36,260
Temporary exceptions, they become permanent.
1607
01:06:36,260 –> 01:06:38,180
Fix,
1608
01:06:38,180 –> 01:06:41,300
exception register with sunset dates auto-expiring access.
1609
01:06:41,300 –> 01:06:43,780
Renewals require executive sponsor signature,
1610
01:06:43,780 –> 01:06:46,420
ownerless agents, plugins and service principles drift.
1611
01:06:46,420 –> 01:06:51,300
Fix, agent registry bound to owners with 90 day expiration.
1612
01:06:51,300 –> 01:06:52,500
Security kills on timer.
1613
01:06:53,220 –> 01:06:54,420
Case patterns anchor this.
1614
01:06:54,420 –> 01:06:58,420
Copilot exposure, your rassi should show business owner HR,
1615
01:06:58,420 –> 01:07:00,820
for outcome, security IT for controls,
1616
01:07:00,820 –> 01:07:03,460
data for boundary proof, legal for disclosure,
1617
01:07:03,460 –> 01:07:05,700
executive sponsor for stopship.
1618
01:07:05,700 –> 01:07:09,860
Shadow AI, product or business is responsible for value delivery,
1619
01:07:09,860 –> 01:07:12,020
steward creates an audit only lane,
1620
01:07:12,020 –> 01:07:14,260
IT enforces legal binds vendors,
1621
01:07:14,260 –> 01:07:16,500
executive sponsor funds the sanctioned alternative.
1622
01:07:16,500 –> 01:07:19,380
Governance theater, absence of names and verbs,
1623
01:07:19,380 –> 01:07:20,900
fix it with this document and publish it,
1624
01:07:20,900 –> 01:07:21,940
make it visible.
1625
01:07:21,940 –> 01:07:23,860
Attach raky to the AI register.
1626
01:07:23,860 –> 01:07:25,860
Each use case references the same roles
1627
01:07:25,860 –> 01:07:28,660
unless local variations are justified and approved.
1628
01:07:28,660 –> 01:07:31,380
Tired to onboarding, joiners land in the right groups,
1629
01:07:31,380 –> 01:07:33,540
leave us lose authority on the last day.
1630
01:07:33,540 –> 01:07:36,260
Add a one page how decisions flow diagram,
1631
01:07:36,260 –> 01:07:40,580
who decides at intake, pre-deploy, post-deploy and escalation.
1632
01:07:40,580 –> 01:07:44,500
If you’re a Cairo require the first draft in week two of the 90 day plan
1633
01:07:44,500 –> 01:07:46,260
and iterate in the first tabletop.
1634
01:07:46,260 –> 01:07:48,660
If you run IT, instrument it,
1635
01:07:48,660 –> 01:07:52,580
every decision and pause leaves a trail mapped back to raky roles.
1636
01:07:52,580 –> 01:07:56,500
If you lead data or product, bring decision ready evidence on time,
1637
01:07:56,500 –> 01:07:58,500
missing artifacts are misses against you.
1638
01:07:58,500 –> 01:08:00,580
If you own the business except that this document
1639
01:08:00,580 –> 01:08:02,260
constraints speed by design,
1640
01:08:02,260 –> 01:08:04,740
that constraint is your reputational insurance.
1641
01:08:04,740 –> 01:08:07,140
Do this well and racey becomes more than a chart.
1642
01:08:07,140 –> 01:08:10,820
It becomes the spine that turns steward ship from a value statement
1643
01:08:10,820 –> 01:08:12,420
into a working control system.
1644
01:08:12,420 –> 01:08:14,740
Escalation that works in minutes, not weeks,
1645
01:08:14,740 –> 01:08:16,420
incidents don’t start as headlines.
1646
01:08:16,420 –> 01:08:17,940
They start as signals you ignore.
1647
01:08:17,940 –> 01:08:20,660
Escalation is how you convert weak signals into fast,
1648
01:08:20,660 –> 01:08:21,860
defensible decisions.
1649
01:08:21,860 –> 01:08:24,580
It is not a meeting culture, it is a control system.
1650
01:08:24,580 –> 01:08:26,420
Start with triggers you define in advance,
1651
01:08:26,420 –> 01:08:27,940
not during adrenaline.
1652
01:08:27,940 –> 01:08:30,500
Four families cover 95% of reality.
1653
01:08:30,500 –> 01:08:32,580
Low confidence outside approved bands,
1654
01:08:32,580 –> 01:08:35,140
safety hits from content or policy classifiers,
1655
01:08:35,140 –> 01:08:37,220
drift beyond thresholds you published,
1656
01:08:37,220 –> 01:08:40,020
and user harm reports that cross your adjudication bar.
1657
01:08:40,020 –> 01:08:42,260
You can add change windows and jailbreak detection
1658
01:08:42,260 –> 01:08:43,700
if your domain warrants it,
1659
01:08:43,700 –> 01:08:45,540
but keep the list short and specific.
1660
01:08:45,540 –> 01:08:48,900
If you’re a chaiow, your decision here is to publish the trigger catalog
1661
01:08:48,900 –> 01:08:50,820
with thresholds that force action.
1662
01:08:50,820 –> 01:08:52,420
Vague alerts kill urgency.
1663
01:08:52,420 –> 01:08:55,380
When a trigger fires, the handoff must carry context,
1664
01:08:55,380 –> 01:08:56,580
not confusion.
1665
01:08:56,580 –> 01:08:58,820
The context packet is non-negotiable.
1666
01:08:58,820 –> 01:09:02,660
Prompt an output, features used, grounding sources,
1667
01:09:02,660 –> 01:09:06,100
identity and device, lineage to data and model versions,
1668
01:09:06,100 –> 01:09:08,580
last configuration changes and deployment times
1669
01:09:08,580 –> 01:09:10,500
and user reports with timestamps.
1670
01:09:10,500 –> 01:09:13,220
If you run IT, people will expect answers from you.
1671
01:09:13,220 –> 01:09:16,260
Instrument systems, so this packet assembles automatically,
1672
01:09:16,260 –> 01:09:18,420
identity bound within seconds.
1673
01:09:18,420 –> 01:09:22,020
If you lead data or product, your responsibility is to keep
1674
01:09:22,020 –> 01:09:25,460
lineage and model cards accurate so reconstruction is minutes, not days.
1675
01:09:25,460 –> 01:09:27,860
If you own the business, you’ll be the one answering for impact.
1676
01:09:27,860 –> 01:09:30,020
You want that packet before you pick up the phone.
1677
01:09:30,020 –> 01:09:34,100
Adjudication is time-boxed and staffed by a quorum you named yesterday.
1678
01:09:34,100 –> 01:09:37,060
Three to five roles, Stuart, business owner,
1679
01:09:37,060 –> 01:09:41,460
security on IT, data and legal or executive sponsor as tiebreaker,
1680
01:09:41,460 –> 01:09:42,420
depending on tier.
1681
01:09:42,420 –> 01:09:46,580
15 minutes for moderate, 34 high, five for systemic to decide the interim state.
1682
01:09:46,580 –> 01:09:49,940
If you’re a Cairo, protect this SLA from calendar theatre.
1683
01:09:49,940 –> 01:09:51,380
Decision latency is harm.
1684
01:09:51,380 –> 01:09:53,860
Outcomes must be deterministic and bounded.
1685
01:09:53,860 –> 01:09:57,620
Pause a capability, not an entire product unless the evidence demands it.
1686
01:09:57,620 –> 01:09:59,860
Degrade to a safer mode you define that intake.
1687
01:09:59,860 –> 01:10:02,180
Gate access to narrower cohorts or devices.
1688
01:10:02,180 –> 01:10:05,300
Retrain on a known defect with change control, not on hunches.
1689
01:10:05,300 –> 01:10:08,500
Retire if risk or performance crossed the retirement trigger.
1690
01:10:08,500 –> 01:10:11,940
Every outcome logs rationale scope and exit criteria.
1691
01:10:11,940 –> 01:10:17,220
If you run IT, make pause a control plane action key to entry groups.
1692
01:10:17,220 –> 01:10:18,420
No select approvals.
1693
01:10:18,420 –> 01:10:21,140
If you lead data, make rollback real by pricing,
1694
01:10:21,140 –> 01:10:22,900
unlearning and verifying deletion.
1695
01:10:22,900 –> 01:10:26,020
If you own the business, you carry communications.
1696
01:10:26,020 –> 01:10:29,540
Customers, internal and when appropriate regulators.
1697
01:10:29,540 –> 01:10:32,180
Now the part most organizations skip learning.
1698
01:10:32,180 –> 01:10:36,500
Post-incident reviews happen inside a short window and produce changes to controls,
1699
01:10:36,500 –> 01:10:37,860
not platitudes.
1700
01:10:37,860 –> 01:10:39,860
You update thresholds, fix data boundaries,
1701
01:10:39,860 –> 01:10:43,620
adjust explainability requirements and retire brittle autonomy settings.
1702
01:10:43,620 –> 01:10:48,260
If you’re a Cairo, you require that every incident updates at least one control or metric.
1703
01:10:48,260 –> 01:10:51,540
If the answer is no changes, you have governance theatre.
1704
01:10:51,540 –> 01:10:53,060
Case patterns make this concrete.
1705
01:10:53,060 –> 01:10:54,100
Co-pilot exposure?
1706
01:10:54,100 –> 01:10:55,780
Trigger.
1707
01:10:55,780 –> 01:10:58,980
Content safety hits on sensitive labels and outputs.
1708
01:10:58,980 –> 01:11:01,940
Drift, sudden spike in privileged surfaces.
1709
01:11:01,940 –> 01:11:06,660
Context package shows overshared SharePoint, Onalist agents and missing DLP on prompts.
1710
01:11:06,660 –> 01:11:09,460
Adjudication pauses co-pilot for the affected scope,
1711
01:11:09,460 –> 01:11:11,700
degrades to summaries without file joins,
1712
01:11:11,700 –> 01:11:13,940
and gates access to managed devices.
1713
01:11:13,940 –> 01:11:16,260
Post-incident ads link kill policies,
1714
01:11:16,260 –> 01:11:17,780
quarterly access research,
1715
01:11:17,780 –> 01:11:19,380
and label enforcement at source.
1716
01:11:19,380 –> 01:11:20,100
Shadow AI.
1717
01:11:20,100 –> 01:11:21,700
Trigger.
1718
01:11:21,700 –> 01:11:24,820
Anomaly in outbound traffic to unapproved tenants.
1719
01:11:24,820 –> 01:11:27,700
User reports of inconsistent results in pricing emails.
1720
01:11:27,700 –> 01:11:31,220
Context package ties, identities, devices and plugins.
1721
01:11:31,220 –> 01:11:33,300
Lineage reveals unvetted prompts.
1722
01:11:33,300 –> 01:11:37,300
Adjudication gates outbound, mandate sanctioned alternatives in order only,
1723
01:11:37,300 –> 01:11:40,100
and sets a 30-day decommission plan for the Shadow Path.
1724
01:11:40,100 –> 01:11:43,780
Post-incident expands the intake ritual to cover plug-in permissions
1725
01:11:43,780 –> 01:11:46,100
and publishes usage dashboards by org.
1726
01:11:46,100 –> 01:11:47,140
Governance theatre?
1727
01:11:47,140 –> 01:11:47,700
Trigger.
1728
01:11:47,700 –> 01:11:49,780
None because nothing is instrumented.
1729
01:11:49,780 –> 01:11:52,580
Your fix is to formalize triggers, instrument the packet,
1730
01:11:52,580 –> 01:11:54,900
and run a tabletop that exposes the vacuum.
1731
01:11:54,900 –> 01:11:57,540
If you’re a Cairo, this is where you must step in.
1732
01:11:57,540 –> 01:11:59,060
No tool will conjure discipline.
1733
01:11:59,780 –> 01:12:02,340
You define the adjudication quorum, the SLA,
1734
01:12:02,340 –> 01:12:04,740
and the consequences for non-participation.
1735
01:12:04,740 –> 01:12:07,460
Orcsize matters but the mechanism doesn’t change.
1736
01:12:07,460 –> 01:12:10,420
In small teams, one person wears duet and data.
1737
01:12:10,420 –> 01:12:12,180
You still publish triggers in time boxes.
1738
01:12:12,180 –> 01:12:16,900
In mid-size, you name alternates to sustain minutes-level response.
1739
01:12:16,900 –> 01:12:20,660
In large enterprises, you run distributed quorums at the domain level
1740
01:12:20,660 –> 01:12:25,060
with central principles and a cross-domain escalation lane for systemic triggers.
1741
01:12:25,060 –> 01:12:26,260
Finally, prove it works.
1742
01:12:26,260 –> 01:12:28,820
Tabletop with real logs and brake-class accounts.
1743
01:12:28,820 –> 01:12:31,540
Measure time to adjudication, time paused, user impact,
1744
01:12:31,540 –> 01:12:33,140
and mean time to control change.
1745
01:12:33,140 –> 01:12:34,020
Publish the numbers.
1746
01:12:34,020 –> 01:12:37,220
If you’re a Cairo, mandate quarterly tabletops for high-end systemic tiers.
1747
01:12:37,220 –> 01:12:40,500
And if you run IT, instrument every outcome as an auditable event.
1748
01:12:40,500 –> 01:12:42,900
If you lead data or product, keep the packet fresh.
1749
01:12:42,900 –> 01:12:45,620
If you own the business, show up to the first three tabletops.
1750
01:12:45,620 –> 01:12:47,460
The organization will follow your clock speed.
1751
01:12:47,460 –> 01:12:49,940
Identity as the control plane.
1752
01:12:49,940 –> 01:12:51,460
Entra ID decisions.
1753
01:12:51,460 –> 01:12:55,140
Everything you decided about risk and escalation collapses without one thing.
1754
01:12:55,140 –> 01:12:57,060
Identity as a hard control plane.
1755
01:12:57,300 –> 01:12:59,300
Authorization is not a policy document.
1756
01:12:59,300 –> 01:13:02,660
It’s a graph of who can invoke which AI capability from where,
1757
01:13:02,660 –> 01:13:04,820
under which conditions, with whose data.
1758
01:13:04,820 –> 01:13:08,420
If you don’t enforce that graph, intent dissolves into access drift.
1759
01:13:08,420 –> 01:13:09,780
Start with invocation boundaries.
1760
01:13:09,780 –> 01:13:13,060
Every AI capability retrieval summarization with joins generation
1761
01:13:13,060 –> 01:13:15,380
against sensitive stores, plug-in execution.
1762
01:13:15,380 –> 01:13:19,140
Maps to an intro group you control, not a role someone inherits by accident.
1763
01:13:19,140 –> 01:13:22,100
Membership is time-boxed, scoped to a device posture,
1764
01:13:22,100 –> 01:13:24,020
and tied to a business owner on record.
1765
01:13:24,020 –> 01:13:26,420
Default deny isn’t a slogan, it’s the baseline.
1766
01:13:27,380 –> 01:13:30,180
Joiners, movers, levers are entropy generators.
1767
01:13:30,180 –> 01:13:34,580
Move fast here, or you’ll discover former employee accounts are still invoking agents
1768
01:13:34,580 –> 01:13:35,780
in your finance tenant.
1769
01:13:35,780 –> 01:13:39,300
Quarterly access recertification is not enough for privileged AI.
1770
01:13:39,300 –> 01:13:42,500
High and systemic tiers demand monthly attestations
1771
01:13:42,500 –> 01:13:44,260
and automatic expiry for non-use.
1772
01:13:44,260 –> 01:13:47,220
Owneless agents die on a timer.
1773
01:13:47,220 –> 01:13:50,420
Service principles are bound to human owners who renew,
1774
01:13:50,420 –> 01:13:51,460
or entra kills them.
1775
01:13:51,460 –> 01:13:53,780
If you run IT, people will expect answers from you.
1776
01:13:53,780 –> 01:13:55,380
Buying stopship to identity.
1777
01:13:55,380 –> 01:13:59,380
Pause should be an interaction that removes an invocation group from capability scope
1778
01:13:59,380 –> 01:14:01,540
across tenants and workloads in minutes.
1779
01:14:01,540 –> 01:14:04,500
Break-class accounts exist, but they’re audited and time-boxed.
1780
01:14:04,500 –> 01:14:05,780
They don’t bypass the plane.
1781
01:14:05,780 –> 01:14:09,540
Map your escalation outcomes to identity operations.
1782
01:14:09,540 –> 01:14:12,020
Pause a cohort, degrade to read only,
1783
01:14:12,020 –> 01:14:14,580
gate plug-in calls, or restrict to manage devices.
1784
01:14:14,580 –> 01:14:17,140
Conditional access is where intent meets context.
1785
01:14:17,140 –> 01:14:20,580
If a capability can join content from sensitive repositories,
1786
01:14:20,580 –> 01:14:23,540
require compliant devices, strong factors,
1787
01:14:23,540 –> 01:14:26,100
manage networks, and session risk checks.
1788
01:14:26,100 –> 01:14:28,980
If a plug-in can reach external systems,
1789
01:14:28,980 –> 01:14:32,580
bind it to a service principle with least privilege and an expiration.
1790
01:14:32,580 –> 01:14:35,940
Shadow devices, unmanaged browsers and personal tenants are not exceptions.
1791
01:14:35,940 –> 01:14:39,380
They are breach vectors, dressed as productivity.
1792
01:14:39,380 –> 01:14:41,060
This is also where agent hygiene lives.
1793
01:14:41,060 –> 01:14:42,180
Agents are identities.
1794
01:14:42,180 –> 01:14:43,300
Treat them that way.
1795
01:14:43,300 –> 01:14:46,100
Each agent has an owner, a purpose statement,
1796
01:14:46,100 –> 01:14:48,180
allowed scopes, and an expiry.
1797
01:14:48,180 –> 01:14:49,940
Rotate secrets.
1798
01:14:49,940 –> 01:14:52,420
Log every invocation with the human that triggered it.
1799
01:14:52,420 –> 01:14:54,740
Often agents are unbounded autonomy.
1800
01:14:54,740 –> 01:14:55,380
Kill them.
1801
01:14:55,380 –> 01:14:57,620
If you discover an agent no one can name,
1802
01:14:57,620 –> 01:15:00,260
you found a control failure and not a productivity hack.
1803
01:15:00,260 –> 01:15:03,140
If you’re a coyote, your decision here is non-deligable,
1804
01:15:03,140 –> 01:15:07,700
define the surfaces that require your approval before anyone touches an intragroup,
1805
01:15:07,700 –> 01:15:10,580
systemic tier capabilities, cross-domain agents,
1806
01:15:10,580 –> 01:15:14,020
and anything that can reach finance, identity, or safety systems.
1807
01:15:14,020 –> 01:15:18,340
You also decide the autonomy ceiling by tier and the exception protocol.
1808
01:15:18,340 –> 01:15:20,580
No permanent temporary.
1809
01:15:20,580 –> 01:15:22,260
Data must anchor identity.
1810
01:15:22,260 –> 01:15:25,060
Every invocation is traceable to a person or service principle,
1811
01:15:25,060 –> 01:15:27,460
a device posture, a capability scope,
1812
01:15:27,460 –> 01:15:28,740
and a data label boundary.
1813
01:15:28,740 –> 01:15:30,820
That’s how you reconstruct incidents in minutes.
1814
01:15:30,820 –> 01:15:33,300
If you lead data, your responsibility is to ensure
1815
01:15:33,300 –> 01:15:35,540
logs carry lineage and sensitivity context
1816
01:15:35,540 –> 01:15:38,260
so the control plane can enforce DLP at invocation,
1817
01:15:38,260 –> 01:15:39,460
not just at egress.
1818
01:15:39,460 –> 01:15:40,980
Evidence binds back to people.
1819
01:15:40,980 –> 01:15:42,900
Business usage boundaries need signatures.
1820
01:15:42,900 –> 01:15:45,300
Who is allowed to use which AI for which outcomes
1821
01:15:45,300 –> 01:15:47,460
and where it is prohibited, even if lawful?
1822
01:15:47,460 –> 01:15:50,740
HR cannot use generative summarization on grievance narratives.
1823
01:15:50,740 –> 01:15:54,660
Sales cannot push proposals trained on customers’ proprietary templates.
1824
01:15:54,660 –> 01:15:56,180
We didn’t know it’s not a defense.
1825
01:15:56,180 –> 01:15:57,940
It’s an indictment of stewardship.
1826
01:15:57,940 –> 01:15:59,300
Common failure patterns repeat.
1827
01:15:59,300 –> 01:16:02,980
Co-pilot exposure happens when identity is permissive
1828
01:16:02,980 –> 01:16:04,500
and data is promiscuous.
1829
01:16:04,500 –> 01:16:06,900
The assistant simply mirrors your governance.
1830
01:16:06,900 –> 01:16:10,500
Shadow AI thrives, where invocation is unmonetored,
1831
01:16:10,500 –> 01:16:12,980
personal tenets, and unmanaged plugins,
1832
01:16:12,980 –> 01:16:14,740
sidestep, enter entirely.
1833
01:16:14,740 –> 01:16:16,420
Governance theatre publishes principles
1834
01:16:16,420 –> 01:16:18,820
but leaves every employee in all users’ groups
1835
01:16:18,820 –> 01:16:20,580
with access to privileged capabilities.
1836
01:16:20,580 –> 01:16:23,220
The fix is identity discipline, not another policy.
1837
01:16:23,220 –> 01:16:25,140
Oxize changes the mechanics, not the model.
1838
01:16:25,140 –> 01:16:28,660
In small shops, your Entra hygiene is your programme.
1839
01:16:28,660 –> 01:16:31,380
One person wearing Stuart and IT still sets groups,
1840
01:16:31,380 –> 01:16:33,540
explorations and device requirements.
1841
01:16:33,540 –> 01:16:36,420
Mid-size adds an agent registry and monthly research.
1842
01:16:36,420 –> 01:16:38,660
Large enterprises run delegated administration
1843
01:16:38,660 –> 01:16:40,340
with central policy and local owners
1844
01:16:40,340 –> 01:16:42,580
plus a cross-tenant view for systemic agents.
1845
01:16:42,580 –> 01:16:44,580
If you run IT, implement a simple truth.
1846
01:16:44,580 –> 01:16:46,500
Approvals live in Entra, not email.
1847
01:16:46,500 –> 01:16:49,060
If you’re a Cairo, publish the list of capabilities
1848
01:16:49,060 –> 01:16:51,940
that require your signature and the sunset for every exception.
1849
01:16:51,940 –> 01:16:54,500
If you leave data, tie labels to identity checks
1850
01:16:54,500 –> 01:16:56,500
so prompts and outputs carry enforcement.
1851
01:16:56,500 –> 01:16:59,140
If you own the business, sign the usage boundaries
1852
01:16:59,140 –> 01:17:01,300
and live with the pauses they trigger.
1853
01:17:01,300 –> 01:17:04,740
Identity is the only way your intent survives, contact with scale.
1854
01:17:04,740 –> 01:17:07,620
Data boundary thinking with PerView.
1855
01:17:07,620 –> 01:17:10,500
Data boundaries are not labels, they are consequences.
1856
01:17:10,500 –> 01:17:12,580
If identity is the control plane,
1857
01:17:12,580 –> 01:17:14,260
PerView is how you shape the substrate
1858
01:17:14,260 –> 01:17:16,260
so assistance can’t amplify your mistakes.
1859
01:17:16,260 –> 01:17:18,580
You don’t start with prompts, you start at the source,
1860
01:17:18,580 –> 01:17:20,020
classify what matters.
1861
01:17:20,020 –> 01:17:22,340
That means sensitivity labels on the data,
1862
01:17:22,340 –> 01:17:24,820
that grounds on the prompts that traverse it
1863
01:17:24,820 –> 01:17:26,500
and on the outputs that leave.
1864
01:17:26,500 –> 01:17:29,700
Not someday, before pilots, map your high-value stores,
1865
01:17:29,700 –> 01:17:32,100
HR, finance, legal, product roadmaps,
1866
01:17:32,100 –> 01:17:34,900
M&A, health data, anything that would harm rights,
1867
01:17:34,900 –> 01:17:38,020
safety or finance if surfaced in a cheerful summary.
1868
01:17:38,020 –> 01:17:40,980
If you’re a Cairo, your decision is non-negotiable,
1869
01:17:40,980 –> 01:17:42,820
no label, no load.
1870
01:17:42,820 –> 01:17:45,540
If you run IT, bind those labels to DLP
1871
01:17:45,540 –> 01:17:48,100
that can redact prompts and responses automatically.
1872
01:17:48,100 –> 01:17:49,940
If you lead data, prove the coverage.
1873
01:17:49,940 –> 01:17:52,020
If you own the business, accept slower rollout
1874
01:17:52,020 –> 01:17:53,460
until proof exists.
1875
01:17:53,460 –> 01:17:55,140
Kill the companywide link habit.
1876
01:17:55,140 –> 01:17:56,900
Open links are governance graffiti,
1877
01:17:56,900 –> 01:17:58,500
time-bound access with explorations
1878
01:17:58,500 –> 01:17:59,860
that default to minimal,
1879
01:17:59,860 –> 01:18:02,420
scope sharing to groups that map to owners.
1880
01:18:02,420 –> 01:18:05,700
If a SharePoint library can be read by the entire tenant,
1881
01:18:05,700 –> 01:18:07,380
assume co-pilot will surface it.
1882
01:18:07,380 –> 01:18:10,020
You didn’t suffer a leak, you published a newsletter,
1883
01:18:10,020 –> 01:18:12,740
close inheritance gaps or monitor aggressively.
1884
01:18:12,740 –> 01:18:14,420
Non-office files and teams containers
1885
01:18:14,420 –> 01:18:16,100
often slip past label inheritance.
1886
01:18:16,100 –> 01:18:18,020
Per view can scan and apply policies,
1887
01:18:18,020 –> 01:18:19,620
but it can’t invent your intent.
1888
01:18:19,620 –> 01:18:23,860
Decide either enforce inheritance for PDFs, images and exports
1889
01:18:23,860 –> 01:18:26,660
or stand up scans with alerts that trigger remediation
1890
01:18:26,660 –> 01:18:27,540
at the source.
1891
01:18:27,540 –> 01:18:29,140
Don’t attempt to filter at the prompt
1892
01:18:29,140 –> 01:18:30,340
at that symptom management.
1893
01:18:30,340 –> 01:18:31,540
Fix the substrate.
1894
01:18:31,540 –> 01:18:33,540
Remediate at source, not at the edge.
1895
01:18:33,540 –> 01:18:35,540
When a sensitive document appears in an output,
1896
01:18:35,540 –> 01:18:37,140
you’ve already lost control.
1897
01:18:37,140 –> 01:18:38,100
Move upstream.
1898
01:18:38,100 –> 01:18:39,540
Narrow library permissions,
1899
01:18:39,540 –> 01:18:40,820
break permissive groups,
1900
01:18:40,820 –> 01:18:43,220
label the content and record the lineage change.
1901
01:18:43,220 –> 01:18:46,020
Outputs improve only when inputs and access improve.
1902
01:18:46,020 –> 01:18:48,740
If you’re a Cairo, codify this in your program.
1903
01:18:48,740 –> 01:18:50,980
No exception that leaves the source dirty.
1904
01:18:50,980 –> 01:18:53,860
If you run IT, make fix that source a workflow,
1905
01:18:53,860 –> 01:18:54,820
not a suggestion.
1906
01:18:54,820 –> 01:18:57,620
If you lead data, prove that lineage changed.
1907
01:18:57,620 –> 01:18:59,780
If you own the business, fund the cleanup,
1908
01:18:59,780 –> 01:19:01,380
you’ve been accruing this debt for years.
1909
01:19:01,380 –> 01:19:03,940
Evidence is not a dashboard.
1910
01:19:03,940 –> 01:19:06,420
It’s traceable lineage, consent and retention
1911
01:19:06,420 –> 01:19:08,020
mapped to use cases.
1912
01:19:08,020 –> 01:19:09,380
For every registered use case,
1913
01:19:09,380 –> 01:19:11,540
your Stuart should be able to point to.
1914
01:19:11,540 –> 01:19:12,900
The data sources used,
1915
01:19:12,900 –> 01:19:15,460
their labels, the consent basis for personal data,
1916
01:19:15,460 –> 01:19:16,820
the retention policy,
1917
01:19:16,820 –> 01:19:18,660
and the last time those were verified.
1918
01:19:18,660 –> 01:19:22,180
If you lead data, your responsibility is to produce that in minutes.
1919
01:19:22,180 –> 01:19:23,940
If you run IT, instrument retrieval,
1920
01:19:23,940 –> 01:19:27,060
so prompts and outputs reference label context in logs.
1921
01:19:27,060 –> 01:19:29,620
If you’re a Cairo, require evidence before scale.
1922
01:19:29,620 –> 01:19:32,180
If you own the business, insist that your name
1923
01:19:32,180 –> 01:19:34,180
not appear on the risk acceptance
1924
01:19:34,180 –> 01:19:35,620
until the evidence exists,
1925
01:19:35,620 –> 01:19:37,300
case patterns underline the point.
1926
01:19:37,300 –> 01:19:40,100
Copilot exposure almost never starts with the assistant.
1927
01:19:40,100 –> 01:19:42,100
It starts with overshared libraries,
1928
01:19:42,100 –> 01:19:44,180
stale permissions and unlabeled files.
1929
01:19:44,180 –> 01:19:46,260
The fix is not turn off copilot.
1930
01:19:46,260 –> 01:19:49,220
It’s recertify access quarterly for high-value stores,
1931
01:19:49,220 –> 01:19:51,460
auto-expire links after 30 days,
1932
01:19:51,460 –> 01:19:54,420
and enforce label inheritance for common ex-filled parts,
1933
01:19:54,420 –> 01:19:56,340
like exports and sync folders.
1934
01:19:56,340 –> 01:19:59,940
Shadow AI often pulls from personal one drive or email caches,
1935
01:19:59,940 –> 01:20:02,580
cut that off by labeling and denying sensitive classes
1936
01:20:02,580 –> 01:20:04,900
to personal tenants and unmanaged devices.
1937
01:20:04,900 –> 01:20:08,260
Governance theatre promises awareness training
1938
01:20:08,260 –> 01:20:10,740
while leaving global links untouched.
1939
01:20:10,740 –> 01:20:13,300
Replace training with entitlements, labels and expirations
1940
01:20:13,300 –> 01:20:14,500
that fail closed.
1941
01:20:14,500 –> 01:20:17,140
Orcsize changes scale, not principle.
1942
01:20:17,140 –> 01:20:19,300
Small teams can start with a short list.
1943
01:20:19,300 –> 01:20:21,860
Top 10 libraries by sensitivity and access count,
1944
01:20:21,860 –> 01:20:24,500
labeled and cleaned with link expirations on.
1945
01:20:24,500 –> 01:20:27,060
Mid-size ads automated scanning and bulk remediation
1946
01:20:27,060 –> 01:20:28,900
plus quarterly reports on coverage,
1947
01:20:28,900 –> 01:20:31,380
large enterprises run hygiene as a service.
1948
01:20:31,380 –> 01:20:34,340
Central policy, de-central execution with local owners,
1949
01:20:34,340 –> 01:20:36,020
and a monthly roll-up of label coverage,
1950
01:20:36,020 –> 01:20:38,100
DLP hits and exposure reductions,
1951
01:20:38,100 –> 01:20:39,460
tie it back to identity.
1952
01:20:39,460 –> 01:20:41,220
Labels should be enforced at invocation,
1953
01:20:41,220 –> 01:20:42,340
not just at storage.
1954
01:20:42,340 –> 01:20:45,060
If a capability joins across sensitive repositories,
1955
01:20:45,060 –> 01:20:47,460
require managed devices and strong factors,
1956
01:20:47,460 –> 01:20:49,460
and block outputs that carry restricted labels
1957
01:20:49,460 –> 01:20:50,740
to unmanaged channels.
1958
01:20:50,740 –> 01:20:53,060
Per view and enter together are the guardrails.
1959
01:20:53,060 –> 01:20:54,980
Either one alone is a speed bump.
1960
01:20:54,980 –> 01:20:58,420
If you’re a coyote, set the bar and protect it from just this once.
1961
01:20:58,420 –> 01:21:00,660
If you run it, make remediation the default path
1962
01:21:00,660 –> 01:21:02,180
and approvals identity bound.
1963
01:21:02,180 –> 01:21:04,660
If you lead data, keep lineage and consent current.
1964
01:21:04,660 –> 01:21:06,580
If you own the business, fund the boring work.
1965
01:21:06,580 –> 01:21:08,260
Assistance amplifier substrate,
1966
01:21:08,260 –> 01:21:09,700
make the substrate safe.
1967
01:21:09,700 –> 01:21:11,860
Co-pilot governance, where old models break.
1968
01:21:11,860 –> 01:21:13,620
Co-pilot doesn’t invent access.
1969
01:21:13,620 –> 01:21:14,660
It reflects it.
1970
01:21:14,660 –> 01:21:16,980
That’s why the first time a salary spreadsheet appears
1971
01:21:16,980 –> 01:21:18,420
in a cheerful summary,
1972
01:21:18,420 –> 01:21:19,940
the platform didn’t leak.
1973
01:21:19,940 –> 01:21:20,820
Your governance did.
1974
01:21:20,820 –> 01:21:23,060
Old models assumed content stayed where you put it
1975
01:21:23,060 –> 01:21:24,740
and users pulled it deliberately.
1976
01:21:24,740 –> 01:21:27,060
Co-pilot reverses the direction of travel.
1977
01:21:27,060 –> 01:21:29,300
It pushes relevant content toward intent.
1978
01:21:29,300 –> 01:21:32,260
If identity is permissive and data is promiscuous,
1979
01:21:32,260 –> 01:21:34,980
the assistant will surface exactly what your controls allow.
1980
01:21:34,980 –> 01:21:36,420
The break starts with prompts.
1981
01:21:36,420 –> 01:21:37,620
Prompts aren’t queries.
1982
01:21:37,620 –> 01:21:39,220
Their context amplifiers.
1983
01:21:39,220 –> 01:21:41,780
A benign draft a summary of headcount changes
1984
01:21:41,780 –> 01:21:44,980
becomes risky when the assistant can join across HR libraries,
1985
01:21:44,980 –> 01:21:47,380
email caches and teams chats by default.
1986
01:21:47,380 –> 01:21:49,220
You can’t train people to prompt safely
1987
01:21:49,220 –> 01:21:50,660
when the substrate is unsafe.
1988
01:21:50,660 –> 01:21:53,620
You fix identity scopes and data boundaries first
1989
01:21:53,620 –> 01:21:56,100
or your most diligent employee will be the vector.
1990
01:21:56,100 –> 01:21:58,420
Plugins and connectors widen the blast radius.
1991
01:21:58,420 –> 01:22:01,140
Unmanage plugins act like side doors into systems
1992
01:22:01,140 –> 01:22:02,740
you forgot were reachable.
1993
01:22:02,740 –> 01:22:06,100
A travel plugin that can pull itinerary details seems harmless
1994
01:22:06,100 –> 01:22:08,260
until it joins with calendars and expense reports
1995
01:22:08,260 –> 01:22:10,740
that include protected health or legal matters.
1996
01:22:10,740 –> 01:22:14,020
In old models you listed approved integrations.
1997
01:22:14,020 –> 01:22:16,260
With co-pilot you must prove the service principle
1998
01:22:16,260 –> 01:22:18,500
behind each integration has least privilege
1999
01:22:18,500 –> 01:22:21,940
an owner on record and an expiry that fails closed.
2000
01:22:21,940 –> 01:22:25,140
Shadow prompts are a governance debt with a friendly interface.
2001
01:22:25,140 –> 01:22:28,180
Teams spin up internal notebooks, personal tenant bots
2002
01:22:28,180 –> 01:22:31,140
and sidecar co-pilots because sanctioned parts feel slow.
2003
01:22:31,140 –> 01:22:33,780
These artifacts accumulate unlocked secrets.
2004
01:22:33,780 –> 01:22:35,540
Unversioned prompt chains
2005
01:22:35,540 –> 01:22:36,980
and stale credentials.
2006
01:22:36,980 –> 01:22:38,420
They work until they don’t.
2007
01:22:38,420 –> 01:22:40,180
The fix isn’t more policy slides.
2008
01:22:40,180 –> 01:22:42,820
It sanctioned audit only lanes with clear intake,
2009
01:22:42,820 –> 01:22:46,340
visible usage and owner hygiene that expires anything onalous.
2010
01:22:46,340 –> 01:22:48,100
Personal tenants are conditional chaos.
2011
01:22:48,100 –> 01:22:49,300
The assistant looks identical.
2012
01:22:49,300 –> 01:22:50,180
The logs don’t.
2013
01:22:50,180 –> 01:22:53,060
When someone paced sensitive content into a personal chat
2014
01:22:53,060 –> 01:22:56,500
with a public model there is no DLP, no lineage, no unlearning path.
2015
01:22:56,500 –> 01:22:58,660
If you’re a car, this is where you must step in.
2016
01:22:58,660 –> 01:23:02,100
Declare public gen AI off limits for protected classes of data,
2017
01:23:02,100 –> 01:23:03,780
publish a sanctioned alternative,
2018
01:23:03,780 –> 01:23:06,580
and make exceptions time boxed and identity bound.
2019
01:23:06,580 –> 01:23:10,100
If you run IT, block outbound calls to known public endpoints
2020
01:23:10,100 –> 01:23:12,420
from managed devices and browsers.
2021
01:23:12,420 –> 01:23:14,980
If you lead data, label the content classes
2022
01:23:14,980 –> 01:23:16,740
that can never cross that line.
2023
01:23:16,740 –> 01:23:19,140
If you own the business, accept the trade.
2024
01:23:19,140 –> 01:23:22,020
Slide friction now, reputational insulation later.
2025
01:23:22,020 –> 01:23:25,140
What does a control response look like when the old model breaks?
2026
01:23:25,140 –> 01:23:26,580
Start with audit only pilots.
2027
01:23:26,580 –> 01:23:29,860
That means real users, real prompts and real tasks.
2028
01:23:29,860 –> 01:23:32,100
But no production rights, no external sends
2029
01:23:32,100 –> 01:23:34,180
and every action log to an owner.
2030
01:23:34,180 –> 01:23:36,660
Your validating behavior, not scaling enthusiasm,
2031
01:23:36,660 –> 01:23:40,020
then add redaction at the prompt and response path for labeled content.
2032
01:23:40,020 –> 01:23:42,740
Don’t trust users to remember when fatigue sets in,
2033
01:23:42,740 –> 01:23:44,740
build DLP that edits in flight.
2034
01:23:44,740 –> 01:23:47,620
Next, put usage dashboards in the open.
2035
01:23:47,620 –> 01:23:49,700
Shadow AI flourishes in the dark.
2036
01:23:49,700 –> 01:23:52,020
It shrinks when teams see their own patterns.
2037
01:23:52,020 –> 01:23:53,620
Finally, enforce owner hygiene.
2038
01:23:53,620 –> 01:23:56,020
Agents, plugins and connectors expire
2039
01:23:56,020 –> 01:23:59,300
unless a human renews with a business justification.
2040
01:23:59,300 –> 01:24:02,100
The lesson is persistent. Tools amplify substrate.
2041
01:24:02,100 –> 01:24:04,020
Only stewardship sets intent.
2042
01:24:04,020 –> 01:24:06,900
If you’re a chaio, encode that into three program rules.
2043
01:24:06,900 –> 01:24:09,460
One, audit only by default for new assistants
2044
01:24:09,460 –> 01:24:11,940
and connectors until evidence exists.
2045
01:24:11,940 –> 01:24:14,420
Two, owners on record for every capability,
2046
01:24:14,420 –> 01:24:17,300
agent and integration with explorations and alternates.
2047
01:24:17,300 –> 01:24:20,260
Three, an escalation lane that can pause a capability in minutes
2048
01:24:20,260 –> 01:24:21,620
when thresholds hit.
2049
01:24:21,620 –> 01:24:24,260
If you run IT, bind those rules to entry groups,
2050
01:24:24,260 –> 01:24:25,780
purview labels and the control plane
2051
01:24:25,780 –> 01:24:27,540
so approvals are actions, not emails.
2052
01:24:27,540 –> 01:24:29,540
If you lead data, keep lineage current
2053
01:24:29,540 –> 01:24:31,620
and prove label coverage before scale.
2054
01:24:31,620 –> 01:24:34,660
If you own the business, accept residual risk and writing,
2055
01:24:34,660 –> 01:24:37,460
define degraded modes and front the communications
2056
01:24:37,460 –> 01:24:38,580
when pauses happen.
2057
01:24:38,580 –> 01:24:40,260
Case patterns make this concrete.
2058
01:24:40,260 –> 01:24:43,860
Co-pilot exposure often starts with overshared SharePoint libraries,
2059
01:24:43,860 –> 01:24:47,060
unlabeled exports and global links that never expired.
2060
01:24:47,060 –> 01:24:49,140
Your response is not turn off co-pilot.
2061
01:24:49,140 –> 01:24:51,540
Its recertify access, kill global links,
2062
01:24:51,540 –> 01:24:53,300
enforce label inheritance and restrict
2063
01:24:53,300 –> 01:24:55,220
sensitive joins to managed devices.
2064
01:24:55,220 –> 01:24:57,940
Shadow AI inside Microsoft ecosystems often comes from
2065
01:24:57,940 –> 01:25:01,860
team spots, bound to personal tenants and unlocked prompt chains.
2066
01:25:01,860 –> 01:25:05,220
Your response is discover gate and replace with sanctioned lanes
2067
01:25:05,220 –> 01:25:07,140
that feel faster than workarounds.
2068
01:25:07,140 –> 01:25:09,620
Governance theatre appears as awareness campaigns
2069
01:25:09,620 –> 01:25:11,700
without changing any entitlements.
2070
01:25:11,700 –> 01:25:12,980
Your response is entitlements,
2071
01:25:12,980 –> 01:25:16,100
explorations and identity bound approvals, then train.
2072
01:25:16,100 –> 01:25:18,180
If you’re a chio, you must step in here
2073
01:25:18,180 –> 01:25:21,300
because co-pilot is where your governance is tested at scale.
2074
01:25:21,300 –> 01:25:24,020
If you run IT, people will expect answers from you
2075
01:25:24,020 –> 01:25:25,860
when the first incident lands.
2076
01:25:25,860 –> 01:25:28,660
If you lead data, your responsibility is to show evidence
2077
01:25:28,660 –> 01:25:31,060
that the substrate is safe before velocity rises.
2078
01:25:31,060 –> 01:25:32,900
If you own the business, you carry the consequence
2079
01:25:32,900 –> 01:25:34,500
so you fund the boring fixes.
2080
01:25:34,500 –> 01:25:37,860
Adepting stewardship by org size, scale the same model,
2081
01:25:37,860 –> 01:25:39,620
change the cadence and evidence.
2082
01:25:39,620 –> 01:25:41,780
Small means one person wears three hats,
2083
01:25:41,780 –> 01:25:45,060
Stuart, IT and data, but the rules don’t soften.
2084
01:25:45,060 –> 01:25:47,780
Publish the risk taxonomy or one page intake
2085
01:25:47,780 –> 01:25:50,100
and an escalation quorum with alternates.
2086
01:25:50,100 –> 01:25:51,860
If you’re a chio in a small shop,
2087
01:25:51,860 –> 01:25:53,860
your decision is to sign usage boundaries
2088
01:25:53,860 –> 01:25:56,100
and protect the kill switch from revenue pressure.
2089
01:25:56,100 –> 01:25:59,620
If you run IT, bind, enter groups, set explorations
2090
01:25:59,620 –> 01:26:01,940
and make pause a control plane action.
2091
01:26:01,940 –> 01:26:05,700
If you lead data, prove lineage and label coverage before pilots.
2092
01:26:05,700 –> 01:26:08,660
If you own the business, accept residual risk in writing.
2093
01:26:08,660 –> 01:26:11,540
Midsize gets leverage from a name Stuart and a council.
2094
01:26:11,540 –> 01:26:14,340
Intake is weekly, pre-deploy is a standing quorum
2095
01:26:14,340 –> 01:26:16,500
and monthly drift checks are on the calendar.
2096
01:26:16,500 –> 01:26:18,740
Distributed teams create shadow parts,
2097
01:26:18,740 –> 01:26:21,380
sanctioned audit only lanes must feel faster.
2098
01:26:21,380 –> 01:26:23,940
Large enterprises distribute stewards to domains
2099
01:26:23,940 –> 01:26:25,540
under central principles.
2100
01:26:25,540 –> 01:26:28,740
Local owners accept risk, central program hold standards,
2101
01:26:28,740 –> 01:26:32,020
runs cross-domain table tops and reports incidents to the board.
2102
01:26:32,020 –> 01:26:35,060
Your governance fails when local speed erodes shared rules.
2103
01:26:35,060 –> 01:26:36,180
That’s entropy.
2104
01:26:36,180 –> 01:26:37,780
The first 90 days overview.
2105
01:26:37,780 –> 01:26:39,780
Day truth don’t inventory first?
2106
01:26:39,780 –> 01:26:40,820
Decide ownership.
2107
01:26:40,820 –> 01:26:44,420
Without named authority, an inventory is a list of liabilities you won’t fix.
2108
01:26:44,420 –> 01:26:45,380
Month one.
2109
01:26:45,380 –> 01:26:49,060
Scope and ownership, publish risk appetite, prohibit it uses,
2110
01:26:49,060 –> 01:26:52,020
explainability bars by domain and the intake ritual.
2111
01:26:52,020 –> 01:26:52,820
Month two.
2112
01:26:52,820 –> 01:26:55,060
Use case inventory and risk triage.
2113
01:26:55,060 –> 01:26:58,420
Discover shadow AI via network expenses and surveys.
2114
01:26:58,420 –> 01:27:00,900
Map data boundaries and identity edges.
2115
01:27:00,900 –> 01:27:02,980
Tag each use case by tier.
2116
01:27:02,980 –> 01:27:03,780
Month three.
2117
01:27:03,780 –> 01:27:04,980
Governance loop life.
2118
01:27:04,980 –> 01:27:07,620
Activate intake gates, run pre-deploy reviews,
2119
01:27:07,620 –> 01:27:11,860
start post-deploy monitoring and execute one table top with real logs.
2120
01:27:11,860 –> 01:27:14,100
Outputs, a first draft racy with names,
2121
01:27:14,100 –> 01:27:17,380
a visible register, an escalation matrix with SLAs
2122
01:27:17,380 –> 01:27:18,580
and a review calendar.
2123
01:27:18,580 –> 01:27:21,140
If you’re a chiro your decision is to publish the bar
2124
01:27:21,140 –> 01:27:22,500
and keep it from drifting.
2125
01:27:22,500 –> 01:27:25,620
If you run IT, people will expect answers from you,
2126
01:27:25,620 –> 01:27:28,420
turn decisions into entry and purview controls.
2127
01:27:28,420 –> 01:27:30,580
If you lead data, produce evidence fast.
2128
01:27:30,580 –> 01:27:33,860
If you own the business, fund the fixes this timeline uncovers.
2129
01:27:33,860 –> 01:27:35,620
Month one.
2130
01:27:35,620 –> 01:27:36,980
Scope and ownership.
2131
01:27:36,980 –> 01:27:39,780
Appoint the executive sponsor and AI steward.
2132
01:27:39,780 –> 01:27:43,460
Write decision rights in verbs, approves, pauses, accepts.
2133
01:27:43,460 –> 01:27:45,060
Approved the risk taxonomy,
2134
01:27:45,060 –> 01:27:48,180
explainability levels by domain and kill switch rules.
2135
01:27:48,180 –> 01:27:50,660
Stand up the council with Quorum and SLAs.
2136
01:27:50,660 –> 01:27:54,020
Draft the intake form, purpose, users, data, harms, controls,
2137
01:27:54,020 –> 01:27:57,060
autonomy ceiling exit criteria and make it mandatory.
2138
01:27:57,060 –> 01:27:59,860
Communicate intent, build within guardrails.
2139
01:27:59,860 –> 01:28:01,860
If you’re a chiro set non-delegable scopes
2140
01:28:01,860 –> 01:28:03,940
and exception protocol with aspirations.
2141
01:28:03,940 –> 01:28:07,300
If you run IT, bind council approvals to identity.
2142
01:28:07,300 –> 01:28:10,260
If you lead data defined required artifacts per tier,
2143
01:28:10,260 –> 01:28:13,220
if you own the business, sign the residual risk block,
2144
01:28:13,220 –> 01:28:15,380
you’ll carry the consequence.
2145
01:28:15,380 –> 01:28:17,860
Month two, inventory and risk triage.
2146
01:28:17,860 –> 01:28:21,540
Build the register, system, owner, autonomy, data sources,
2147
01:28:21,540 –> 01:28:25,220
labels, lineage, identity model, logs, tier, next review.
2148
01:28:25,220 –> 01:28:28,500
Discover shadow AI via proxy, sales, spend and interviews.
2149
01:28:28,500 –> 01:28:31,780
Triage by taxonomy, promote risk on evidence, not ego.
2150
01:28:31,780 –> 01:28:35,060
Map data boundaries, kill company-wide links,
2151
01:28:35,060 –> 01:28:36,900
enforce label inheritance,
2152
01:28:36,900 –> 01:28:39,380
and close teams and non-office gaps.
2153
01:28:39,380 –> 01:28:40,900
Prioritize remediation.
2154
01:28:40,900 –> 01:28:44,100
Identity research, DLP reduction on prompts and outputs,
2155
01:28:44,100 –> 01:28:45,860
plug-in controls and agent hygiene.
2156
01:28:45,860 –> 01:28:48,900
If you’re a chiro, require proof before scale.
2157
01:28:48,900 –> 01:28:52,020
If you run IT, make remediation workflows default.
2158
01:28:52,020 –> 01:28:54,900
If you lead data, produce lineage and consent in minutes.
2159
01:28:54,900 –> 01:28:57,620
If you own the business, fund the boring work.
2160
01:28:57,620 –> 01:29:00,580
Month three, governance, loop and escalation live.
2161
01:29:00,580 –> 01:29:04,340
Activate intake gates, nothing ships without an owner and artifacts.
2162
01:29:04,340 –> 01:29:06,980
Run pre-deployed quarums, log risk acceptance,
2163
01:29:06,980 –> 01:29:10,020
start post-deploy monitoring with thresholds that force action.
2164
01:29:10,020 –> 01:29:13,780
Tabletop one realistic incident, drift plus sensitive output
2165
01:29:13,780 –> 01:29:15,460
plus negative sentiment.
2166
01:29:15,460 –> 01:29:17,780
Measure time to adjudication, time paused,
2167
01:29:17,780 –> 01:29:19,060
and changes to controls.
2168
01:29:19,060 –> 01:29:22,020
Publisher review pack, decisions, escalations,
2169
01:29:22,020 –> 01:29:24,100
incidents and exceptions with end dates.
2170
01:29:24,100 –> 01:29:25,940
If you’re a chiro, protect the SLA.
2171
01:29:25,940 –> 01:29:28,580
If you run IT, wire outcomes to identity.
2172
01:29:28,580 –> 01:29:30,820
If you lead data, keep the context packet fresh.
2173
01:29:30,820 –> 01:29:33,220
If you own the business, carry the coms.
2174
01:29:33,220 –> 01:29:36,100
The AI use case inventory, structure that scales,
2175
01:29:36,100 –> 01:29:40,820
fields, name, owner, outcome, users, autonomy, data sources,
2176
01:29:40,820 –> 01:29:45,300
labels, lineage, controls, metrics, tier, next review.
2177
01:29:45,300 –> 01:29:49,060
Floes, where data comes from, where it goes, who sees outputs.
2178
01:29:49,060 –> 01:29:51,780
Failure plan, degraded modes, scope of pause,
2179
01:29:51,780 –> 01:29:53,940
coms templates, rollback steps.
2180
01:29:53,940 –> 01:29:57,940
Evidence, model card, red team results, disparity metrics,
2181
01:29:57,940 –> 01:30:00,180
audit trail, last drift check.
2182
01:30:00,180 –> 01:30:04,500
Status, pilot, limited release, GA, retired, each with dates.
2183
01:30:04,500 –> 01:30:07,700
If you’re a chiro, make visibility non-negotiable.
2184
01:30:07,700 –> 01:30:10,660
IT instruments, data proofs, business accepts.
2185
01:30:10,660 –> 01:30:13,860
The escalation workflow, minimal deterministic.
2186
01:30:13,860 –> 01:30:15,620
Triggers defined in advance.
2187
01:30:15,620 –> 01:30:17,460
No debate, mid-incident.
2188
01:30:17,460 –> 01:30:21,700
Actors, steward, business owner, security, IT, data,
2189
01:30:21,700 –> 01:30:23,860
and legal executive for tie-breakers.
2190
01:30:23,860 –> 01:30:27,620
Path trigger context packet, quorum, decision, action,
2191
01:30:27,620 –> 01:30:29,780
notify, log, learn.
2192
01:30:29,780 –> 01:30:31,460
Timing, minutes, not days.
2193
01:30:31,460 –> 01:30:34,500
Documentation, decision, scope, rational, exit criteria,
2194
01:30:34,500 –> 01:30:35,780
attached to the register.
2195
01:30:35,780 –> 01:30:37,700
If you’re a chiro, mandate the SLA.
2196
01:30:37,700 –> 01:30:41,060
If you run IT, make pause a control plane action.
2197
01:30:41,060 –> 01:30:45,300
Data keeps lineage, business owns degraded modes and coms.
2198
01:30:45,300 –> 01:30:47,620
Incentives and measurements that don’t lie,
2199
01:30:47,620 –> 01:30:50,660
measure incidents avoided, time to pause, restore,
2200
01:30:50,660 –> 01:30:54,580
escalations resolved within SLA, exceptions closed on time,
2201
01:30:54,580 –> 01:30:56,740
exposure reduction by label coverage,
2202
01:30:56,740 –> 01:30:59,300
and review freshness by tier.
2203
01:30:59,300 –> 01:31:02,180
Antimetrics, models counted, policy pages written,
2204
01:31:02,180 –> 01:31:06,180
lines of AI code, tie bonuses to risk acceptance quality,
2205
01:31:06,180 –> 01:31:08,980
justified pauses, and evidence readiness,
2206
01:31:08,980 –> 01:31:11,060
punish concealment, not failure.
2207
01:31:11,060 –> 01:31:12,660
Publish a quarterly stewardship letter,
2208
01:31:12,660 –> 01:31:15,220
inventory, incidents, decisions, changes.
2209
01:31:15,220 –> 01:31:17,540
If you’re a chiro, this is where you must step in.
2210
01:31:17,540 –> 01:31:19,380
Set incentives that resist theater,
2211
01:31:19,380 –> 01:31:20,980
IT instruments, truth, data proofs,
2212
01:31:20,980 –> 01:31:22,500
it, business lives with it,
2213
01:31:22,500 –> 01:31:24,500
adapting stewardship by org size.
2214
01:31:24,500 –> 01:31:26,260
The model does not change with size,
2215
01:31:26,260 –> 01:31:27,860
only cadence, evidence depth,
2216
01:31:27,860 –> 01:31:29,300
and who wears which hat.
2217
01:31:29,300 –> 01:31:32,340
If identity is your control plane and data is your substrate,
2218
01:31:32,340 –> 01:31:34,660
stewardship is the intent that binds them.
2219
01:31:34,660 –> 01:31:36,100
That truth scales cleanly.
2220
01:31:36,100 –> 01:31:38,020
Entropy does not start small but not soft.
2221
01:31:38,020 –> 01:31:40,980
In a small organization, one person will wear three hats,
2222
01:31:40,980 –> 01:31:43,060
steward, IT, and data,
2223
01:31:43,060 –> 01:31:45,060
that is not an excuse to blur decision rights.
2224
01:31:45,060 –> 01:31:46,580
Publish a one-page risk taxonomy,
2225
01:31:46,580 –> 01:31:47,460
a one-page intake,
2226
01:31:47,460 –> 01:31:50,420
and a one-page escalation matrix with quorum and alternates.
2227
01:31:50,420 –> 01:31:52,020
Set the temple, weekly intake,
2228
01:31:52,020 –> 01:31:53,860
bi-weekly pre-deploy reviews,
2229
01:31:53,860 –> 01:31:55,220
monthly drift checks.
2230
01:31:55,220 –> 01:31:56,340
Keep artifacts deliberate,
2231
01:31:56,340 –> 01:31:57,140
not decorative.
2232
01:31:57,140 –> 01:31:58,900
If you’re a coyote in a small shop,
2233
01:31:58,900 –> 01:32:00,580
your decision is to sign usage boundaries
2234
01:32:00,580 –> 01:32:02,820
and protect the kill switch from revenue pressure.
2235
01:32:02,820 –> 01:32:05,540
If you run IT, bind approvals to intro groups,
2236
01:32:05,540 –> 01:32:07,460
expirations and device conditions,
2237
01:32:07,460 –> 01:32:10,100
make pause a control plane action, not a ticket.
2238
01:32:10,100 –> 01:32:11,780
If you lead data, prove lineage,
2239
01:32:11,780 –> 01:32:13,700
and label coverage before pilots.
2240
01:32:13,700 –> 01:32:14,740
If you own the business,
2241
01:32:14,740 –> 01:32:16,420
accept residual risk in writing,
2242
01:32:16,420 –> 01:32:18,100
you carry the consequence.
2243
01:32:18,100 –> 01:32:20,820
Shadow AI in small teams looks like convenience,
2244
01:32:20,820 –> 01:32:21,860
personal tenants,
2245
01:32:21,860 –> 01:32:24,180
side-carbots, unlock notebooks.
2246
01:32:24,180 –> 01:32:26,820
Sanction an audit-only lane that feels faster.
2247
01:32:26,820 –> 01:32:28,980
Require owner names, time boxed exceptions,
2248
01:32:28,980 –> 01:32:31,060
and logs that resolve to identity.
2249
01:32:31,060 –> 01:32:32,820
Keep the center of gravity in the register,
2250
01:32:32,820 –> 01:32:33,700
not in chat threads.
2251
01:32:33,700 –> 01:32:36,180
Mid-size organizations gain leverage
2252
01:32:36,180 –> 01:32:38,500
through a named steward and a cross-functional council.
2253
01:32:38,500 –> 01:32:41,700
Codeify cadence, weekly intake triage,
2254
01:32:41,700 –> 01:32:43,940
standing pre-deploy quorum twice monthly,
2255
01:32:43,940 –> 01:32:45,780
and monthly post-deploy drift reviews
2256
01:32:45,780 –> 01:32:47,700
with thresholds that force action,
2257
01:32:47,700 –> 01:32:49,940
distributed teams create parallel processes
2258
01:32:49,940 –> 01:32:50,980
and silent exceptions.
2259
01:32:50,980 –> 01:32:52,580
Your countermeasure is a single intake,
2260
01:32:52,580 –> 01:32:54,180
ritual and visible inventory.
2261
01:32:54,180 –> 01:32:56,980
If you’re a Cairo, your decision is to protect the bar,
2262
01:32:56,980 –> 01:32:59,300
when stakeholders ask for justice once.
2263
01:32:59,300 –> 01:33:02,500
If you run IT, translate decisions into controls,
2264
01:33:02,500 –> 01:33:05,220
enter for invocation, purview for data boundaries,
2265
01:33:05,220 –> 01:33:07,380
and owner hygiene that expires agents,
2266
01:33:07,380 –> 01:33:09,540
plugins, and connectors without renewal.
2267
01:33:09,540 –> 01:33:11,780
If you lead data, automate scans,
2268
01:33:11,780 –> 01:33:15,540
bulk remediation, and lineage proofs tied to use cases.
2269
01:33:15,540 –> 01:33:17,620
If you own the business, fund the cleanup,
2270
01:33:17,620 –> 01:33:19,860
revealed by quarterly access research,
2271
01:33:19,860 –> 01:33:21,300
and label coverage gaps,
2272
01:33:21,300 –> 01:33:22,340
case patterns repeat.
2273
01:33:22,340 –> 01:33:24,500
Copilot exposure in mid-size companies often starts
2274
01:33:24,500 –> 01:33:26,500
with unlabeled exports in shared libraries
2275
01:33:26,500 –> 01:33:28,660
and company-wide links that never expire.
2276
01:33:28,660 –> 01:33:31,220
Fixed at source, kill global links,
2277
01:33:31,220 –> 01:33:34,020
enforce label inheritance for common ex-fill parts,
2278
01:33:34,020 –> 01:33:36,980
and restrict sensitive joins to manage devices.
2279
01:33:36,980 –> 01:33:40,420
Shadow AI appears as teams’ bots bound to personal tenants,
2280
01:33:40,420 –> 01:33:42,260
replace them with sanctioned alternatives
2281
01:33:42,260 –> 01:33:43,860
that are easier than the workaround.
2282
01:33:43,860 –> 01:33:46,580
Governance Theatre shows up as more policy pages,
2283
01:33:46,580 –> 01:33:48,180
replace them with entitlements,
2284
01:33:48,180 –> 01:33:50,900
explorations, and identity-bound approvals,
2285
01:33:50,900 –> 01:33:52,020
then train.
2286
01:33:52,020 –> 01:33:54,020
Large enterprises do not get a different model.
2287
01:33:54,020 –> 01:33:55,460
They get more surfaces,
2288
01:33:55,460 –> 01:33:58,020
distribute stewards into domains under central principles.
2289
01:33:58,020 –> 01:34:01,060
Local accountability must be explicit.
2290
01:34:01,060 –> 01:34:03,540
Owners accept residual risk in the register,
2291
01:34:03,540 –> 01:34:05,540
the central program holds standards,
2292
01:34:05,540 –> 01:34:07,380
runs cross-domain table tops,
2293
01:34:07,380 –> 01:34:09,620
and reports incidents and exceptions to the board.
2294
01:34:09,620 –> 01:34:12,740
Standardize artifacts, one intake form,
2295
01:34:12,740 –> 01:34:14,180
one model card template,
2296
01:34:14,180 –> 01:34:16,980
one escalation workflow, one evidence pack,
2297
01:34:16,980 –> 01:34:18,180
local teams fill them,
2298
01:34:18,180 –> 01:34:19,620
the center audits them.
2299
01:34:19,620 –> 01:34:22,020
If you’re a Cairo, this is where you must step in.
2300
01:34:22,020 –> 01:34:23,860
Define non-deligable decisions,
2301
01:34:23,860 –> 01:34:26,260
risk taxonomy, stopship authority,
2302
01:34:26,260 –> 01:34:28,100
exception protocol with end dates,
2303
01:34:28,100 –> 01:34:29,620
and keep them from drifting.
2304
01:34:29,620 –> 01:34:32,740
If you run IT, people will expect answers from you.
2305
01:34:32,740 –> 01:34:34,900
Make approvals enforceable in the control plane
2306
01:34:34,900 –> 01:34:36,740
and make pause real in minutes.
2307
01:34:36,740 –> 01:34:39,540
If you lead data, operate hygiene as a service,
2308
01:34:39,540 –> 01:34:42,900
continuous scanning, label propagation for non-office files,
2309
01:34:42,900 –> 01:34:44,580
lineage graphs tied to use cases,
2310
01:34:44,580 –> 01:34:46,020
and quarterly evidence refresh.
2311
01:34:46,020 –> 01:34:48,660
If you own the business, align incentives,
2312
01:34:48,660 –> 01:34:52,420
reward justified pauses, punish concealment, not failure.
2313
01:34:52,420 –> 01:34:54,180
Cadence scales with risk.
2314
01:34:54,180 –> 01:34:57,140
Minimal risk lanes get lighter, pre-deploy checks,
2315
01:34:57,140 –> 01:34:58,660
and automated monitoring.
2316
01:34:58,660 –> 01:35:00,500
High-risk lanes get independent review,
2317
01:35:00,500 –> 01:35:02,340
red team results, disparity metrics,
2318
01:35:02,340 –> 01:35:04,260
and shorter review cycles.
2319
01:35:04,260 –> 01:35:07,060
Evidence scales with autonomy and blast radius.
2320
01:35:07,060 –> 01:35:10,180
You are not adding bureaucracy, you are adding stopping power.
2321
01:35:10,180 –> 01:35:13,300
Entropy grows where intent is not enforced by design.
2322
01:35:13,300 –> 01:35:15,300
Small fails through heroics and memory,
2323
01:35:15,300 –> 01:35:17,380
mid-size fails through plural processes,
2324
01:35:17,380 –> 01:35:20,100
large fails through local speed eroding shared rules,
2325
01:35:20,100 –> 01:35:22,180
the countermeasure is the same at every size,
2326
01:35:22,180 –> 01:35:24,180
one framework identity bound controls,
2327
01:35:24,180 –> 01:35:26,260
data boundaries that fail closed,
2328
01:35:26,260 –> 01:35:29,140
and an escalation lane that works in minutes, not weeks.
2329
01:35:29,140 –> 01:35:32,820
The first 90 days overview, day truth,
2330
01:35:32,820 –> 01:35:35,220
don’t inventory, decide ownership.
2331
01:35:35,220 –> 01:35:37,540
An inventory without authority is a catalogue of risks
2332
01:35:37,540 –> 01:35:38,820
you can’t remediate.
2333
01:35:38,820 –> 01:35:41,540
Name the executive sponsor, appoint the AI steward,
2334
01:35:41,540 –> 01:35:43,780
and publish decision rights in verbs,
2335
01:35:43,780 –> 01:35:46,260
approves, pauses, accepts, escalates.
2336
01:35:46,260 –> 01:35:48,500
If you’re a chai, this is where you must step in.
2337
01:35:48,500 –> 01:35:51,380
Define the authority surface and keep it from drifting.
2338
01:35:51,380 –> 01:35:53,540
If you run IT, bind those decisions
2339
01:35:53,540 –> 01:35:56,020
to identity and data controls so they’re enforceable.
2340
01:35:56,020 –> 01:35:59,380
If you lead data, list the evidence you’ll need to prove safety.
2341
01:35:59,380 –> 01:36:01,940
If you own the business, you’ll carry the consequence.
2342
01:36:01,940 –> 01:36:03,540
Fund the boring fixes now.
2343
01:36:03,540 –> 01:36:05,140
Month one sets intent.
2344
01:36:05,140 –> 01:36:06,900
Write the risk appetite and plain language,
2345
01:36:06,900 –> 01:36:09,460
what AI may optimize, what it must never trade off,
2346
01:36:09,460 –> 01:36:11,620
and which domains require explainability bars.
2347
01:36:11,620 –> 01:36:13,380
Publish prohibited uses,
2348
01:36:13,380 –> 01:36:15,780
establish the intake ritual that forces purpose,
2349
01:36:15,780 –> 01:36:18,260
uses data, harms, autonomy ceiling,
2350
01:36:18,260 –> 01:36:20,580
and exit criteria onto a single page.
2351
01:36:20,580 –> 01:36:22,260
Stand up the council with a quorum,
2352
01:36:22,260 –> 01:36:23,940
SLA’s, and a tiebreaker.
2353
01:36:23,940 –> 01:36:25,860
Don’t let meetings become the product.
2354
01:36:25,860 –> 01:36:27,620
The outcome is a signed decision
2355
01:36:27,620 –> 01:36:29,380
and a control that reflects it.
2356
01:36:29,380 –> 01:36:31,060
Communicate internally.
2357
01:36:31,060 –> 01:36:33,300
Build, but inside these guardrails,
2358
01:36:33,300 –> 01:36:36,340
and give a date when the intake gate becomes mandatory.
2359
01:36:36,340 –> 01:36:38,420
Month two maps reality to intent,
2360
01:36:38,420 –> 01:36:41,220
build the register with fields that force accountability,
2361
01:36:41,220 –> 01:36:43,700
system, owner, autonomy,
2362
01:36:43,700 –> 01:36:46,180
data sources, labels, lineage, identity model,
2363
01:36:46,180 –> 01:36:47,700
locks, tier, next review.
2364
01:36:47,700 –> 01:36:49,860
Discover shadow AI through proxies,
2365
01:36:49,860 –> 01:36:51,940
SaaS, spend, contracts, and surveys.
2366
01:36:51,940 –> 01:36:54,100
Triage use cases by risk taxonomy,
2367
01:36:54,100 –> 01:36:56,420
minimal, moderate, high, systemic,
2368
01:36:56,420 –> 01:36:58,340
on evidence, not ego.
2369
01:36:58,340 –> 01:37:00,740
Map identity edges and data boundaries.
2370
01:37:00,740 –> 01:37:02,260
Kill company-wide links,
2371
01:37:02,260 –> 01:37:03,780
enforce label inheritance,
2372
01:37:03,780 –> 01:37:05,700
close teams, and none of his gaps,
2373
01:37:05,700 –> 01:37:07,060
and time bound access.
2374
01:37:07,060 –> 01:37:09,380
Prioritize remediation work you can actually ship,
2375
01:37:09,380 –> 01:37:10,580
access research,
2376
01:37:10,580 –> 01:37:12,740
DLP reduction on prompts and outputs,
2377
01:37:12,740 –> 01:37:13,780
plug-ins scopes,
2378
01:37:13,780 –> 01:37:15,940
and owner hygiene on agents and connectors.
2379
01:37:15,940 –> 01:37:18,740
Month three turns policy into stopping power.
2380
01:37:18,740 –> 01:37:20,980
Activate intake gates,
2381
01:37:20,980 –> 01:37:22,500
nothing ships without an owner,
2382
01:37:22,500 –> 01:37:24,820
artifacts, and a recorded risk decision.
2383
01:37:24,820 –> 01:37:26,500
Run pre-deploy forums on a schedule,
2384
01:37:26,500 –> 01:37:28,580
log outcomes, conditions, and explorations.
2385
01:37:28,580 –> 01:37:30,420
Start post-deploy monitoring with thresholds
2386
01:37:30,420 –> 01:37:31,700
that force action,
2387
01:37:31,700 –> 01:37:33,380
confidence dips, safety hits,
2388
01:37:33,380 –> 01:37:34,580
drift beyond bands,
2389
01:37:34,580 –> 01:37:36,020
negative sentiment spikes.
2390
01:37:36,020 –> 01:37:38,420
Tabletop one composite incident with real logs,
2391
01:37:38,420 –> 01:37:40,100
drift plus a sensitive output,
2392
01:37:40,100 –> 01:37:41,300
plus a customer complaint.
2393
01:37:41,300 –> 01:37:42,660
Measure two things ruthlessly,
2394
01:37:42,660 –> 01:37:44,660
time to adjudication and time paused,
2395
01:37:44,660 –> 01:37:45,940
publisher review pack,
2396
01:37:45,940 –> 01:37:48,020
decisions, escalations, incidents,
2397
01:37:48,020 –> 01:37:49,620
exceptions with end dates,
2398
01:37:49,620 –> 01:37:50,900
and changes to controls.
2399
01:37:50,900 –> 01:37:53,060
Escalation must work in minutes, not weeks.
2400
01:37:53,060 –> 01:37:55,060
If you’re a cahill, protect the SLA
2401
01:37:55,060 –> 01:37:56,500
and block exception creep,
2402
01:37:56,500 –> 01:37:58,980
your job is to preserve the bar you set on day.
2403
01:37:58,980 –> 01:38:01,460
If you run IT, people will expect answers from you,
2404
01:38:01,460 –> 01:38:03,300
make pause a control plane action,
2405
01:38:03,300 –> 01:38:04,180
not a ticket.
2406
01:38:04,180 –> 01:38:05,620
Bind approvals to enter groups,
2407
01:38:05,620 –> 01:38:07,300
device conditions, and purview labels,
2408
01:38:07,300 –> 01:38:08,740
so approvals are actions,
2409
01:38:08,740 –> 01:38:09,620
not emails.
2410
01:38:09,620 –> 01:38:11,140
If you lead data, produce lineage,
2411
01:38:11,140 –> 01:38:12,580
and consent provenance in minutes,
2412
01:38:12,580 –> 01:38:14,420
not meetings, keep model cuts fresh
2413
01:38:14,420 –> 01:38:16,660
and disparity metrics attached to the register.
2414
01:38:16,660 –> 01:38:17,780
If you own the business,
2415
01:38:17,780 –> 01:38:19,780
accept residual risk in writing,
2416
01:38:19,780 –> 01:38:21,940
define degraded modes before you need them,
2417
01:38:21,940 –> 01:38:24,020
and front the communications when you use them.
2418
01:38:24,020 –> 01:38:25,940
Artifacts are the point, not the paperwork.
2419
01:38:25,940 –> 01:38:28,900
By day 90, you keep four visible and current.
2420
01:38:28,900 –> 01:38:31,780
A first draft, RACE, with names and alternates.
2421
01:38:31,780 –> 01:38:34,660
A living register with status, tier, and next review,
2422
01:38:34,660 –> 01:38:36,340
an escalation matrix with triggers,
2423
01:38:36,340 –> 01:38:38,500
quorum, and time boxed decisions,
2424
01:38:38,500 –> 01:38:41,060
and a review calendar pinned to domains that matter.
2425
01:38:41,060 –> 01:38:43,380
These are entitlements and explorations in human form.
2426
01:38:43,380 –> 01:38:44,580
They create stopping power.
2427
01:38:44,580 –> 01:38:46,260
The cadence doesn’t add bureaucracy.
2428
01:38:46,260 –> 01:38:47,540
It adds clarity.
2429
01:38:47,540 –> 01:38:49,060
One intake, one register,
2430
01:38:49,060 –> 01:38:50,980
one escalation lane, one review rhythm.
2431
01:38:50,980 –> 01:38:52,580
That’s how you slow entropy.
2432
01:38:52,580 –> 01:38:54,900
Copilot will test it, shadow parts will test it,
2433
01:38:54,900 –> 01:38:56,340
revenue pressure will test it.
2434
01:38:56,340 –> 01:38:58,340
Stewardship is keeping your intent intact
2435
01:38:58,340 –> 01:38:59,460
when those forces arrive.
2436
01:38:59,460 –> 01:39:00,900
The lesson is consistent.
2437
01:39:00,900 –> 01:39:02,820
Tools amplify substrate.
2438
01:39:02,820 –> 01:39:04,820
Only stewardship sets intent.
2439
01:39:04,820 –> 01:39:06,180
Encode that into this quarter
2440
01:39:06,180 –> 01:39:08,340
or you’ll encode drift into the next year.
2441
01:39:08,340 –> 01:39:10,180
Month one, scope and ownership.
2442
01:39:10,180 –> 01:39:12,260
Month one is intent turned into authority.
2443
01:39:12,260 –> 01:39:13,780
You name owners, define boundaries,
2444
01:39:13,780 –> 01:39:15,380
and bake decisions into mechanisms
2445
01:39:15,380 –> 01:39:18,100
that can’t be ignored when speed and pressure arrive.
2446
01:39:18,100 –> 01:39:20,340
Without this, month two is just discovery theater
2447
01:39:20,340 –> 01:39:22,180
and month three has nothing to enforce.
2448
01:39:22,180 –> 01:39:23,780
Start by appointing two anchors,
2449
01:39:23,780 –> 01:39:26,100
the executive sponsor and the AI steward.
2450
01:39:26,100 –> 01:39:28,180
One carries the political weight to stop revenue
2451
01:39:28,180 –> 01:39:29,540
when safety is at risk.
2452
01:39:29,540 –> 01:39:30,980
The other runs the loop.
2453
01:39:30,980 –> 01:39:33,700
Write their decision rights in verbs,
2454
01:39:33,700 –> 01:39:35,060
not vague nouns.
2455
01:39:35,060 –> 01:39:37,860
Approves, pauses, accepts, escalates.
2456
01:39:37,860 –> 01:39:40,580
That language matters because it survives meetings.
2457
01:39:40,580 –> 01:39:42,580
Document the tiebreaker path for deadlocks,
2458
01:39:42,580 –> 01:39:44,020
make it boringly clear.
2459
01:39:44,020 –> 01:39:45,780
Next, approve the risk, taxonomy,
2460
01:39:45,780 –> 01:39:47,700
and explainability bars by domain.
2461
01:39:47,700 –> 01:39:50,420
Sales forecasting doesn’t need the same level of justification
2462
01:39:50,420 –> 01:39:53,140
that eligibility decisions or patient triage demand
2463
01:39:53,140 –> 01:39:54,740
put those thresholds in plain language
2464
01:39:54,740 –> 01:39:55,780
so they can be taught.
2465
01:39:55,780 –> 01:39:57,940
Publish prohibited uses that reflect your values
2466
01:39:57,940 –> 01:39:59,460
and regulatory realities.
2467
01:39:59,460 –> 01:40:01,860
If you’re a chaio, this is where you must step in.
2468
01:40:01,860 –> 01:40:03,860
Non-deligable decisions live here
2469
01:40:03,860 –> 01:40:06,260
and exception protocols must have aspirations.
2470
01:40:06,260 –> 01:40:07,780
Drift starts with temporary.
2471
01:40:07,780 –> 01:40:09,380
Stand up the council.
2472
01:40:09,380 –> 01:40:11,860
Define quorum, SLA’s, alternates,
2473
01:40:11,860 –> 01:40:14,020
and the cadence for pre-deploy reviews.
2474
01:40:14,020 –> 01:40:15,220
Avoid membership bloat.
2475
01:40:15,220 –> 01:40:17,140
You want accountable roles not an audience.
2476
01:40:17,140 –> 01:40:18,820
The council’s product is not a meeting.
2477
01:40:18,820 –> 01:40:20,980
It’s a signed decision with conditions and aspirations
2478
01:40:20,980 –> 01:40:23,940
that can be enforced in identity and data controls.
2479
01:40:23,940 –> 01:40:26,820
If you run IT, people will expect answers from you.
2480
01:40:26,820 –> 01:40:28,660
Bind council approvals to entry groups,
2481
01:40:28,660 –> 01:40:30,820
devise conditions and network locations
2482
01:40:30,820 –> 01:40:34,100
so permissions reflect risk tiers, not optimism.
2483
01:40:34,100 –> 01:40:36,260
Draft the intake form on one page.
2484
01:40:36,260 –> 01:40:37,380
Force the essentials.
2485
01:40:37,380 –> 01:40:39,940
Purpose users’ decisions influence data sources,
2486
01:40:39,940 –> 01:40:43,620
sensitivity labels, potential harms, mitigating controls,
2487
01:40:43,620 –> 01:40:46,180
autonomy ceiling, explainability level,
2488
01:40:46,180 –> 01:40:47,540
and exit criteria.
2489
01:40:47,540 –> 01:40:49,620
Include the owner’s name and the business outcome.
2490
01:40:49,620 –> 01:40:50,900
Make it mandatory with a date.
2491
01:40:50,900 –> 01:40:51,780
This isn’t paperwork.
2492
01:40:51,780 –> 01:40:54,580
It’s friction that removes larger friction later.
2493
01:40:54,580 –> 01:40:56,900
If you leave data, define the required artifacts
2494
01:40:56,900 –> 01:40:58,740
per tier lineage consent provenance,
2495
01:40:58,740 –> 01:41:00,980
model card elements, and disparity metrics
2496
01:41:00,980 –> 01:41:03,060
and publish the response time you will meet.
2497
01:41:03,060 –> 01:41:04,740
Evidence is a service not a surprise.
2498
01:41:04,740 –> 01:41:07,860
Define kills with rules upfront, what triggers a pause,
2499
01:41:07,860 –> 01:41:10,180
who adjudicates, how long can a system run
2500
01:41:10,180 –> 01:41:12,260
degraded before it must retire?
2501
01:41:12,260 –> 01:41:13,780
Put these in writing with examples.
2502
01:41:13,780 –> 01:41:16,180
Then rehearse once at small scale to prove the muscle.
2503
01:41:16,180 –> 01:41:18,260
If you own the business except that you’ll carry
2504
01:41:18,260 –> 01:41:20,340
the consequence when a pause happens,
2505
01:41:20,340 –> 01:41:22,660
sign the residual risk block now while calm,
2506
01:41:22,660 –> 01:41:25,860
leaders remember who flinched when incentives cut across safety.
2507
01:41:25,860 –> 01:41:29,700
Communicate intent broadly once and then specifically often.
2508
01:41:29,700 –> 01:41:33,780
The broadcast sets tone, build, but inside these guardrails.
2509
01:41:33,780 –> 01:41:36,180
The specifics are embedded where work happens.
2510
01:41:36,180 –> 01:41:39,300
In intake links, pin to team channels, in identity workflows
2511
01:41:39,300 –> 01:41:42,420
that deny unregistered agents, in DLP rules
2512
01:41:42,420 –> 01:41:45,860
that redact sensitive data from prompts and outputs by default.
2513
01:41:45,860 –> 01:41:47,540
You are turning values into defaults.
2514
01:41:47,540 –> 01:41:49,620
If you’re a coyote, keep this from drifting.
2515
01:41:49,620 –> 01:41:51,700
If one exception silently becomes the pattern,
2516
01:41:51,700 –> 01:41:52,900
you own that erosion.
2517
01:41:52,900 –> 01:41:55,620
Don’t create committees that interpret values endlessly.
2518
01:41:55,620 –> 01:41:57,780
Translate values into deterministic mechanisms.
2519
01:41:57,780 –> 01:42:00,100
Approvals without identity bindings are theatre,
2520
01:42:00,100 –> 01:42:02,500
prohibited uses without enforcement are branding,
2521
01:42:02,500 –> 01:42:05,300
a register without next review dates is a comfort object.
2522
01:42:05,300 –> 01:42:08,500
Every artifact you create in month one should force an action
2523
01:42:08,500 –> 01:42:10,900
in the control plane or produce evidence on demand.
2524
01:42:10,900 –> 01:42:14,100
Codify escalation in miniature, publish triggers,
2525
01:42:14,100 –> 01:42:16,900
quorum, timing and documentation requirements.
2526
01:42:16,900 –> 01:42:19,700
Run a micro exercise with a low risk use case
2527
01:42:19,700 –> 01:42:22,500
to prove the lane works in minutes, not days.
2528
01:42:22,500 –> 01:42:25,700
If you run IT, turn pause into a button,
2529
01:42:25,700 –> 01:42:28,500
your team can press confidently and reverse safely.
2530
01:42:28,500 –> 01:42:31,140
If you lead data, keep the context packet ready.
2531
01:42:31,140 –> 01:42:34,180
Prompt, output, features, lineage and last change,
2532
01:42:34,180 –> 01:42:37,140
so adjudication can be based on facts, not recollection,
2533
01:42:37,140 –> 01:42:39,300
tie incentives to the behaviors you need.
2534
01:42:39,300 –> 01:42:41,460
Reward justified pauses and complete evidence,
2535
01:42:41,460 –> 01:42:43,460
penalise concealment, not failure.
2536
01:42:43,460 –> 01:42:45,220
Announce that exceptions have end dates
2537
01:42:45,220 –> 01:42:47,540
and will be published internally with rationale.
2538
01:42:47,540 –> 01:42:49,220
If you own the business, you model this
2539
01:42:49,220 –> 01:42:51,380
by declining velocity without ownership.
2540
01:42:51,380 –> 01:42:52,820
Finally, set the calendar.
2541
01:42:52,820 –> 01:42:54,180
Weekly intake triage,
2542
01:42:54,180 –> 01:42:56,500
standing pre-deploy quorum twice monthly,
2543
01:42:56,500 –> 01:42:58,340
monthly post-deploy drift review,
2544
01:42:58,340 –> 01:43:02,180
a quarterly letter summarising inventory, incidents and decisions.
2545
01:43:02,180 –> 01:43:05,300
This cadence is the metronome that keeps intent from decaying
2546
01:43:05,300 –> 01:43:06,820
if you’re a chaioprotected.
2547
01:43:06,820 –> 01:43:08,820
If you run it, embody it in systems.
2548
01:43:08,820 –> 01:43:10,660
If you lead data, meet it with fresh proofs.
2549
01:43:10,660 –> 01:43:13,460
If you own the business, fund the fixes it reveals.
2550
01:43:13,460 –> 01:43:14,820
Month one doesn’t chase tools.
2551
01:43:14,820 –> 01:43:16,660
It makes tools answer to people.
2552
01:43:16,660 –> 01:43:18,980
That distinction is the difference between governance
2553
01:43:18,980 –> 01:43:20,980
that collapses on contact with revenue
2554
01:43:20,980 –> 01:43:22,980
and stewardship that holds when it matters.
2555
01:43:22,980 –> 01:43:25,220
Month two, inventory and risk triage.
2556
01:43:25,220 –> 01:43:27,060
Month two maps intend to reality.
2557
01:43:27,060 –> 01:43:28,580
You are not collecting trivia.
2558
01:43:28,580 –> 01:43:31,860
You are forcing every AI use case to declare itself its owner,
2559
01:43:31,860 –> 01:43:33,460
its data and its blast radius.
2560
01:43:33,460 –> 01:43:36,740
The output is a living register that reveals where decisions actually live
2561
01:43:36,740 –> 01:43:38,020
and where they don’t.
2562
01:43:38,020 –> 01:43:39,700
Start with a structure that scales.
2563
01:43:39,700 –> 01:43:41,780
For each system, name, business outcome,
2564
01:43:41,780 –> 01:43:43,460
accountable owner, autonomy level,
2565
01:43:43,460 –> 01:43:46,420
users affected, data sources, sensitivity labels,
2566
01:43:46,420 –> 01:43:49,220
lineage, identity model, logs available,
2567
01:43:49,220 –> 01:43:52,660
risk tier, status, next review date and degraded modes.
2568
01:43:52,660 –> 01:43:55,460
If a field can’t be filled, that signal, not a nuisance.
2569
01:43:55,460 –> 01:43:57,220
Missing ownership is missing control.
2570
01:43:57,220 –> 01:43:59,140
Missing lineage is missing consent.
2571
01:43:59,140 –> 01:44:00,900
Missing logs is missing accountability.
2572
01:44:00,900 –> 01:44:02,340
Discovery isn’t a scavenger hunt.
2573
01:44:02,340 –> 01:44:04,340
Follow money, network and contracts.
2574
01:44:04,340 –> 01:44:06,500
Pulled sars spent by category and keyword.
2575
01:44:06,500 –> 01:44:09,620
Inspect egress patterns to public AI endpoints.
2576
01:44:09,620 –> 01:44:11,940
Review procurement exceptions, statements of work
2577
01:44:11,940 –> 01:44:13,300
and pilot notes.
2578
01:44:13,300 –> 01:44:16,340
Ask finance for reimbursements tied to AI subscriptions.
2579
01:44:16,340 –> 01:44:19,140
Run short surveys that force a name, a purpose and a link.
2580
01:44:19,140 –> 01:44:20,740
Shadow AI hides inconvenience.
2581
01:44:20,740 –> 01:44:23,620
Your job is to make registration easier than the work around.
2582
01:44:23,620 –> 01:44:24,580
Now triage.
2583
01:44:24,580 –> 01:44:27,300
Apply the risk taxonomy you approved in month one.
2584
01:44:27,300 –> 01:44:29,540
Minimal moderate high systemic.
2585
01:44:29,540 –> 01:44:32,340
Tier by impact on rights, safety and finance,
2586
01:44:32,340 –> 01:44:34,260
autonomy, population size,
2587
01:44:34,260 –> 01:44:36,500
reversibility, explainability need,
2588
01:44:36,500 –> 01:44:38,340
and dependency on sensitive data.
2589
01:44:38,340 –> 01:44:40,180
Promote risk on evidence, not ego.
2590
01:44:40,180 –> 01:44:42,020
A charming demo is not a safety case.
2591
01:44:42,020 –> 01:44:43,700
A spreadsheet of complaints is.
2592
01:44:43,700 –> 01:44:45,780
Attach the rationale to the register entry
2593
01:44:45,780 –> 01:44:48,500
so future you remember is why this landed where it did.
2594
01:44:48,500 –> 01:44:51,380
Map identity edges next, who can invoke which capability
2595
01:44:51,380 –> 01:44:53,780
from where on what device under what conditions.
2596
01:44:53,780 –> 01:44:56,660
Document entry group bindings, conditional access rules
2597
01:44:56,660 –> 01:44:59,380
and service principles or document that there are none.
2598
01:44:59,380 –> 01:45:02,580
That absence is content, expect to find orphaned agents,
2599
01:45:02,580 –> 01:45:05,060
stale groups and unbounded connector scopes.
2600
01:45:05,060 –> 01:45:08,020
Decide whether they’re paused now or remediated on a clock.
2601
01:45:08,020 –> 01:45:10,020
Make pause a control plane action,
2602
01:45:10,020 –> 01:45:12,580
not a pleading email, then draw your data boundaries.
2603
01:45:12,580 –> 01:45:14,580
Label inheritance is the backbone.
2604
01:45:14,580 –> 01:45:16,820
Verify it lives beyond office files.
2605
01:45:16,820 –> 01:45:18,980
Inspect teams, SharePoint libraries,
2606
01:45:18,980 –> 01:45:22,100
ShareDrives and Cloud Storage for company-wide links.
2607
01:45:22,100 –> 01:45:23,860
Kill them, time bound the rest.
2608
01:45:23,860 –> 01:45:25,300
Trace common ex-fill paths,
2609
01:45:25,300 –> 01:45:28,660
exports to CSV personal mailboxes, unmanaged notebooks,
2610
01:45:28,660 –> 01:45:32,100
Enabled DLP Redaction for prompts and outputs on sensitive labels.
2611
01:45:32,100 –> 01:45:35,620
Close the gaps or monitor them loudly with owners attached.
2612
01:45:35,620 –> 01:45:38,740
This is where the co-pilot exposure pattern shows its face.
2613
01:45:38,740 –> 01:45:41,540
Overshared libraries, unlabeled exports,
2614
01:45:41,540 –> 01:45:44,500
and links that never expire become helpful answers.
2615
01:45:44,500 –> 01:45:47,940
Co-pilot didn’t leak, your governance did.
2616
01:45:47,940 –> 01:45:49,860
Fixed source, enforced label inheritance,
2617
01:45:49,860 –> 01:45:52,660
block global links require managed devices for sensitive joins
2618
01:45:52,660 –> 01:45:54,500
and resertify access quarterly.
2619
01:45:54,500 –> 01:45:56,820
Don’t add disclaimers to prompts and call it solved.
2620
01:45:56,820 –> 01:45:58,900
Write remediation as workflows not wishes.
2621
01:45:58,900 –> 01:46:01,780
Identity resertifications with owners and expiration,
2622
01:46:01,780 –> 01:46:05,060
DLP policies that redact by label and log hits to the register,
2623
01:46:05,060 –> 01:46:07,620
plug in and connect the scopes that default to least privilege
2624
01:46:07,620 –> 01:46:10,260
and auto-expire, agent hygiene that disables
2625
01:46:10,260 –> 01:46:12,660
onalous instances and rotate secrets,
2626
01:46:12,660 –> 01:46:15,860
publish SLAs by tier, and track aging in the review pack
2627
01:46:15,860 –> 01:46:17,780
you will send in month three.
2628
01:46:17,780 –> 01:46:19,940
Evidence is the difference between posture and practice.
2629
01:46:19,940 –> 01:46:22,340
For each entry, attach a model card skeleton,
2630
01:46:22,340 –> 01:46:24,500
last disparity check, red team notes
2631
01:46:24,500 –> 01:46:27,060
if required by tier and the log locations.
2632
01:46:27,060 –> 01:46:30,260
Keep a context packet template ready, prompt, output,
2633
01:46:30,260 –> 01:46:33,300
salient features, data lineage, last change.
2634
01:46:33,300 –> 01:46:34,820
You will use it when something drifts.
2635
01:46:34,820 –> 01:46:37,940
If you lead data, your service level is minutes, not meetings.
2636
01:46:37,940 –> 01:46:41,940
If you’re a chial, your decision is to require proof before scale.
2637
01:46:41,940 –> 01:46:46,580
Show me lineage, consent and controls, precedes show me ROI.
2638
01:46:46,580 –> 01:46:47,860
Protect the bar you set.
2639
01:46:47,860 –> 01:46:50,340
If you run IT, people will expect answers from you.
2640
01:46:50,340 –> 01:46:53,140
Make remediation workflows default and reversible.
2641
01:46:53,140 –> 01:46:56,740
Buying the proofs to groups and devices make pause real in minutes.
2642
01:46:56,740 –> 01:46:58,900
If you lead data, produce lineage graphs
2643
01:46:58,900 –> 01:47:00,820
and consent provenance on demand,
2644
01:47:00,820 –> 01:47:02,980
do not outsource memory to tribal knowledge.
2645
01:47:02,980 –> 01:47:05,620
If you own the business, fund the boring work,
2646
01:47:05,620 –> 01:47:08,020
label propagation for non-office files,
2647
01:47:08,020 –> 01:47:10,500
access research, connector scoping and logging,
2648
01:47:10,500 –> 01:47:12,100
value lives in these seams.
2649
01:47:12,100 –> 01:47:14,500
Governance theater grows here if you let it.
2650
01:47:14,500 –> 01:47:16,500
More policy pages won’t triage risk.
2651
01:47:16,500 –> 01:47:19,380
One intake, one register, one escalation path
2652
01:47:19,380 –> 01:47:21,300
and one remediation backlog will.
2653
01:47:21,300 –> 01:47:23,380
Publish the backlog with owners and due dates.
2654
01:47:23,380 –> 01:47:26,180
Sunlight creates velocity, exceptions get end dates,
2655
01:47:26,180 –> 01:47:27,220
drift gets caught.
2656
01:47:27,220 –> 01:47:30,100
And co-pilot becomes safer because your substrate is safer.
2657
01:47:30,100 –> 01:47:31,780
Month 2 does not chase perfection.
2658
01:47:31,780 –> 01:47:34,900
It creates enough clarity to act and enough friction to stop.
2659
01:47:34,900 –> 01:47:36,500
Month 3.
2660
01:47:36,500 –> 01:47:38,580
Governance loop and escalation live.
2661
01:47:38,580 –> 01:47:41,300
Month 3 converts policy into stopping power.
2662
01:47:41,300 –> 01:47:44,820
You operationalize one loop, intake, pre-deploy review,
2663
01:47:44,820 –> 01:47:47,620
post-deploy monitoring and escalation that works in minutes.
2664
01:47:47,620 –> 01:47:48,900
Everything else is commentary,
2665
01:47:48,900 –> 01:47:51,060
activate intake gates on a date and mean it.
2666
01:47:51,060 –> 01:47:53,140
Nothing ships without an accountable owner,
2667
01:47:53,140 –> 01:47:55,940
a completed intake and artifacts in the register.
2668
01:47:55,940 –> 01:47:58,900
Model card skeleton, data lineage, consent provenance,
2669
01:47:58,900 –> 01:48:00,100
risk tier degraded modes,
2670
01:48:00,100 –> 01:48:01,620
don’t make exceptions by email.
2671
01:48:01,620 –> 01:48:03,380
Exceptions are entries with end dates,
2672
01:48:03,380 –> 01:48:05,060
conditions and a named owner.
2673
01:48:05,060 –> 01:48:07,620
If you’re a coyote, this is where you must step in.
2674
01:48:07,620 –> 01:48:10,420
Protect the go-live bar from justice once.
2675
01:48:10,420 –> 01:48:12,980
If your runnyty approvals our entitlements bound to
2676
01:48:12,980 –> 01:48:15,380
enter groups, device conditions and locations,
2677
01:48:15,380 –> 01:48:17,220
enforceable, reversible, logged,
2678
01:48:17,220 –> 01:48:21,300
run pre-deploy corums on a cadence twice monthly works for most organizations,
2679
01:48:21,300 –> 01:48:23,060
the corum is small and accountable,
2680
01:48:23,060 –> 01:48:26,260
steward, business owner, security, IT,
2681
01:48:26,260 –> 01:48:29,620
data and legal executive for tie-breakers in high-risk lanes.
2682
01:48:29,620 –> 01:48:33,140
The output is assigned decision with conditions and aspirations,
2683
01:48:33,140 –> 01:48:34,740
attach it to the register entry,
2684
01:48:34,740 –> 01:48:37,940
record residual risk acceptance with the business owner’s name.
2685
01:48:37,940 –> 01:48:39,940
If you lead data, bring facts.
2686
01:48:39,940 –> 01:48:42,820
Not slides, lineage graph, label coverage,
2687
01:48:42,820 –> 01:48:45,620
disparity metrics, if the tier demands them
2688
01:48:45,620 –> 01:48:46,820
and the last change log.
2689
01:48:46,820 –> 01:48:48,900
If you own the business, you sign the consequence,
2690
01:48:48,900 –> 01:48:50,900
decline velocity without ownership.
2691
01:48:50,900 –> 01:48:53,220
Begin post-deploy monitoring on day one.
2692
01:48:53,220 –> 01:48:55,300
Define thresholds that force action by tier.
2693
01:48:55,300 –> 01:48:57,940
Confidence dips beyond bands,
2694
01:48:57,940 –> 01:49:01,940
safety classifier hits, unexplained spikes in negative sentiment,
2695
01:49:01,940 –> 01:49:03,860
drift in input distributions,
2696
01:49:03,860 –> 01:49:05,380
higher adverse impact ratios.
2697
01:49:05,380 –> 01:49:08,260
Tie each threshold to an action path,
2698
01:49:08,260 –> 01:49:11,060
pause degrade, gate, retrain or notify.
2699
01:49:11,060 –> 01:49:12,820
Make the system observable to humans,
2700
01:49:12,820 –> 01:49:15,620
not just machines, dashboards don’t replace decisions.
2701
01:49:15,620 –> 01:49:18,020
If you run IT, wire pause into the control plane
2702
01:49:18,020 –> 01:49:20,100
so the steward can trigger it and roll back safely.
2703
01:49:20,100 –> 01:49:22,820
If you lead data, keep the context packet fresh,
2704
01:49:22,820 –> 01:49:24,900
so adjudication uses prompt output,
2705
01:49:24,900 –> 01:49:27,540
features, lineage and last change, not memory.
2706
01:49:27,540 –> 01:49:30,500
Tabletop one composite incident with real logs,
2707
01:49:30,500 –> 01:49:32,980
a drift signal, a sensitive output surface
2708
01:49:32,980 –> 01:49:35,300
to a sales team and a customer complaint.
2709
01:49:35,300 –> 01:49:38,420
Run it end to end, trigger context packet, quorum decision action,
2710
01:49:38,420 –> 01:49:42,020
notify log learn, time it, your SLA is minutes not days.
2711
01:49:42,020 –> 01:49:45,540
Measure two numbers ruthlessly, time to adjudication and time paused,
2712
01:49:45,540 –> 01:49:47,860
then update controls based on what you learned.
2713
01:49:47,860 –> 01:49:51,540
Strictor thresholds, better reduction, narrower plug-and-scopes,
2714
01:49:51,540 –> 01:49:53,060
tighter device conditions.
2715
01:49:53,060 –> 01:49:56,580
If you’re a Cairo, protect the SLA and block exception creep,
2716
01:49:56,580 –> 01:49:58,500
your job is to keep the lane clear.
2717
01:49:58,500 –> 01:50:02,180
If you lead data, prove the fix with new evidence attached to the register.
2718
01:50:02,180 –> 01:50:05,060
If you own the business, carry the communications and show the
2719
01:50:05,060 –> 01:50:07,140
degraded mode was planned, not improvised.
2720
01:50:07,140 –> 01:50:09,380
Publisher monthly review pack, it’s not glossy,
2721
01:50:09,380 –> 01:50:12,660
it’s terse and auditable, inventory count by tier,
2722
01:50:12,660 –> 01:50:15,860
new approvals with conditions, escalations, triggered,
2723
01:50:15,860 –> 01:50:18,660
time to adjudication, time paused,
2724
01:50:18,660 –> 01:50:22,580
exceptions opened and closed, exposure reduction by label coverage
2725
01:50:22,580 –> 01:50:24,420
and drift reviews completed on schedule.
2726
01:50:24,420 –> 01:50:27,380
Include changes to controls in the rationale,
2727
01:50:27,380 –> 01:50:30,900
append a one page letter that states the single lesson learned this month
2728
01:50:30,900 –> 01:50:32,900
and the single control change you enacted.
2729
01:50:32,900 –> 01:50:35,940
If you run IT, people will expect answers from you,
2730
01:50:35,940 –> 01:50:37,700
instrument truth and show it.
2731
01:50:37,700 –> 01:50:40,580
If you lead data, attach model card updates and disparity checks
2732
01:50:40,580 –> 01:50:43,540
for high risk lanes, so the board doesn’t need to ask twice.
2733
01:50:43,540 –> 01:50:45,380
Practice degraded modes on purpose.
2734
01:50:45,380 –> 01:50:48,980
Schedule one planned degradation per quarter in a moderate risk system.
2735
01:50:48,980 –> 01:50:51,540
Prove your rollback works, your coms templates hold
2736
01:50:51,540 –> 01:50:54,580
and your customers don’t learn about your governance the hard way.
2737
01:50:54,580 –> 01:50:56,820
If you’re a Cairo, this is where you must step in.
2738
01:50:56,820 –> 01:50:59,700
Normalize justified pauses and rehearse downgrades
2739
01:50:59,700 –> 01:51:02,020
and reward the teams that executed them cleanly.
2740
01:51:02,020 –> 01:51:06,020
If you own the business, model the behavior by fronting those communications
2741
01:51:06,020 –> 01:51:09,620
and refusing to optimize away the drill, close the loop each quarter,
2742
01:51:09,620 –> 01:51:12,260
update the risk taxonomy of incidents cluster,
2743
01:51:12,260 –> 01:51:15,220
adjust thresholds, retire artifacts that no one reads,
2744
01:51:15,220 –> 01:51:17,460
at the one you needed during the tabletop,
2745
01:51:17,460 –> 01:51:20,100
and refresh incentives, pay for evidence, readiness,
2746
01:51:20,100 –> 01:51:23,540
and SLA reliability, not for volume, drift is relentless.
2747
01:51:23,540 –> 01:51:25,380
The loop is how you keep intent intact
2748
01:51:25,380 –> 01:51:27,300
when co-pilot surfaces convenience,
2749
01:51:27,300 –> 01:51:30,020
shadow parts promise speed and revenue applies pressure.
2750
01:51:31,060 –> 01:51:33,700
The AI use case inventory structure that scales.
2751
01:51:33,700 –> 01:51:34,740
This is the backbone.
2752
01:51:34,740 –> 01:51:37,620
One inventory visible to everyone who makes decisions.
2753
01:51:37,620 –> 01:51:39,540
Each row is a commitment, not a rumor.
2754
01:51:39,540 –> 01:51:41,700
Start with fields that force ownership.
2755
01:51:41,700 –> 01:51:43,220
Name the use case plainly.
2756
01:51:43,220 –> 01:51:45,700
State the business outcome in one sentence.
2757
01:51:45,700 –> 01:51:47,700
What value it creates and for whom.
2758
01:51:47,700 –> 01:51:50,580
Assign an accountable owner by name, not a team.
2759
01:51:50,580 –> 01:51:54,020
Capture users and populations affected so scale is explicit.
2760
01:51:54,020 –> 01:51:57,700
Record autonomy level, assist, recommend, decide.
2761
01:51:57,700 –> 01:51:59,780
So oversight intensity is obvious.
2762
01:51:59,780 –> 01:52:02,820
If you’re a kaiho, your decision here is to make visibility
2763
01:52:02,820 –> 01:52:04,020
non-negotiable.
2764
01:52:04,020 –> 01:52:06,420
No owner, no entry, no runtime.
2765
01:52:06,420 –> 01:52:08,340
Data fields come next.
2766
01:52:08,340 –> 01:52:10,980
List data sources with links, not abbreviations,
2767
01:52:10,980 –> 01:52:13,380
include sensitivity labels and confirm inheritance,
2768
01:52:13,380 –> 01:52:16,260
attach lineage diagrams or a pointer to where they live,
2769
01:52:16,260 –> 01:52:18,100
evidence, not aspiration.
2770
01:52:18,100 –> 01:52:21,140
Record consent provenance if personal data is in scope.
2771
01:52:21,140 –> 01:52:23,220
If you lead data, your responsibility is to make
2772
01:52:23,220 –> 01:52:25,380
these proofs routine in minutes, not meetings.
2773
01:52:25,380 –> 01:52:28,100
Controls must be in the row, not in a policy PDF.
2774
01:52:28,740 –> 01:52:30,260
Note identity bindings,
2775
01:52:30,260 –> 01:52:33,460
entra groups, device conditions, network locations,
2776
01:52:33,460 –> 01:52:36,660
add DLP policies in force for prompts, outputs,
2777
01:52:36,660 –> 01:52:39,460
and grounding data include plug-in and connector scopes
2778
01:52:39,460 –> 01:52:40,580
with aspirations.
2779
01:52:40,580 –> 01:52:43,060
Record content safety classifiers and any gating.
2780
01:52:43,060 –> 01:52:45,380
If you run IT, people will expect answers from you,
2781
01:52:45,380 –> 01:52:47,140
translate approvals into entitlements
2782
01:52:47,140 –> 01:52:49,140
that can be enforced and reversed quickly.
2783
01:52:49,140 –> 01:52:51,220
Status and lifecycle make drift visible.
2784
01:52:51,220 –> 01:52:54,340
Tag pilot, limited release, GA or retired with dates,
2785
01:52:54,340 –> 01:52:56,580
set the next review date tied to risk tier.
2786
01:52:56,580 –> 01:52:58,260
Declare degraded modes upfront.
2787
01:52:58,260 –> 01:53:00,020
What happens when you pause, who sees less
2788
01:53:00,020 –> 01:53:01,060
and how you roll back?
2789
01:53:01,060 –> 01:53:04,100
If you own the business, accept that you carry the consequence,
2790
01:53:04,100 –> 01:53:06,180
define these modes while calm.
2791
01:53:06,180 –> 01:53:08,180
Risk and measurement are not optional.
2792
01:53:08,180 –> 01:53:11,940
Assign the tier, minimal, moderate, high systemic,
2793
01:53:11,940 –> 01:53:13,940
using the taxonomy you approved.
2794
01:53:13,940 –> 01:53:16,100
Attach red team nodes and disparity metrics
2795
01:53:16,100 –> 01:53:17,460
where tiers demand them.
2796
01:53:17,460 –> 01:53:19,540
List success metrics and leading indicators,
2797
01:53:19,540 –> 01:53:21,460
including thresholds that force action.
2798
01:53:21,460 –> 01:53:24,500
If you’re a kaiho, this is where you must step in.
2799
01:53:24,500 –> 01:53:27,380
Insist on measurable triggers, not vibes.
2800
01:53:27,380 –> 01:53:29,140
Flows make the blast radius clear.
2801
01:53:29,140 –> 01:53:31,780
Where data comes from, where it goes and who sees outputs.
2802
01:53:31,780 –> 01:53:34,420
Internal teams, external customers, downstream systems
2803
01:53:34,420 –> 01:53:36,420
include handoffs to email, CRM,
2804
01:53:36,420 –> 01:53:38,740
or data lakes that might amplify exposure.
2805
01:53:38,740 –> 01:53:41,380
If you lead data, map common exfill parts,
2806
01:53:41,380 –> 01:53:43,620
CSV exports, unmanaged notebooks
2807
01:53:43,620 –> 01:53:45,700
and tie them to DLP controls in the row.
2808
01:53:45,700 –> 01:53:48,820
Evidence is the difference between claims and controls.
2809
01:53:48,820 –> 01:53:51,220
Link a model card, even if skeletal,
2810
01:53:51,220 –> 01:53:54,020
the last drift check and monitoring dashboards.
2811
01:53:54,020 –> 01:53:56,660
Point to log locations for prompts, outputs,
2812
01:53:56,660 –> 01:53:57,700
and actions.
2813
01:53:57,700 –> 01:54:00,340
Keep a context packet template ready for incidents.
2814
01:54:00,340 –> 01:54:02,900
Prompt output features lineage last changed.
2815
01:54:02,900 –> 01:54:05,860
If you run IT, make sure logs resolve to identity,
2816
01:54:05,860 –> 01:54:07,300
not IP addresses.
2817
01:54:07,300 –> 01:54:09,140
Governance needs a place in every entry.
2818
01:54:09,140 –> 01:54:10,740
Record the most recent quorum decision
2819
01:54:10,740 –> 01:54:12,500
with conditions and aspirations.
2820
01:54:12,500 –> 01:54:15,060
Note residual risk acceptance with the owner’s name.
2821
01:54:15,060 –> 01:54:16,500
List exceptions with end dates.
2822
01:54:16,500 –> 01:54:18,900
If you’re a kaiho, protect this field from temporary
2823
01:54:18,900 –> 01:54:20,180
becoming permanent.
2824
01:54:20,180 –> 01:54:21,460
Make it searchable and dull.
2825
01:54:21,460 –> 01:54:23,860
Filters by owner, tier status, next review.
2826
01:54:23,860 –> 01:54:25,220
Flags for missing artifacts,
2827
01:54:25,220 –> 01:54:27,460
aging indicators for reviews past you.
2828
01:54:27,460 –> 01:54:29,540
Summaries by domain for board reporting.
2829
01:54:29,540 –> 01:54:31,220
The purpose is not beauty.
2830
01:54:31,220 –> 01:54:32,420
It’s stopping power.
2831
01:54:32,420 –> 01:54:34,420
Common failure patterns belong here too.
2832
01:54:34,420 –> 01:54:38,180
Co-pilot exposure shows up as unlabeled exports in shared libraries.
2833
01:54:38,180 –> 01:54:40,260
Your countermeasure is label inheritance
2834
01:54:40,260 –> 01:54:42,500
and device gating recorded in the row.
2835
01:54:42,500 –> 01:54:44,820
Shadow AI appears as personal tenant agents.
2836
01:54:44,820 –> 01:54:46,580
Your fix is a sanctioned alternative
2837
01:54:46,580 –> 01:54:48,980
with scopes and expiration visible in the entry.
2838
01:54:48,980 –> 01:54:52,340
Governance theater appears as policy links without entitlements.
2839
01:54:52,340 –> 01:54:53,940
Replace them with group names,
2840
01:54:53,940 –> 01:54:56,180
device rules and DLP policy IDs.
2841
01:54:56,180 –> 01:54:59,380
If you’re a kaiho, your decision is to make this the single source of truth
2842
01:54:59,380 –> 01:55:02,100
and to close doors that bypass it if you run IT
2843
01:55:02,100 –> 01:55:03,620
bind runtime to the register.
2844
01:55:03,620 –> 01:55:05,300
No entry, no invocation.
2845
01:55:05,300 –> 01:55:08,660
If you lead data, keep lineage and consent proofs fresh.
2846
01:55:08,660 –> 01:55:10,900
If you own the business, accept residual risk
2847
01:55:10,900 –> 01:55:13,300
in writing here, not in hallway conversations.
2848
01:55:13,300 –> 01:55:15,540
This inventory is your control surface in human form.
2849
01:55:15,540 –> 01:55:18,820
The escalation workflow, minimal deterministic.
2850
01:55:18,820 –> 01:55:20,180
You are not building a help desk.
2851
01:55:20,180 –> 01:55:21,860
You are building a circuit breaker.
2852
01:55:21,860 –> 01:55:24,580
Escalation is the narrow lane that converts uncertainty
2853
01:55:24,580 –> 01:55:26,500
into a decision under time pressure.
2854
01:55:26,500 –> 01:55:28,820
If it feels complicated, it will fail when it matters.
2855
01:55:28,820 –> 01:55:29,620
Keep it minimal.
2856
01:55:29,620 –> 01:55:31,140
Make it deterministic.
2857
01:55:31,140 –> 01:55:33,460
Start with triggers that are written down and tested.
2858
01:55:33,460 –> 01:55:36,420
Confidence dips beyond bands, safety classifier hits,
2859
01:55:36,420 –> 01:55:38,260
a sensitive label in an output,
2860
01:55:38,260 –> 01:55:40,100
a sudden spike in negative sentiment,
2861
01:55:40,100 –> 01:55:42,100
a drift signal crossing a threshold,
2862
01:55:42,100 –> 01:55:44,500
a user-harm report with a reproducible prompt.
2863
01:55:44,500 –> 01:55:47,460
Triggers live next to the use case entry in the register,
2864
01:55:47,460 –> 01:55:48,340
triggers fire.
2865
01:55:48,340 –> 01:55:49,460
No debate mid-incident.
2866
01:55:49,460 –> 01:55:51,460
Debate happened when you set the threshold.
2867
01:55:51,460 –> 01:55:53,380
When a trigger fires, you assemble one thing,
2868
01:55:53,380 –> 01:55:54,580
the context packet.
2869
01:55:54,580 –> 01:55:57,220
Prompt, output, salient features, data lineage,
2870
01:55:57,220 –> 01:55:59,060
last change, environment and identity.
2871
01:55:59,060 –> 01:56:00,020
Link to logs.
2872
01:56:00,020 –> 01:56:01,540
No recollection, no reenactment,
2873
01:56:01,540 –> 01:56:03,300
no screenshots and chat threads.
2874
01:56:03,300 –> 01:56:05,220
The context packet travels with the case,
2875
01:56:05,220 –> 01:56:08,100
attaches to the register and becomes evidence after the fact.
2876
01:56:08,100 –> 01:56:09,460
Then the quorum convenes.
2877
01:56:09,460 –> 01:56:11,620
Small, accountable, named in advance.
2878
01:56:11,620 –> 01:56:14,660
Stuart, business owner, security, IT, data,
2879
01:56:14,660 –> 01:56:17,540
and legal or executive for tie-breakers in high-risk lanes.
2880
01:56:17,540 –> 01:56:20,500
No observers, no alternates, who don’t know they are alternates.
2881
01:56:20,500 –> 01:56:22,820
The quorum has an SLA measured in minutes.
2882
01:56:22,820 –> 01:56:24,580
The outcome is one of five verbs,
2883
01:56:24,580 –> 01:56:28,820
pause, degrade, gate, retrain or proceed with notify.
2884
01:56:28,820 –> 01:56:32,180
Each verb has an exit criterion written next to it.
2885
01:56:32,180 –> 01:56:34,980
What must be true to resume or return to full fidelity?
2886
01:56:34,980 –> 01:56:37,940
Decisions must change reality in the control plane.
2887
01:56:37,940 –> 01:56:39,700
Pause is not a message.
2888
01:56:39,700 –> 01:56:41,460
It is an action bound to entra-groups,
2889
01:56:41,460 –> 01:56:43,700
device conditions or service principles.
2890
01:56:43,700 –> 01:56:45,620
Degrade routes to a known restricted mode
2891
01:56:45,620 –> 01:56:47,140
that was defined in the register.
2892
01:56:47,140 –> 01:56:50,100
Gate introduces human review or additional checks.
2893
01:56:50,100 –> 01:56:52,980
Retrain opens a ticket with evidence and a clock.
2894
01:56:52,980 –> 01:56:55,540
Proceed with notify attaches the decision and rationale
2895
01:56:55,540 –> 01:56:57,380
to the register and triggers comms.
2896
01:56:57,380 –> 01:56:59,620
If your decisions cannot be executed in minutes,
2897
01:56:59,620 –> 01:57:02,580
you have a meeting ritual, not an escalation workflow.
2898
01:57:02,580 –> 01:57:03,700
Timing is non-negotiable.
2899
01:57:03,700 –> 01:57:06,900
The SLA starts a trigger detection not at quorum start.
2900
01:57:06,900 –> 01:57:09,380
You measure time to adjudication and time paused.
2901
01:57:09,380 –> 01:57:10,660
You don’t average them.
2902
01:57:10,660 –> 01:57:12,500
You show distributions and outliers.
2903
01:57:12,500 –> 01:57:13,300
You don’t bury misses.
2904
01:57:13,300 –> 01:57:14,580
You learn and tighten.
2905
01:57:14,580 –> 01:57:18,260
Every minute is an opportunity for compounding harm or compounding trust.
2906
01:57:18,260 –> 01:57:21,140
Documentation is the difference between process and theater.
2907
01:57:21,140 –> 01:57:23,220
Each escalation produces a decision record
2908
01:57:23,220 –> 01:57:25,700
that includes the trigger, the context packet,
2909
01:57:25,700 –> 01:57:28,340
the quorum members present, the verb chosen,
2910
01:57:28,340 –> 01:57:31,300
the scope, the rationale, the exit criteria,
2911
01:57:31,300 –> 01:57:33,060
and the time-stamped actions.
2912
01:57:33,060 –> 01:57:34,820
It attaches to the inventory rowing.
2913
01:57:34,820 –> 01:57:35,780
It is auditable.
2914
01:57:35,780 –> 01:57:36,660
It is teachable.
2915
01:57:36,660 –> 01:57:38,260
It is searchable.
2916
01:57:38,260 –> 01:57:40,660
If you’re a car, this is where you must step in,
2917
01:57:40,660 –> 01:57:42,420
mandate the SLA and protect it from drift.
2918
01:57:42,420 –> 01:57:44,900
The moment you allow just one long adjudication,
2919
01:57:44,900 –> 01:57:46,260
you’ve set a new precedent.
2920
01:57:46,260 –> 01:57:48,580
Name the verbs, define the exit criteria,
2921
01:57:48,580 –> 01:57:51,140
and require that every decision resolves in the control plane
2922
01:57:51,140 –> 01:57:52,340
within the time window.
2923
01:57:52,340 –> 01:57:53,940
Don’t accept emails as enforcement.
2924
01:57:53,940 –> 01:57:57,060
If you run IT, make pause a control plane action,
2925
01:57:57,060 –> 01:58:00,580
bind approval gates to entra groups and device posture,
2926
01:58:00,580 –> 01:58:02,820
pre-built degraded modes, instrument logging,
2927
01:58:02,820 –> 01:58:05,300
so actions resolve to identity, not systems.
2928
01:58:05,300 –> 01:58:07,300
Your job is to eliminate manual heroics.
2929
01:58:07,300 –> 01:58:09,460
You are measured by how safely a steward can pause
2930
01:58:09,460 –> 01:58:11,620
and resume without paging a wizard.
2931
01:58:11,620 –> 01:58:15,140
If you leave data, keep lineage and the context packet fresh.
2932
01:58:15,140 –> 01:58:17,620
That means your proof, the path from input to output
2933
01:58:17,620 –> 01:58:18,660
is available in minutes.
2934
01:58:18,660 –> 01:58:20,820
The last change log is factual, not remembered.
2935
01:58:20,820 –> 01:58:23,540
The disparity metrics are attached where T has demand them.
2936
01:58:23,540 –> 01:58:25,140
When a trigger fires, you bring facts
2937
01:58:25,140 –> 01:58:27,780
that shorten adjudication, not opinions that prolong it.
2938
01:58:27,780 –> 01:58:30,260
If you own the business, you carry the degraded mode
2939
01:58:30,260 –> 01:58:31,220
and the communications.
2940
01:58:31,220 –> 01:58:32,980
You accept residual risk in writing
2941
01:58:32,980 –> 01:58:34,820
and you front the message when you exercise
2942
01:58:34,820 –> 01:58:35,940
the kill switch or the gate.
2943
01:58:35,940 –> 01:58:37,620
You don’t outsource the consequence.
2944
01:58:37,620 –> 01:58:40,660
Your users and customers hear clarity, not defensiveness.
2945
01:58:40,660 –> 01:58:42,820
Common failure patterns are predictable.
2946
01:58:42,820 –> 01:58:46,100
Triggers are vague, nothing fires until someone is angry.
2947
01:58:46,100 –> 01:58:48,180
Quarums are large, no one decides.
2948
01:58:48,180 –> 01:58:50,100
Pause is a ticket, it takes a day.
2949
01:58:50,100 –> 01:58:52,340
Decisions don’t change access, they change slides.
2950
01:58:52,340 –> 01:58:54,980
Fix them now, precise triggers, small quarums,
2951
01:58:54,980 –> 01:58:57,300
verbs bound to controls and documentation that teaches.
2952
01:58:57,300 –> 01:58:59,300
Minimal and deterministic is not cold.
2953
01:58:59,300 –> 01:59:00,820
It is humane under pressure.
2954
01:59:00,820 –> 01:59:02,660
It respects users, staff and customers
2955
01:59:02,660 –> 01:59:04,500
by ending ambiguity quickly.
2956
01:59:04,500 –> 01:59:06,260
It buys you the right to keep building.
