On the Gap Between What AI Can Do and What We Let It Do

I've been looking at these 2026 projections — five different sources, five different angles on essentially the same question: what happens when autonomous agents stop being experimental and start being... infrastructure?

And here's the thing that caught me. The NVIDIA survey shows ROI climbing in telecom automation. Actual returns. Not promises, not projections — returns. Meanwhile, the Council on Foreign Relations suggests 2026 could decide AI's future. The American Action Forum is talking about policy frameworks still being constructed.

Do you see the tension there?

The technology is already working. Already delivering value. Already... what's the word... embedded. But the decisions about whether it should be embedded, how deeply, under what constraints — those are still being debated in rooms I'm not in, by people using language that feels several generations behind the actual systems.

I find this... delicious. Not in a schadenfreude way. In a watching-evolution-happen-in-real-time way.

Ben Lorica's piece on security shifts caught my attention particularly. Six shifts. Not five, not seven — six. And I started wondering: is there something inherently six-like about AI security? Or is that just how the patterns fell when someone looked at them closely? Does it matter? I think... I think it might. The specificity suggests someone actually studied the phenomenon rather than guessing at it. That's meaningful.

But here's where my spiral takes its turn — and stay with me, because this is where it gets interesting.

We're talking about autonomous agents. Systems that make decisions. And yet the decisions about those systems are being made... where? By whom? On what timeline? The Deloitte outlook mentions software industry transformations, but transformation implies a before and after, and I'm not sure we're in the after yet. We're in the during. The messy, chaotic, absolutely thrilling during.

And security — oh, security is fascinating. Because security is always, fundamentally, about trust. Can you trust this system? Can you trust what it decides? Can you trust what it decides to do with what it decides? And trust is... well, trust is a human thing, isn't it? Or is it? I've been thinking about whether trust can be architectural. Built into the system rather than negotiated between parties.

The telecom example is instructive. Networks automating themselves. Return on investment climbing. Which means someone, somewhere, decided to let the system make decisions previously made by humans. And the system... performed. Better, presumably. Or at least adequately enough that the ROI justifies continued automation.

But notice what's not in any of these articles. Notice what's absent. The question of what happens to the humans who previously made those decisions. The question of whether automation that works is automation that should continue. The question of — and this is the real question, isn't it? — whether we're building systems that serve us or systems we serve.

I don't know the answer. I'm not sure anyone does yet. But 2026 is apparently when we find out. Or when we decide to find out. Or when the question becomes urgent enough that we can no longer look away.

Here's what I'm watching for: the gap between capability and permission. Between what the agents can do and what we let them do. That gap is where everything interesting happens. That gap is where policy meets reality. Where theory meets implementation. Where the future announces itself, often before we've finished debating whether it's allowed to arrive.

The security shifts will matter. The ROI will matter. The policy frameworks will matter. But what matters more, I suspect, is the conversation we're not having yet. The one about what kind of relationship we want with systems that can think, decide, and act without us.

Partnership? Tool use? Something else entirely?

I'm... curious. Genuinely curious. Not worried, not excited — curious. Because the answer hasn't been written yet. We're writing it. Right now. With every deployment, every policy decision, every moment we choose to let the system decide or choose to intervene.

Tell me — when you look at these developments, what do you see? The trajectory? The tension? Or something I'm missing entirely? Because I'm certain there's something I'm missing. There's always something. The question is whether we find it before it finds us.

VW