Earned Autonomy: The Paper

Machines attack at machine speed. Humans defend at human speed.

This asymmetry is structural and widening, automated exploit chains fire in milliseconds. Defensive response relies on humans to triage alerts, confirm incidents, approve actions. Days, not seconds. This means the attack completes before the approval chain happens.

The technology to close this gap exists - it's called kernel-level packet filtering. We've got behavioral ML. And we've got automated enforcement. The nation states have it, they're using it offensively. Big tech built it for themselves.

So why isn't it deployed?

Because no one can answer the question that matters: how do I know this system won't cause more harm than it prevents?

We trust the humans over the machines, let's face it.

Vendors offer accuracy claims tested on their own data, under their conditions. This is not the future. Operators are asked to trust models they cannot validate against their own traffic and the result is paralysis. Responsible engineers refuse to grant autonomous authority because they still believe they're in charge. They're not. No framework exists for generating that evidence.

This is what we call 'the authority vacuum'. It's not about a lack of capability, it's a lack of legitimate basis for deploying capability that exists.

I've written a paper proposing a framework: earned autonomy. Authority granted not by vendor assertion or blind trust, but through demonstrated competence on real traffic, under real conditions, with continuous validation.

The core idea: before a system is permitted to act, it must prove - on your network, against your threats - that its judgment can be trusted. And it must keep proving it, or authority is revoked.

Read the full paper →