Earned Autonomy: The Paper
Machines attack at machine speed. Humans defend at human speed.
This asymmetry is structural and widening, automated exploit chains fire in milliseconds. Defensive response relies on humans to triage alerts, confirm incidents, approve actions. Days, not seconds. This means the attack completes before the approval chain happens.
The technology to close this gap exists - it's called kernel-level packet filtering. We've got behavioral ML. And we've got automated enforcement. The nation states have it, they're using it offensively. Big tech built it for themselves.
So why isn't it deployed?
Because no one can answer the question that matters: how do I know this system won't cause more harm than it prevents?
We trust the humans over the machines, let's face it.
Vendors offer accuracy claims tested on their own data, under their conditions. This is not the future. Operators are asked to trust models they cannot validate against their own traffic and the result is paralysis. Responsible engineers refuse to grant autonomous authority because they still believe they're in charge. They're not. No framework exists for generating that evidence.
This is what we call 'the authority vacuum'. It's not about a lack of capability, it's a lack of legitimate basis for deploying capability that exists.
I've written a paper proposing a framework: earned autonomy. Authority granted not by vendor assertion or blind trust, but through demonstrated competence on real traffic, under real conditions, with continuous validation.
The core idea: before a system is permitted to act, it must prove - on your network, against your threats - that its judgment can be trusted. And it must keep proving it, or authority is revoked.
Related Posts
Why Autonomous Enforcement Must Earn Authority
The technology to defend networks autonomously exists. The legitimacy to deploy it does not. Introducing earned autonomy: a governance framework where defensive authority is demonstrated before granted, scoped per abuse class, and continuously re-earned or revoked.
Validating Inline Enforcement with XDP: IBSR and the Path to Earned Autonomy
Inline enforcement operates at machine speed, but trust cannot. IBSR is a validation step: using XDP to observe real traffic, simulate enforcement, and generate evidence before any blocking is enabled.
On Earned Autonomy: When Should Machines Defend Networks Without Asking?
Machines attack at machine speed. Humans defend at human speed. We propose a governance framework for closing that gap--not through blind trust, but through demonstrated competence.