Adapting Trust Methods for Future Technologies

One of the most interesting aspects of my last few roles, including my current work at Humain, is operating at the intersection of AI and advanced security/encryption techniques from zero-knowledge proof systems to the extension of Zero Trust principles into the agentic world. In traditional Zero Trust, we authenticate users and devices. In the agentic world, the “user” could be an autonomous agent — a system that reasons, acts, and interacts with data and other agents, often at machine speed. That changes everything. To secure this new ecosystem, Zero Trust must evolve from static identity verification to dynamic trust orchestration, where every action, decision, and data exchange is continuously verified, contextual, and cryptographically enforced. 1. Agent Identity and Attestation Every agent must have a verifiable, cryptographically signed identity and prove its integrity at runtime; not just who you are, but what you’re running: the model, weights, policy context, and data provenance. 2. Intent-Aware Policy Enforcement Access control must become intent-aware, so agents act only within bounded policy domains defined by explicit goals, permissions, and ethical constraints — continuously verified by embedded governance logic. 3. Least Privilege and Time-Bound Access Agents must operate under least privilege, with access granted only for the minimum scope and durationrequired. In fast-moving agentic environments, time-limited trust becomes an essential safeguard. 4. Assumed Breach and Blast Radius Containment We must assume some agents or environments will be compromised. Security design should minimise impact through microsegmentation, strict trust boundaries, and dynamic reassessment of communication between agents. 5. Encrypted Cognition As models process sensitive data, confidential AI becomes essential where combining homomorphic encryption, secure enclaves, and multi-party computation can ensure that the model cannot “see” the data it processes. Zero Trust now extends into the reasoning process itself. 6. Adaptive Trust Graphs Agents, services, and humans form dynamic trust graphs that evolve based on behaviour and context. Continuous telemetry and anomaly detection allow these graphs to adjust privileges in real time based on risk. 7. Cryptographic Provenance Every output, decision, summary, or recommendation must be traceable back to the data, model, and policy that produced it. Provenance becomes the new perimeter. 8. Autonomous Audit and Forensics Every action should be self-auditing, cryptographically signed, and non-repudiable forming the foundation for verifiable operations and compliance. 9. Machine-to-Machine Governance As agents begin to negotiate, transact, and collaborate, Zero Trust must extend into inter-agent diplomacy, embedding ethics, accountability, and policy directly into machine communication. If you’re working on AI security, agent governance, or confidential computation, I’d love to connect.

🤝 How Do We Build Trust Between Humans and Agents? Everyone is talking about AI agents. Autonomous systems that can decide, act, and deliver value at scale. Analysts estimate they could unlock $450B in economic impact by 2028. And yet… Most organizations are still struggling to scale them. Why? Because the challenge isn’t technical. It’s trust. 📉 Trust in AI has plummeted from 43% to just 27%. The paradox: AI’s potential is skyrocketing, while our confidence in it is collapsing. 🔑 So how do we fix it? My research and practice point to clear strategies: Transparency → Agents can’t be black boxes. Users must understand why a decision was made. Human Oversight → Think co-pilot, not unsupervised driver. Strategic oversight keeps AI aligned with values and goals. Gradual Adoption → Earn trust step by step: first verify everything, then verify selectively, and only at maturity allow full autonomy—with checkpoints and audits. Control → Configurable guardrails, real-time intervention, and human handoffs ensure accountability. Monitoring → Dashboards, anomaly detection, and continuous audits keep systems predictable. Culture & Skills → Upskilled teams who see agents as partners, not threats, drive adoption. Done right, this creates what I call Human-Agent Chemistry — the engine of innovation and growth. According to research, the results are measurable: 📈 65% more engagement in high-value tasks 🎨 53% increase in creativity 💡 49% boost in employee satisfaction 👉 The future of agents isn’t about full autonomy. It’s about calibrated trust — a new model where humans provide judgment, empathy, and context, and agents bring speed, precision, and scale. The question is: will leaders treat trust as an afterthought, or as the foundation for the next wave of growth? What do you think — are we moving too fast on autonomy, or too slow on trust? #AI #AIagents #HumanAICollaboration #FutureOfWork #AIethics #ResponsibleAI

At PwC, we've learned that the biggest barrier to scaling enterprise AI isn't model capability: it's trust. Here's how we think about that problem. Every new technology faces the same deadlock: you don't use it because you don't trust it, and you don't trust it because you don't use it. The way out is usually a trust proxy, a visible marker that tells people it's safe to change their behavior. The SSL padlock is the classic example. Ecommerce was technically possible in the 1990s, but adoption stalled because typing a credit card into a browser felt reckless. The padlock didn't create security, the encryption was already there. It made security visible. Enterprise AI faces the same issue. The models work. Real solutions exist. But capability is compounding faster than confidence. You see it in cautious adoption: professionals double-checking outputs the system got right. Not because the models aren't good enough, but because there's no structured way to show they've been rigorously evaluated by people who know what good looks like. These aren't capability problems. They're trust infrastructure problems. That's what we built Evaluation Navigator and the Human Alignment Center to address. 📊 Evaluation Navigator gives AI teams a consistent, repeatable way to evaluate solutions across the development lifecycle, with shared guidance and standardized reporting. By embedding evaluation directly into developer workflows through an SDK, trust markers are built into the solution as it's constructed, not stapled on before deployment. 🧐 The Human Alignment Center adds structured expert review at scale. Automated metrics can assess technical correctness, but in professional services the real question is whether the output reflects experienced professional judgment. The Human Alignment Center translates that judgment into dashboards and audit trails that governance leaders can actually act on. The padlock made invisible security visible. Evaluation infrastructure does the same for AI. Adoption is a trailing indicator of trust, so as evaluation becomes visible and accessible, adoption follows.

Safeguarding information while enabling collaboration requires methods that respect privacy, ensure accuracy, and sustain trust. Privacy-Enhancing Technologies create conditions where data becomes useful without being exposed, aligning innovation with responsibility. When companies exchange sensitive information, the tension between insight and confidentiality becomes evident. Cryptographic PETs apply advanced encryption that allows data to be analyzed securely, while distributed approaches such as federated learning ensure that knowledge can be shared without revealing raw information. The practical benefits are visible in sectors such as banking, healthcare, supply chains, and retail, where secure sharing strengthens operational efficiency and trust. At the same time, adoption requires balancing privacy, accuracy, performance, and costs, which makes strategic choices essential. A thoughtful approach begins with mapping sensitive data, selecting the appropriate PETs, and aligning them with governance and compliance frameworks. This is where technological innovation meets organizational responsibility, creating the foundation for trusted collaboration. #PrivacyEnhancingTechnologies #DataSharing #DigitalTrust #Cybersecurity

𝐌𝐚𝐩𝐩𝐢𝐧𝐠 𝐭𝐡𝐞 𝐅𝐮𝐭𝐮𝐫𝐞 𝐨𝐟 𝐀𝐈 As AI accelerates across industries, we need better ways to imagine its possible futures, not just in terms of technology, but in terms of society, governance, and trust. The chart below is a 2-axis matrix designed to visualize possible futures of AI. The vertical axis represents 𝐑𝐞𝐠𝐮𝐥𝐚𝐭𝐨𝐫𝐲 𝐒𝐭𝐫𝐞𝐧𝐠𝐭𝐡, ranging from strong governance at the top to a free market at the bottom. The horizontal axis represents 𝐏𝐮𝐛𝐥𝐢𝐜 𝐓𝐫𝐮𝐬𝐭, from widespread distrust on the left to deep societal acceptance on the right. Together, these axes create four quadrants, each describing a distinct scenario for how AI might evolve in everyday life. 1️⃣ Regulatory Strength: How far governments and institutions succeed in shaping AI through laws, standards, and oversight. 2️⃣ Public Trust: How much societies accept and rely on AI systems. These two dimensions matter because regulation defines who gets access and how risks are managed, while trust defines whether people actually adopt AI or resist it. Together, they shape the social contract around technology. 𝐊𝐞𝐲 𝐓𝐚𝐤𝐞𝐚𝐰𝐚𝐲 The future of AI won’t be shaped by algorithms alone. It will depend on how societies govern technology and whether people trust it. 𝐒𝐨 𝐰𝐡𝐚𝐭? I believe any future study has to imply actions: Who has to do what? Trust and governance don’t emerge automatically; they require deliberate action: 𝐏𝐨𝐥𝐢𝐜𝐲𝐦𝐚𝐤𝐞𝐫𝐬 𝐚𝐧𝐝 𝐫𝐞𝐠𝐮𝐥𝐚𝐭𝐨𝐫𝐬 must design adaptive, transparent frameworks that protect citizens without suffocating innovation. 𝐁𝐮𝐬𝐢𝐧𝐞𝐬𝐬 𝐥𝐞𝐚𝐝𝐞𝐫𝐬 𝐚𝐧𝐝 𝐭𝐞𝐜𝐡𝐧𝐨𝐥𝐨𝐠𝐢𝐬𝐭𝐬 must embed responsibility into product design, ensuring AI systems are explainable, fair, and aligned with human values. 𝐄𝐝𝐮𝐜𝐚𝐭𝐨𝐫𝐬 𝐚𝐧𝐝 𝐜𝐢𝐯𝐢𝐥 𝐬𝐨𝐜𝐢𝐞𝐭𝐲 must foster digital literacy, so people understand both the benefits and risks of AI. 𝐂𝐢𝐭𝐢𝐳𝐞𝐧𝐬 must stay engaged, voicing concerns and expectations, because public trust is earned through dialogue, not imposed. 👉 Achieving the Responsible AI scenario requires alignment between regulators, innovators, and society at large. Without this coalition, we risk sliding into futures of stagnation or chaos. #ArtificialIntelligence #FutureOfAI #ScenarioPlanning #AIGovernance #ResponsibleAI #DigitalTrust #InnovationStrategy #TechLeadership #FutureStudies #AITransformation Meet ETH Future of Humanity Institute (Oxford University) Stuart Russell Hesham Ghoneim Roland Busch Gerd Leonhard Francesca Rossi

𝗕𝗲𝘆𝗼𝗻𝗱 𝗭𝗲𝗿𝗼 𝗧𝗿𝘂𝘀𝘁: 𝗧𝗵𝗲 𝗙𝘂𝘁𝘂𝗿𝗲-𝗦𝘁𝗮𝘁𝗲 𝗦𝗲𝗰𝘂𝗿𝗶𝘁𝘆 𝗣𝗮𝗿𝗮𝗱𝗶𝗴𝗺 𝗳𝗼𝗿 𝗚𝗹𝗼𝗯𝗮𝗹 𝗘𝗻𝘁𝗲𝗿𝗽𝗿𝗶𝘀𝗲𝘀 Zero Trust has become the dominant security paradigm, yet as I've implemented it across multiple global enterprises, I've observed a fundamental limitation: it's still anchored in a perimeter mindset with more sophisticated boundaries. The future-state security paradigm must evolve beyond this approach. After collaborating with security leaders across industries, I see the emergence of "Adaptive Resilience Architecture." Instead of focusing primarily on preventing unauthorized access, this architecture accepts breach inevitability and designs for rapid reconfiguration. It combines three capabilities absent from traditional Zero Trust models: 𝟭. 𝗖𝗼𝗻𝘁𝗶𝗻𝘂𝗼𝘂𝘀 𝗕𝗲𝗵𝗮𝘃𝗶𝗼𝗿𝗮𝗹 𝗦𝗲𝗰𝘂𝗿𝗶𝘁𝘆 𝗠𝗼𝗱𝗲𝗹𝗶𝗻𝗴 Rather than static permission mapping, future security frameworks are integrating real-time behavioral analysis that can detect subtle pattern shifts even in authorized access. This helps identify compromised credentials and insider threats that pass traditional Zero Trust verification. At one financial services organization, implementing behavioral models identified 14 high-privilege accounts exhibiting anomalous patterns that perfectly matched authentication requirements but were actually compromised. 𝟮. 𝗔𝘂𝘁𝗼𝗻𝗼𝗺𝗼𝘂𝘀 𝗦𝗲𝗰𝘂𝗿𝗶𝘁𝘆 𝗥𝗲𝘀𝗽𝗼𝗻𝘀𝗲 Security architectures are evolving from alerting to autonomous response. The most mature organizations can detect, contain, and remediate threats across their infrastructure without human intervention for common attack patterns. Through autonomous security measures, one healthcare organization reduced its response time from 42 minutes to 3.8 seconds, preventing what would have been a significant data breach. 𝟯. 𝗗𝗶𝗴𝗶𝘁𝗮𝗹 𝗦𝘂𝗽𝗽𝗹𝘆 𝗖𝗵𝗮𝗶𝗻 𝗚𝗼𝘃𝗲𝗿𝗻𝗮𝗻𝗰𝗲 The most sophisticated breaches now target upstream suppliers rather than direct infrastructure. The future security model extends behavioral monitoring, automated response, and continuous validation across digital supply chains. One manufacturer discovered their most significant security vulnerability in a third-party code library used by their IoT sensors—invisible to traditional Zero Trust models. The organizations achieving truly resilient security postures are those building adaptive architectures that don't just verify access but continuously validate behavior, autonomously respond to threats, and extend security governance across their digital ecosystem. The question is how quickly you can implement a truly adaptive security architecture before the threat landscape outpaces traditional approaches. 𝐷𝑖𝑠𝑐𝑙𝑎𝑖𝑚𝑒𝑟: 𝑉𝑖𝑒𝑤𝑠 𝑒𝑥𝑝𝑟𝑒𝑠𝑠𝑒𝑑 𝑎𝑟𝑒 𝑝𝑒𝑟𝑠𝑜𝑛𝑎𝑙 𝑎𝑛𝑑 𝑑𝑜𝑛'𝑡 𝑟𝑒𝑝𝑟𝑒𝑠𝑒𝑛𝑡 𝑚𝑦 𝑒𝑚𝑝𝑙𝑜𝑦𝑒𝑟𝑠. 𝑇ℎ𝑒 𝑚𝑒𝑛𝑡𝑖𝑜𝑛𝑒𝑑 𝑏𝑟𝑎𝑛𝑑𝑠 𝑏𝑒𝑙𝑜𝑛𝑔 𝑡𝑜 𝑡ℎ𝑒𝑖𝑟 𝑟𝑒𝑠𝑝𝑒𝑐𝑡𝑖𝑣𝑒 𝑜𝑤𝑛𝑒𝑟𝑠.

I have a prediction for 2026 – and this prediction isn’t focused on the AI regulatory/policy landscape or AI technological trends (there is plenty of fantastic content on Substack covering these topics). In this video, I am focused on a prediction surrounding AI and trust – specifically, my prediction around trust centers for 2026 and beyond. For years, trust centers were little more than digital filing cabinets for companies - in essence, static pages filled with items such as SOC 2 reports, ISO certifications, and subprocessor lists. They existed because customers asked for them, not necessarily because companies saw them as strategic assets. I believe that era is ending. In 2026, trust centers will become one of the most important governance infrastructures and revenue-generating assets inside modern organizations. The catalyst for this change isn’t compliance...it's AI. AI adoption is accelerating, but trust is not keeping pace. Enterprises want automation and scale, yet they hesitate to deploy AI broadly without verifiable assurances about data handling, model behavior, and governance controls. Traditional documentation can’t meet that demand. Trust centers are now evolving into intelligent, AI‑powered platforms that make transparency continuous, measurable, and real. The modern trust center will increasingly likely be expected as part of simply doing business to both win new clients and maintain them going forward. Overall, I believe this is the year trust takes center stage, forcing companies to become even more transparent about the operationalization of their AI governance programs. In this Legal in the Loop video (clip below), I dive into what we can expect in trust centers moving forward and provide some of the latest “best in class” examples as well. (Check out the comments for the clip to the full video, featuring my favorite trust center examples).

The latest threat intelligence shows that deepfake techniques are evolving faster than current detection strategies. This visual highlights a critical shift in the threat landscape: the greatest risk no longer comes from fully synthetic content, but from subtle, partial manipulations embedded within authentic media. While existing detection models perform reasonably well against fully generated deepfakes, their effectiveness drops sharply when faced with faceswaps, inpainting, or temporal edits, creating a growing “Deception Gap” between attacker capability and defensive readiness. The implications are material: escalating fraud losses, reputational harm, and increasing abuse of private individuals, particularly in high-trust environments such as financial services, insurance, and public communications. The message is clear: trust frameworks, detection models, and governance approaches must evolve, moving beyond static, generator-specific detection towards adaptive, hybrid, and continuously updated defences. This is no longer a research challenge. It is a risk, resilience, and governance issue.

As someone deeply engaged with AI and Zero Trust strategy, this latest paper from the Cloud Security Alliance, Analyzing Log Data with AI Models to Meet Zero Trust Principles, was an excellent read. It shows how AI-driven log analysis strengthens visibility, integrity, and decision-making across complex digital environments. What this document outlines: • Log data is central to the five Zero Trust pillars: users, devices, networks, applications, and data • Traditional manual log analysis cannot keep pace with the volume and complexity of modern systems • AI and machine learning models detect anomalies, reduce false positives, and uncover patterns that humans may overlook • Privacy-preserving and federated learning methods enable secure analysis of distributed or sensitive data • AI-enhanced logging supports early detection of insider threats, misconfigurations, and lateral movement • Standard log formats such as JSON, Syslog, and CEF improve interoperability and visibility across platforms Why this matters: • Logs are the foundation of continuous verification, a core principle of Zero Trust • Security teams face increasing data volume and need automated intelligence to maintain awareness • AI-based analysis improves accuracy, consistency, and scalability in monitoring • Integrating AI with Zero Trust helps organizations evolve from reactive detection to proactive defense Key takeaways: • Use AI and ML to correlate log data across all Zero Trust pillars for unified insight • Apply federated learning to analyze distributed logs securely • Automate detection and response to improve operational speed • Adopt common log formats to enable interoperability and normalization • Combine AI-driven analytics with human context to strengthen interpretation and trust Who should act: • Security architects developing AI-enabled log pipelines • SOC teams expanding from traditional monitoring to adaptive analytics • Governance and risk teams aligning data visibility with compliance needs • Technology leaders defining measurable Zero Trust maturity goals Action items: • Map log and telemetry sources to the five Zero Trust pillars • Integrate AI-based anomaly detection and behavior modeling into pipelines • Validate models for accuracy, bias, and reliability • Build a continuous feedback loop that connects visibility, analytics, and response Bottom line: The CSA paper reinforces that logs are not just technical outputs but a core part of organizational trust. AI transforms them into actionable intelligence, enabling continuous verification and adaptive defense. The future of Zero Trust will depend on how effectively we learn from our data and use it to make confident, evidence-based decisions.