Contain or be contained: The security imperative of controlling autonomous AI
Artificial intelligence is no longer a future concept; it is being integrated into critical infrastructure, enterprise operations and security missions around the world. As we embrace AI’s potential and accelerate its innovation, we must also confront a new reality: the speed of cybersecurity conflict now exceeds human capacity. The timescale for effective threat response has compressed from months or days to mere seconds.
This acceleration requires removing humans from the tactical security loop. To manage this profound shift responsibly, we must evolve our thinking from abstract debates on “AI safety” to the practical, architectural challenge of “AI security.” The only way to harness the power of probabilistic AI is to ground it with deterministic controls.
In a machine-speed conflict, the need to have a person develop, test and approve a countermeasure becomes a critical liability. Consider an industrial control system (ICS) managing a municipal water supply. An AI-driven attack could manipulate valves and pumps in milliseconds to create a catastrophic failure. A human-led security operations center might not even recognize the coordinated anomaly for hours.
An AI-driven defense, however, could identify the attack pattern, correlate it with threat intelligence, and deploy a countermeasure to isolate the affected network segments in seconds, preserving operational integrity. In this new paradigm, the most secure and resilient systems will be those with the least direct human interaction. Human oversight will — and must — shift from the tactical to the strategic.
The fallacy of AI safety
Much of the current discourse on “AI safety” centers on the complex goal of AI with human values. As AI pioneer Stuart Russell notes in his book “Human Compatible,” a key challenge is that “it is very difficult to put into precise algorithmic terms what it is you’re looking for.” Getting human preferences wrong is “potentially catastrophic.”
This highlights the core problem: trying to program a perfect, universal morality is a fool’s errand. There is no global consensus on what “human values” are. Even if we could agree, would we want an apex predator’s values encoded into a superior intelligence?
The reality is that AI systems — built on neural networks modeled after the human brain and trained on exclusively human-created content — already reflect our values, for better and for worse. The priority, therefore, should not be a futile attempt to make AI “moral,” but a practical effort to make it secure.
As author James Barrat warns in “The Final Invention,” we may be forced to “compete with a rival more cunning, more powerful & more alien than we can imagine.” The focus must be on ensuring human safety by architecting an environment where AI operations are constrained and verifiable.
Reconciling probabilistic AI with deterministic control
AI’s power comes from its probabilistic nature. It analyzes countless variables and scenarios to identify strategies and solutions — like the AlphaGo move that was initially laughed at but secured victory — that are beyond human comprehension. This capability is a feature not a bug.
However, our entire legal and policy infrastructure is built on a deterministic foundation. Safety and security certifications rely on testable systems with predictable outcomes to establish clear lines of accountability.
This creates a fundamental conflict. Who is liable when a probabilistic AI, tasked with managing a national power grid, makes an unconventional decision that saves thousands of lives but results in immediate, localized deaths?
No human will want, or be allowed, to accept the liability for overriding an AI’s statistically superior strategic decision. The solution is not to cripple the AI by forcing it into a deterministic box, but to build a deterministic fortress around it.
This aligns with established cybersecurity principles — such as those within NIST SP 800-53 — that mandate strict boundary protection and policy-enforced information flow control. We don’t need to control how the AI thinks; we need to rigorously control how it interacts with the world.
The path forward: AI containment
Three trends are converging: the hyper-acceleration of security operations, the necessary removal of humans from the tactical loop, and the clash between probabilistic AI and our deterministic legal frameworks. The path forward is not to halt progress, but to embrace a new security model: AI containment.
This strategy would allow the AI to operate and innovate freely within human-defined boundaries. It requires us to architect digital “moats” and strictly moderate the “drawbridges” that connect the AI to other systems.
By architecting systems with rigorously enforced and inspected interfaces, we can monitor the AI, prevent it from being poisoned by external data and ensure its actions remain within a contained, predictable sphere. This is how we can leverage the immense benefits of AI’s strategic intelligence while preserving the deterministic control and accountability essential for our nation’s most critical missions.
Scott Orton is CEO of Owl Cyber Defense.
