A New Layer of Trust

Three vignettes of modern risk

One It’s renewal time for your organization’s cyber insurance policy. Routine updates, but then a few new questions. “How do you demonstrate that your employees exercise due diligence when acting on AI-generated output?” Uh… maybe not so routine after all.

Two “Approved by Pat Cabello at 2026-02-22 12:22” Yes, everyone can see that Pat clicked the button right before going to lunch, so at least there was a human in the loop. But it’s now obvious to Pat and everyone else up and down the org chart that this was the wrong call. The timestamp proves a human clicked a button. It proves nothing about what happened between the AI output and that click. What did Pat check? What did Pat catch? Now that the damage is done, getting answers means reconstructive memory under duress. Not exactly a reliable audit trail.

Three It’s nobody’s favorite day, the surprise visit from the regulator. She peers over her glasses and asks plainly, “How do you know your compliance team is using AI responsibly?” And for once, you produce an easy answer without blinking. That answer isn’t a training certificate or a policy document, it’s a behavioral measurement. She eyes the result, “Oh! This may be a quick visit after all. On to the next question…”

These three moments are all playing out soon where you work. Which business do you want to be in?

The Story So Far…

For those just joining, in our first article The Great AI Misallocation: Why Your Tool Strategy Is Failing we diagnosed a core problem: organizations buy tools without any thought to trust infrastructure. We introduced concepts like the Permission Wall, Undercurrent Pressure, and Trust Gap. We showed how polish impersonates authority, and what happens as a result: Blind Trust.

In our second installment The Yes Problem: Why Governance Is The Only Way To Scale, we described some weight-bearing trust architecture: The Safe Yes. This leans on concepts of: Governance as UX, Decision Rights, Data Contracts, triage, proposal-to-contract, and Runtime Oversight. But this can still result in Synthetic Trust, outputs that sound confident where governance structure exists. Can anyone audit whether the human-AI loop is actually producing the desired result?

While a Safe Yes gives the organization a defensible approval path, which is a critical requirement for forward motion, defensible is not the same as correct. Even when approval path is clean, the output may be dead wrong. Traditional moment-in-time governance tells you who approved and what evidence they had. That timestamp does not tell you whether the human-AI collaboration that produced the output was any good.

The Safe Yes moves organizations out of blind trust, which is necessary but not sufficient. Most organizations today are stuck between blind trust and synthetic trust. This third article shows what it takes to reach the third vignette above of Verified Trust. As we’ll explore below, it is actually possible for organizations to measure whether human-AI collaboration meets performance, accountability, and integrity standards.

Ending The Input Obsession

The market has responded to the AI adoption challenge with a flood of prompt engineering courses, AI literacy programs, and “how to talk to ChatGPT” workshops. These are input-side interventions. They teach people what to put into the system. The implicit assumption is that better inputs produce better outputs, and that the human will somehow recognize quality when they see it.

And maybe they will. But maybe they won’t.

The uncomfortable truth: Although “always check AI output” appears in every responsible use policy, almost nobody has operationalized what “check” actually means, how to measure whether checking is happening, or what good checking looks like at enterprise scale.

It’s like training an entire kitchen staff on knife skills, ingredient handling, and food safety…but never tasting the food. Cooks can follow every process perfectly and pass all the checks to turn out a beautiful meal that no one wants to eat. Because everything clashes, nothing tastes right together.

And that’s ultimately the measure that matters. Disappointed diners have a tendency to send their orders back. Or worse, quietly never return and loudly tell their friends why.

This kind of problem is obvious from our everyday lives. The challenge is to make it just as obvious in our working lives too.

What Verification Actually Requires

There are two distinct measurement surfaces here, and most organizations are watching neither of them yet.

1. Human behavior measurement
   • Are people actually reviewing AI output before acting on it?
   • Are they iterating, pushing back, adding context?
   • Are they accepting first-draft output and shipping it?
   • How does collaboration quality vary across teams, risk levels, and time?
   • When someone says “I checked it,” can the organization verify what that means?

This is where existing evaluation frameworks fall short. Valuable frameworks like Definition of Done checklists and content quality rubrics (even new ones like ResearchRubrics) all evaluate the artifact. They examine the document, the report, the deliverable. None of them evaluate the collaboration that produced it.

Back to our restaurant analogy, they can tell you whether the food looks good on the plate. They cannot tell you whether anyone in the kitchen ever tasted it.

2. System behavior measurement
   • Is the AI behaving within expected parameters?
   • Are outputs drifting from baseline quality?
   • Are there patterns in failure modes (hallucination rates, confidence-accuracy mismatches, data provenance gaps, etc)?
   • When the model changes (and models change constantly), does the workflow still hold?

Runtime Oversight lives here. Shared visibility into incidents and drift, explicit stop authority, change control that scales with risk.

These two behavior surfaces, humans plus systems, are complementary. Measuring only system behaviors gives you model evaluation. Measuring only people behaviors gives you a performance assessment. We need both together to get to Verified Trust.

The Measurement Gap

Here are some familiar categories in the current market:

• Prompt engineering training with their courses, certifications, and workshops. Great for teaching input quality, and individual skills. Not useful for measuring organizational outcomes.
• AI literacy programs with their awareness, ethics, and responsible use. These are ideal for building cultural readiness, and are meaningful for board-level visibility. However they do not measure behavioral change.
• Model evaluation tools with their benchmarks, red-teaming, and bias audits. When you want to measures system behavior, this is the goto. When you want to measure human behavior, you’ll need to go somewhere else.
• Content quality frameworks such as DoD checklists, ResearchRubrics, and RACCCA. Valid and helpful evaluations for artifacts. Incapable of evaluating the collaboration that produced it.

Each of these measures are good, and combined they’re great. But even combined, they are not yet enough. Why? Because nobody is yet measuring whether the human in human-AI collaboration is actually doing their part. The market is currently optimized for making AI better at producing output. But what of the instrumentation for verifying that people are getting better at working with that output? After all, prompt training without measurement is like safety training without incident reporting.

Prompt training without a performance measurement is like safety training without incident reporting.

For the first year or so of AI in the org, it’s appropriate to focus on adoption metrics. But the real measures aren’t far behind. Every organization running AI in production needs a way to answer the deceptively simple underlying question: are our people working with AI effectively, or are they just using it?

The Visibility Gap

Using AI is not the same as collaborating with it. Using means generating output with a tool, while collaborating means generating output with a partner that the organization can defend. Outputs where a person added their informed judgment, context, and verification are more consistent, more defensible, and better quality than just pressing the “magic AI button” and hoping for the best.

But aside from the quality and consistency, there’s another arguably even more important element that’s easy to skip past. The difference matters because accountability never passes to the AI. It attaches to the person whose name is on the decision. If that person rubber-stamped an AI output without meaningful review first, the organization has a governance structure that looks complete but is structurally hollow. The Safe Yes is in place, but verification it is not.

What’s needed is a measure of collaboration quality. Not a one-time audit, not a training completion certificate, but an ongoing signal that tells the organization whether the people side of people+AI collaboration is actually functional. Are people amplifying their organizational benefit, or their organizational risk?

This is the gap that a fresh class of solutions are just recently starting fill, and the market landscape here is telling. Search for “prompt engineering training” and you’ll find hundreds of offerings. Search for “AI collaboration measurement” and the category is nascent at best. That asymmetry is the input obsession made visible in vendor priorities. Collaboration measurement requires workflow clarity. The governance architecture described in our previous article creates the observable surfaces that make this instrumentation possible.

Measuring Human Behavior in AI Contexts

As of the time of writing, there is but one offering for measuring the human behavioral layer of AI collaboration: the patterns of review, iteration, judgment, and accountability that determine whether that Safe Yes is backed by substance or merely ceremony. One such instance is PAICE.work which gives visibility to this collaboration quality gap. The PAICE acronym stands for “People + AI Collaboration Effectiveness” and is independently helping to introduce the tool-agnostic language and measures needed to have this discussion in earnest. (Full disclosure: Sam Rogers is Founder & CEO of this public benefit corporation as well as Snap Synapse.)

Depending on the build vs. buy appetite in your organization, it may be more appropriate to build something internal. Regardless of what approach you use for measurement of how well employees work with AI to produce outputs in your workplace, some measure is needed. How your organization chooses to balance the frequency and depth of this data, and how it is protected and shared, will be unique to the needs and market position and internal culture of your business.

A Return to Runtime Oversight

While systems like those above measure human behavior, runtime oversight nails the system behavior. Expanding on our previous article, runtime oversight has four key elements:

1. Drift detection: model behavior changes over time, especially after provider updates
2. Incident visibility: shared logs, not buried in engineering backlogs
3. Stop authority: who can halt a workflow when something breaks
4. Change control: proportional to risk level

The leadership shift from our previous articles apply here too. In this scenario, senior leaders move from approving outputs to designing the verification systems. They set the thresholds, define what “good” collaboration looks like, and build the feedback loops that surface problems before they become incidents. Leaders maximize their accountability by owning the definitions of the minimum, maximum, and optimum inputs and outputs of the system itself. The power skill becomes testing and validating that the verification systems can deal with the dynamic requirements of the business, and leading people through those changes.

A New Layer of Trust

These two behavior surfaces, humans plus systems, are complementary. Measuring only system behaviors gives you model evaluation. Measuring only people behaviors gives you training assessment. We need both to get to Verified Trust. Because both are working together in a trusted collaboration to produce a trustworthy business result, together these measures form a solid verification layer.

This layer provides persistent and dynamic leading indicators that allow for much more than simply observation or incident response, it introduces an effective means of risk mitigation for AI. After all, you run a background check before hiring someone, audit the books before the fraud, stress-test your portfolio before the downturn, and pen-test your systems before the breach. It is only well-calibrated human behavior that can prevent errors at the scale and speed of AI. This requires people to clearly maintaining ownership, and to take action before AI generated outputs are passed to downstream workflows.

“How do you know your team is using AI responsibly?” You measure and mitigate the risks before the insurers, compliance officers, and regulators ask the question.

Engineering Trust Architecture

We’ve long had performance measures at the human level, and the system level. We use training and culture to help people adapt to systems. We use benchmarking and UX measures to help systems adapt to people. Now we believe it is finally time to build and verify the performance at the collective intersection of all these. At long last, thanks to the speed and power of AI, it is finally within reach to do so.

The trust pattern we’ve exposed is: Diagnose → Architect → Verify.

Locking this in can be simple, but it’s never easy. Remember that as we’re all collectively learning to pick up the pace of work from human speeds to inhuman speeds, the whole organization is likely to shudder. Like a car racing past its usual speeds, unnoticed weaknesses are exposed at higher velocity. Not every part of the business is made to move this fast, some parts will have to be swapped out for those that can handle the new torque without overheating and burning out.

As we hope to have shown, this is a tech problem, yes. But it’s not just a tech problem. We have to be able to drive safely at this speed too, and such simple things as direction have a different sense of urgency and may require different techniques to implement. This a design problem first, and measurement problem next. But have no fear it is an entirely solvable problem. That is, once we can begin to see trust in a new way, and engineer for it to work well at AI speeds.

In Conclusion

We hope you’ve enjoyed this trilogy of articles, and that you find it useful in reframing how to work within modern business constraints for modern business goals.

Successively increasing waves of AI change are coming, whether you choose to ride them or let them break over you. At some point “The Future of Work” becomes “The Present of Work” for all of us.

When is that moment for your organization? Which wave will you catch first? Where will it take you? No one has all the answers yet. But as we conclude this series, it is our sincere hope that you now have better answers than most. Some will brace against the pull of the tide, or stand still and wait for the force of the next wave to hit them. That looks like a good idea up until the moment the change is big enough to wash such strategies away. Now is the time to read the water, adapting your choices and your trust to the changing conditions in this Age of AI.

For more on Markus Bernhardt and Endeavor Intelligence, visit EndeavorIntel.com. There you can download your free copy of The Endeavor Report™ and other cutting edge AI research.

For more from Sam Rogers and Snap Synapse, sign up for our Signals & Subtractions newsletter to get new insights every Monday on moving from AI promise to AI practice. Also explore PAICE.work to Master the Art of AI Collaboration and get your free PAICE Score™ in 25 minutes or less.