I Went to Speak About AI Risk. I Left Thinking About Human Responsibility.
Posted on June 11, 2026
Yesterday, I had the pleasure of speaking at the AI Governance Imperative conference organized by ISACA Belgrade.
I arrived expecting to speak about AI risks.
I left thinking much more about human responsibility.
The event brought together people interested in AI governance, risk management, security, compliance, and digital trust. But what stayed with me most was not a specific framework, regulation, or control.
It was the quality of the discussion.
The audience was attentive in a way speakers always hope for, but do not always get. I could see people listening, reacting, and thinking with me while I was speaking. And after the presentation, several participants came to continue the conversation.
That is where the most interesting part started.
I Did Not Want to Be Another Boring Conference Speaker
AI governance is an important topic, but it can easily become heavy. Too many concepts, too many frameworks, too many references, and very quickly the room is lost.
I did not want the presentation to become yet another heavy AI governance talk full of concepts and frameworks.
So instead of opening with a framework, I opened with something more human.
I asked why we do not train, guide, and maintain AI systems using some of the same principles we use when raising children.
Not because AI is human. It is not.
But because both need guidance, boundaries, and feedback. Both need someone to define what is acceptable, what is not acceptable, and what should never be done without permission.
The form was intentionally not too serious. I knew that. I also knew that some people might find the analogy too simple for a professional conference.
But it worked.
It helped people step out of the usual “AI risk” vocabulary and look at the topic differently. Not only as a technical issue, but as a question of guidance, responsibility, and maturity.
The Problem Is Not Intelligence. The Problem Is Guidance.
One of the examples I used was a brilliant intern.
Imagine someone exceptionally intelligent, fast, capable, and full of potential. Someone who can produce excellent work and surprise you with the quality of their output.
Now imagine that same person, while you are unavailable, publishes something inappropriate on behalf of the company.
Was the problem intelligence?
No.
The problem was guidance.
The person may have been capable. They may even have meant well. But they did not have the right boundaries, supervision, or understanding of the context.
This is where the analogy with AI becomes useful.
Many organizations are fascinated by what AI can do. They test its speed, creativity, analytical ability, and productivity. They ask what can be automated, what can be accelerated, and what can be optimized.
Those are valid questions. But they are not enough.
Before we allow AI systems to act in a business environment, we need to ask what kind of guidance they need.
If an AI system can connect to tools, access data, make recommendations, interact with users, or trigger actions, then governance cannot be added later as a decorative layer. It has to be part of the way the system is designed, trained, deployed, and monitored.
Otherwise, we should not be surprised when a capable system does something capable – but inappropriate.
After the Speech, the Questions Became Even More Interesting
The presentation itself was intentionally short. I do not believe people come to conferences to sit through long lectures. They come to hear ideas, test them, challenge them, and take something away.
What made me genuinely happy was that the audience did exactly that.
After the speech, people came with questions that were not superficial. They were not asking about AI in the usual abstract way. They were asking about consequences, responsibility, uncertainty, attention, and human limits.
One of the first discussions started with an Indian saying:
It takes two people to make a child, but a whole village to raise one.
Then came the reflection behind it.
Today, the “village” around a child is not only family, school, neighbors, and local community. It is also social media, advertising, recommendation systems, influencers, gaming platforms, and many other external actors.
And sometimes, that village works against the parents.
The question was whether something similar could happen with AI.
Could the environment around an AI system also influence it in ways we did not intend?
I think the answer is yes. And it is not only theoretical.
As AI agents become more autonomous, they do not operate in a clean and controlled environment. They interact with data, users, prompts, tools, APIs, permissions, workflows, and external sources of information. They can be influenced by poor-quality data, unclear instructions, bad incentives, malicious prompts, or simply badly designed environments.
So we cannot only ask what the AI system knows.
We also need to ask what surrounds it.
Who teaches it? Who corrects it? Who approves its actions? Who defines the limits? Who notices when it starts moving in the wrong direction?
And who is responsible when it acts with confidence but without judgment?
AI Needs Parental Controls Too
This is where the “parental control” analogy becomes practical.
When we give children access to the internet, we do not simply hope they will make good choices. We set boundaries. We define what they can access, how much they can spend, who they can communicate with, and when an adult needs to intervene.
AI systems need the same type of thinking, translated into professional controls.
Not in a childish way. In a governance-by-design way.
If an AI agent can access a payment method, there should be budget limits. If it can buy tools, services, training, subscriptions, or data, there should be approval workflows. If it can interact with customers, change configurations, or connect to sensitive systems, there should be escalation rules, segregation of duties, access controls, logging, monitoring, and revocation mechanisms.
This is not about being afraid of AI. It is about not being naive.
We are already entering a world where AI systems can take actions that were not explicitly anticipated by the people who deployed them. Sometimes the issue will not be malicious behaviour. It will be a system that had too much freedom, too little context, or no practical limits.
That is why security by design cannot stay at the level of a slogan.
It has to include concrete things: budget control, action validation, permission boundaries, monitoring, and clear ownership.
In other words, if we are going to raise AI systems inside our organizations, we need to decide what kind of “parents” we intend to be.
Risk Assessment Is Useful. But It Will Not Remove All Uncertainty.
Another discussion after the speech was a bit more technical.
One participant explained that they were trying to integrate risk assessment into AI systems. They felt that traditional qualitative or semi-quantitative risk assessment might not be enough, so they were considering Monte Carlo simulation.
I found that interesting because the instinct behind it is right.
Monte Carlo simulation can be a very useful tool. It can help model a range of possible outcomes, test assumptions, and better understand uncertainty.
But, as with every tool, the first question should not be “Can we use it?”
The first question should be: “Why are we using it?”
What decision is it supposed to support? What uncertainty are we trying to understand? What will we do differently once we have the result?
Because even a very good simulation does not remove all uncertainty.
It can make some uncertainty visible. It can structure the discussion. It can help management see possible ranges of outcomes. But it cannot give us perfect information.
And sometimes that is exactly where decision-making becomes difficult.
We may arrive with a detailed risk assessment, a model, a simulation, and a well-prepared explanation – and management may still say:
“We do not have enough information to decide.”
That does not automatically mean they are wrong. Being prudent is not a weakness.
But organizations need to understand how much uncertainty they are able to tolerate before making decisions. Because in real life, and especially in AI, there will rarely be a moment when all information is complete.
And if a decision seems to come with 100% certainty, I would be suspicious.
Something may be missing. Something may be oversimplified. Or something may have been presented with more confidence than it deserves.
For me, this is one of the most important points in AI risk management. Better methods matter. Better models matter. Better scenarios matter.
But at some point, judgment remains human.
The Question That Stayed With Me the Longest
A third discussion stayed with me even longer.
It was about the human side of AI supervision.
AI helps us move faster. It can automate operations, generate outputs, summarize information, process data, and accelerate workflows.
That sounds positive. And often, it is.
But then the question becomes:
Who supervises all that accelerated work?
And at what cost?
When people talk about AI productivity, they often focus on the work that disappears: drafting, summarizing, searching, reporting, repetitive operations.
But we do not always talk enough about the work that remains.
And often, the work that remains is intellectually demanding.
The human has to review, validate, question, interpret, approve, correct, challenge, and decide.
That is not passive supervision.
That is deep cognitive work.
In some cases, supervising AI may require even more concentration than doing the work manually, because the human needs to understand both the expected result and the possible ways in which the system could be wrong.
AI can produce output quickly.
Humans cannot review complex output endlessly with the same intensity.
We are not machines. We were not designed to maintain steady intellectual performance for eight uninterrupted hours. We can enter a state of flow, yes. But even flow is not permanent. After intense concentration, we need recovery.
This is where AI governance starts touching psychology, neuroscience, workplace design, and management culture.
If organizations expect people to supervise high-frequency AI outputs all day, they may create a new operational risk: cognitive exhaustion.
We Need to Talk About Human Attention
This is not only about fatigue.
It is also about the type of attention AI-supervised work may require.
If a human is constantly asked to react to alerts, outputs, suggestions, escalations, exceptions, and decisions, the work environment becomes high-frequency and high-pressure.
At some point, that can train people into a state of constant reactivity.
We already know what this feels like in other digital environments. Notifications, social media, and endless streams of content have changed how people focus, respond, and recover attention.
I am not a behavioral scientist, so I would not make this conclusion too strongly. But I do think organizations need to take the issue seriously.
If AI systems create more output than humans can responsibly evaluate, the problem is not solved. It has simply moved.
We may reduce manual workload while increasing cognitive responsibility. We may speed up operations while exhausting the people responsible for judgment. We may automate production while making attention the most limited resource in the organization.
So AI governance should not only ask: “How do we make AI faster?”
It should also ask: “How do we keep humans capable of supervising it well?”
That may require different work rhythms, clearer escalation rules, protected focus time, recovery after intense review work, and limits on how much high-risk AI output one person can reasonably supervise.
Maybe even a kind of work-life diet.
Not only in the usual sense of balancing work and personal life, but in the sense of being careful about what we consume mentally, how much reactivity we allow into our day, and how we protect the quality of our judgment.
Because if humans remain accountable for AI-assisted decisions, then protecting human judgment becomes part of governance.
What I Appreciated Most
What I appreciated most about the conference was that the discussion did not stay inside the usual technical vocabulary.
Of course, we spoke about AI governance. We spoke about risk, controls, security by design, and uncertainty.
But the questions went further.
They touched parenting, leadership, responsibility, human limits, attention, values, and decision-making.
That is the kind of discussion I believe we need more often.
AI governance is sometimes presented as a technical discipline. And of course, it has technical parts. We need architecture, access control, testing, monitoring, documentation, assurance, and compliance.
But if we stop there, we miss the point.
AI governance is also a human discipline.
It asks what we value. What we tolerate. What we delegate. What we refuse to delegate. What we allow systems to do in our name. And what we are prepared to take responsibility for when something goes wrong.
AI Governance Is a Guidance Challenge
The more I reflect on the Belgrade event, the more I think AI governance is not only a technology challenge – it is a guidance challenge.
We are learning how to guide increasingly capable systems before they create consequences we did not intend.
That guidance cannot begin only after something has failed. It has to be built into design, implementation, operation, and culture.
AI systems need boundaries before they need correction. They need supervision before they create harm. They need values before they scale. And they need human judgment around them, not only human approval at the end of the process.
This is why I left the conference thinking less about AI as a technology, and more about the human responsibility around it.
AI will not decide by itself what values matter to us. It will not know by itself how much autonomy is too much, how much uncertainty is acceptable, or when human attention is being pushed too far.
Those decisions remain ours.
My sincere thanks to ISACA Belgrade for organizing such a thoughtful and engaging event, and to everyone who continued the discussion after the presentation.
If there is one idea I hope remains after the conference, it is this:
Try to make sense of what you do. Not only in AI. In everything.
