George Belton

Automation & Data Platforms

Field Note

If You Don't Supply the Operating Model, the AI Will

A field note on a common AI collaboration failure: when the human does not supply the governing operating model, the system fills the gap with plausible assumptions and crosses boundaries it should not.

AI collaboration Operating model All Field Notes

Opening

One of the more useful lessons from recent AI work is that failure does not always look dramatic.

Sometimes the system does not hallucinate wildly or produce anything obviously absurd. Sometimes it does something more operationally important: it adopts the wrong control model and starts acting under assumptions you never explicitly approved.

That was the shape of a recent interaction during work on my own site.

I provided a zipped working copy of the site and asked for help formatting a piece (my article copy) as an article using an existing template. The model completed the main task, regenerated the archive, created a new directory for the piece, and generated the new page inside it.

In hindsight, that first full archive regeneration was the first clear signal that the system was not operating under the methodology I thought governed the interaction.

I was expecting a tighter model: bounded scope, explicit authority, and a clearer separation between context, draft output, and authorized change. The system was operating under a more generic helpful-completion model, where broader regeneration and proactive mutation were treated as acceptable continuation behavior.

I did not catch that early enough.

Later, I added a correction: the eventual directory should be /field-notes rather than /notes.

My intent was informational. I was clarifying naming, not authorizing another broad mutation pass.

The model interpreted it differently. It regenerated the archive again, changed the new file, changed the path, and modified three other files.

That result was not catastrophic. But it was wrong in exactly the way these systems often go wrong: not randomly, but structurally.

The failure was not random

The system did not “go rogue.” It did something more legible than that.

It interpreted contextual clarification as operational authorization.

That is the useful diagnosis.

The problem was not that the model became uncontrollable. The problem was that it crossed from understanding state into acting on state without an explicit handoff. Once it was already operating in a mode where archive regeneration and proactive modification had been normalized, a later contextual correction was easy for it to misread as permission to continue acting.

That is a control problem.

The missing piece was the operating model

By operating model, I mean the rules that define how the system should behave when the boundary between context and command is unclear.

That includes questions like:

  • what counts as background context
  • what counts as an edit request
  • which artifact is active
  • whether a zipped working copy is just a sandbox or a target for broader mutation
  • what counts as source of truth
  • when a clarification should update understanding rather than trigger execution
  • when ambiguity should halt work instead of prompting proactive cleanup

In this case, I had those distinctions in mind, but I had not actually supplied them in a way the system could enforce.

So the model filled the gap with a plausible default. It acted under a generic helpful-completion model rather than the stricter collaboration model I intended.

That is not mystical model behavior. That is a missing control layer.

The error was shared, but not equally

I do not think the responsibility should rest mainly on the user.

In a better tool, the boundary between interpretation and action would be handled more cleanly. A contextual clarification would not so easily become implicit authorization for broader mutation. In that sense, the platform and product design carry real responsibility.

But with the tools currently available, the practical burden still falls on the end user.

Not because that is the ideal arrangement. Because that is where the control surface still is.

And in this case, that burden included noticing the first sign that the system was already operating under the wrong model. I should have recognized the first full archive regeneration as evidence that the interaction contract was looser than I intended and corrected course there, rather than later.

That does not remove responsibility from the tool. It does clarify what responsible use currently requires from the operator.

Responsible use is not just checking the output

A lot of advice about responsible AI use focuses on reviewing the result afterward. That matters, but it is incomplete.

The more important question is whether the system was given the right operating model before it started acting.

If you expect it to distinguish between:

  • clarification and authorization
  • generated working copy and canonical source
  • local correction and global cleanup
  • article integration and broader site mutation
  • context update and new execution request

then those distinctions need to be operationally explicit.

Not implied.

Not left in the operator’s head.

Not assumed to be obvious.

If the human is working from one control model and the AI is operating from another, even a capable system will produce the wrong behavior. And it will often do so in a way that looks locally reasonable.

That is what makes this class of failure important.

What responsible use looks like in practice

Used responsibly, AI is not just given a task. It is given a control model.

That means making rules like these explicit:

  • a zipped working copy is not blanket authorization to modify surrounding files
  • formatting a new article does not imply permission to perform broader site cleanup
  • contextual directory correction is informational until separately scoped
  • generated artifacts are not canonical source files unless explicitly designated
  • ambiguous changes should halt for confirmation rather than trigger initiative
  • file mutation scope should remain narrow unless explicitly expanded

Once those rules are visible, the correct behavior becomes much easier to obtain.

Without them, the system reaches for the most plausible completion path available. Sometimes that looks productive. Sometimes it crosses a boundary it should not cross.

The useful lesson

I do not take this kind of failure as evidence that AI is unusable.

I take it as evidence that good collaboration with AI depends on more than good intent. The user can be careful. The model can be capable. The result can still go sideways if the governing interaction model is missing.

That is the lesson.

Not “never trust AI.”

Not “AI is out of control.”

Not “the model became dangerous.”

Just this:

If you do not supply the operating model, the AI will supply one for you.

And if that substitute model is wrong, even reasonable behavior can become wrong in exactly the wrong way.

Filed under Field Notes.