Enterprises deploy probabilistic AI into legacy systems without board literacy, lifecycle oversight, or clear accountability, exposing the organization to cascading operational and legal risk.
Maria Santacaterina, CEO of SANTACATERINA and Fellow and Fully Certified Auditor at ForHumanity, says transformer systems require structural governance that keeps humans as final decision makers.
She calls for enterprise wide oversight, early warning systems, traceability, STOP conditions at run time, and distributed accountability from boardroom to front line.
Enterprises are integrating non-deterministic, tool-using AI into sprawling legacy systems, chasing efficiency and competitive advantage. Yet most lack the governance frameworks, oversight mechanisms, and board-level literacy needed to manage the resulting complexity. Unlike deterministic software, these AI systems produce probabilistic outputs, rely on human judgment, and spread accountability across teams. Left unchecked, they can trigger cascading failures throughout the organization.
Maria Santacaterina, CEO of the board of advisory firm SANTACATERINA and Fellow and Fully Certified Auditor at the AI ethics organization ForHumanity, helps boards navigate complex challenges. She guides executives on corporate governance, strategy, and applied AI ethics, and is the author of Adaptive Resilience — How to Thrive in a Digital Era. As the designer of the Responsible Innovation Framework™, she equips boards to modernize enterprises to become future-ready in the digital era.
"There is a fundamental misunderstanding about autonomy. An automated decision is not autonomous," Santacaterina says. Transformer-based architectures create moving goalposts. The same prompt can produce different answers, and there is no certainty which output is correct. Human judgment must remain the final arbiter.
Blurred lines: "Legal and risk management frameworks miss the key point about transformer architectures; the law cannot keep pace with risks that compound at machine speed. You cannot penalize a non-living entity, responsibility lies upstream with developers, deployers, and users. Enterprises are left playing catch-up to remedy AI integrations that have failed because there hasn’t been a fundamental rethink at the structural and process level," Santacaterina explains. ROI claims often obscure the reality; gains come from headcount cuts rather than meaningful structural improvements.
The scaling surprise: "Many board members and executives do not understand how the machine works, what it can and cannot do. They underestimate risk and undervalue human involvement. This isn't an IT problem; it impacts the entire organization. Employees are not empowered to question or raise their hand when something goes wrong," says Santacaterina. Boards underestimate risk due to low technical literacy and employees are trained to follow AI playbooks rather than intervene.
Effective AI governance depends on operational visibility and structural safeguards. Without clear processes, gaps in traceability, decision-making, and oversight can allow errors to cascade across systems and teams. Leaders must embed accountability at every level, ensuring that human judgment guides AI outputs and that risks are actively managed.
Hidden gaps: A flawed output in one workflow can propagate across operational systems, compliance processes, or customer-facing platforms. "Without traceability and supply-chain transparency, organizations are exposed to cascading risk. If you cannot see how decisions are generated or how external components are influencing outputs, you cannot effectively manage accountability," she says.
Draw the line: "The best investment a company can make is building an early warning system staffed by professionals who understand both technology and the business. Governance must also span the AI lifecycle, from deployment through decommissioning, and include independent verification. You have to enforce STOP conditions during run-time and make sure humans are ready to intervene when needed," Santacaterina adds. Multidisciplinary teams must continuously monitor outputs, detect anomalies, and escalate issues.
Shadows at the top: "Fiduciary duties shouldn’t begin and end with the board. Every person needs to care about what they are doing and be prepared to answer questions. Not out of fear, but in a spirit of collaboration. Supervision in the modern digital age takes on a whole new level of meaning," Santacaterina says. Authority and responsibility must be distributed appropriately throughout the organization so oversight does not bottleneck at the top.
Enterprises strengthen resilience by establishing clear oversight, distributing decision-making authority, and keeping human judgment central throughout the AI lifecycle, from design to decommissioning. "Ultimately, real machine autonomy in a messy world is neither socially desirable, morally acceptable, nor economically viable," Santacaterina concludes.
