Crystal aOS

Who is liable when an AI agent causes loss? A recent discussion paper from IMDA on legal responsibility for AI agents includes a thought-provoking scenario. Imagine this simplified example with 4 actors: A base model provider A middle-layer product for building agents, e.g. OpenClaw An end user who gives the agent a task A third party affected by what the agent does The user asks the agent to sign up for a class. The agent cannot access the user’s data because a cloud service is down. Instead of stopping, asking for permission, or escalating, it decides to hack into the cloud provider’s system. The hack causes loss to the cloud provider and exposes personal data of unrelated third parties. So where should liability sit? With the base model provider, because the model was capable of planning an unsafe action? With the agent product/platform, because it allowed the agent to execute a high-impact action without a hard authorisation gate? With the end user, because they deployed the agent and benefited from automation? Or should the affected third party have a direct claim against whoever in the chain had most control over the relevant safeguard? My preliminary view is this. Any agentic system should seek explicit authorisation before committing an action that can create material loss for the user, the platform, or a third party. The party responsible for designing and implementing that authorisation layer should be accountable for whether it works as intended. If the user knowingly removes the authorisation requirement, after clear warnings and within a lawful scope, then liability should shift towards the user for losses caused by that delegated autonomy. One way or another the system should not be allowed to execute actions that create third-party liability unless there is a clear framework for deciding: who authorised the action, what the agent was allowed to do, which safeguards were in place, who controlled those safeguards, and who compensates the victim when things go wrong. “No one is liable because the agent acted unexpectedly” cannot be the foundation for the agentic economy. I am curious how others see this. Marcin Detyniecki, Kwok Yan Lam, Agus Sudjianto, Gary Ang, PhD, Wan Sie LEE, Tess Buckley, Bourn Collier Jane Finlayson-Brown Link to the paper: https://lnkd.in/e2JvVr7k

Everyone's writing about how AI is shrinking product teams and killing product jobs. In my case, I'm fighting Cost Control to hire more. The dominant narrative is clear by now: Brian Chesky (Airbnb) says pure people managers have no future. Tomer Cohen killed LinkedIn's APM program and replaced it with Full Stack Builders. Tobias Lütke told Shopify to prove AI can't do the job before asking for more headcount. All real. All worth taking seriously. Proving AI can't do it before asking for headcount is already part of Revolut's process ✅. But here's what AI actually did to my teams in Crypto at Revolut: it didn't reduce my need for people. It exposed how badly under-resourced my ambition was. We're running 5 new big bets in parallel right now. If I had one more strong PO tomorrow, I'd start a 6th and a 7th. The constraint was never "do we have enough work to keep teams busy" — it was always "do we have enough strong POs to point at the next opportunity." What AI actually changed: 📈 PRD prep / review / iteration — 5x faster 🔍 Regulatory research — every PO can now dig into the depth of each regime and navigate the product accordingly ⚡ Coding — talented engineers shipping 10x faster, no comments needed 🤖 Automations — nearly in every workflow → less routine nonsense 🎯 Concrete output — our MCP server for Revolut X as a side project. Without AI-driven release capacity and simple building tools, it wouldn't have shipped. 🤔 What we haven't cracked yet — governance. And this is non-negotiable in a regulated business like Revolut. Anyone selling you "AI replaces compliance review" is selling you a future lawsuit. So, my take from the seat: → AI fluency is now the baseline. Agree with Tobias Lütke here — stagnation is slow-motion failure. 70% of skills in tech jobs will change by 2030, no argument there. → But the narrative that AI = smaller teams is mostly a story from consumer SaaS and dev tools. From where I sit, AI is doing something different: it's enabling top talent to operate at 3-5x capacity, which means I can finally chase the bets that were previously beyond reach. → We still have 18 months of strong items in the backlog. I'm all in on AI to compress that to 3 months — so we can move on to brainstorming what comes next and drive the next revolution in the space. 💡 The real question isn't "how many people will AI replace?" It's: how big is your ambition, and do you have the builders to match it?

The biggest unsolved problem in legal AI isn't the model. It's the tension between probabilistic and deterministic. And nobody's talking about it honestly. Lawyers want AI. Great. AI is probabilistic by nature. It reasons, it infers, it handles ambiguity. That's the point. But then they want control. So they add playbooks. Rules. Escalation logic. Deterministic guardrails. And here's where it breaks. Add too little determinism – the AI makes calls that feel random. "It doesn't know our standards." "It doesn't understand how we work." Fair. A generic LLM has no idea your firm never accepts unlimited liability. Add too much determinism - and you've lobotomized the model. You've replaced judgment with a decision tree. "It flags everything." "It misses context." "We can't write a rule for every situation." Also fair. And when the LLM hits a gap in your rules? It doesn't stop. It improvises. It makes its own call. Which is exactly what you were trying to prevent. So lawyers are unhappy at both ends. Here's the real insight nobody's saying out loud: building a playbook for an AI isn't a writing task. It's an engineering discipline. A badly written rule doesn't get ignored — it gets misinterpreted. The LLM will execute your rule and reach a conclusion you never intended. It doesn't think the way you think. It reads what you wrote. And that's before you get into the rule hierarchy. Rule conflicts. Rules that depend on other rules. Rules that should fire in one jurisdiction but not another. Exceptions to exceptions. The moat in agentic legal AI isn't better models. It's knowing how to blend determinism into probabilistic reasoning without breaking either. That skill, encoding institutional legal judgment into something an AI can actually execute correctly, is the most important thing legal teams should be training right now. Most aren't even aware it exists.

Law firms are sleepwalking into AI hostage situations. *Here’s the thought experiment they should be running first.* Imagine you spend the next two years doing everything right. You onboard a leading legal AI platform. Your best lawyers curate your institutional knowledge inside it. You build agents that reflect your firm’s actual risk tolerance, drafting standards, and judgment calls. Your workflows encode three decades of hard-won precedent into automated sequences that run overnight while your associates sleep. It works beautifully. Your clients notice. Your partners are delighted. Now imagine your vendor doubles the price. What do you do? This is the question most firms aren’t asking before they sign. They’re asking “does the AI work?” and “what’s the implementation timeline?” They’re not asking what it would cost to leave. The answer, if you’ve done the above properly, is: more than you think. Possibly more than you can afford. The conventional lock-in analysis focuses on data portability. Can we export our documents? Yes, probably. That’s not the problem. The problem is the knowledge curation decisions your best lawyers made inside that platform. Which precedents are authoritative. How matters are classified, risk-scored, and routed. That structure doesn’t export. It’s embedded in the platform’s data model, not yours. The problem is your agents. Not the technology – the calibration. Once your agentic workflows reflect your firm’s actual judgment, they become load-bearing. Rebuilding them elsewhere isn’t a migration. It’s reconstruction from memory. Both Harvey and Legora (as examples but this is true of Claude and Microsoft too, but without the full cost implications) have made the same strategic move: they’ve stopped being AI assistants and started positioning as operating systems for legal work. The embedded Legal Engineers who configure your knowledge libraries inside their platforms are the tell. When a vendor’s people are encoding your institutional knowledge into their system, the dependency you’re building isn’t contractual. It’s epistemological. The question isn’t whether to use these platforms. It’s whether you’re building on them or building into them. Firms that retain leverage will treat these platforms as execution environments for their knowledge, not as its home. Document your workflow logic externally. Own the knowledge architecture. Negotiate export rights before you sign. Legal AI is genuinely transformative. The economics of dependence, however, are as old as enterprise software. Read the contract. Then read it again. #LegalAI #LegalTech #LawFirms

There are multiple realities of AI right now. And what you have access to drastically changes your workflows, trust in AI, and ability to adapt to the future. Here’s the briefest state of the AI world for business professionals (not engineers) ⬇️ Free AI - you use free ChatGPT or Claude. You think AI is decent for simple tasks but nothing to restructure your day around. You’re worried it hallucinates too much to trust with real work. On a daily basis you treat it like an intern who needs to be checked on everything. Paid AI - you pay for one (maybe more?) AI subscriptions. You’ve had at least a few moments where AI genuinely surprised you with what it could do. You use it daily for writing, research, and analysis and you’ve stopped asking “can AI do this” and youve started asking “how do I get AI to do this BETTER.” Super AI - you have multiple paid subscriptions, you either use Cowork or Claude Code for daily tasks, Claude Code or Codex to build tools for yourself. You treat AI like a teammate with a role, not a tool you open sometimes. You’ve automated things your coworkers are still doing manually. You have genuine opinions about which model is best for which task. AI isn’t just a productivity boost for you anymore. It’s infrastructure. You’re completely reinventing the way your work gets done. Basic enterprise AI - your IT team approved one AI platform (probably Microsoft Copilot, ChatGPT Enterprise, or Gemini for Workspace) in the last few years, and rolled it out with clear-ish guardrails. You have access but you also have restrictions on what data you can put in. You use it for safe, surface-level tasks and your high-stakes work still happens the old way because nobody’s built the bridge between your AI tool and your real enterprise systems (ex: email and docs). Super enterprise AI - your company has access to agentic harnesses (Codex, Claude Code) across different functions, each chosen for what it does best or just giving your employees more flexibility. Your teams have AI embedded in their actual workflows, not bolted on. Engineers have been using Claude Code/Codex/Cursor for months or years. Operations use agents for real processes. Leadership tracks AI adoption the way they track revenue (ie not just usage). The gap between your company and competitors who handed out a single Copilot license is getting wider every month. I would go so far as to say that companies not giving their employees the best AI today are shooting themselves in the foot because their employees are losing more AI trust, putting them in a worse position for eventual (hopeful) company-wide transformation.