Original Message:
Sent: 06-22-2026 11:27 PM
From: Nick Robbins
Subject: You're in the Passenger Seat: Sovereignty, Technology, and the Illusion of Control
Very thoughtful follow-ups here. I think the observations about non-stationarity is important, but I would draw a distinction between variation in outputs and variation in underlying information.
On your first point, yes, Google, SEO-driven search results, and even human experts can provide different answers depending on geography, personalization, context, and timing. The difference with generative AI is that the variability can occur even when the same user submits the same prompt minutes apart. That doesn't necessarily make AI unreliable, but it does mean organizations need governance frameworks that focus on repeatability, traceability, and decision accountability when AI is incorporated into business-critical workflows.
To me... this is less an AI-specific problem than an extension of a longstanding challenge in information management: how do we distinguish between exploratory tools designed to generate possibilities and operational systems designed to support consistent decisions?
Regarding weights, biases, and model sovereignty, my view is that organizations should think about these as strategic choices rather than purely technical ones.
Closed commercial models offer convenience, scale, and rapid innovation but require trust in external providers and their governance practices.
Open-source models and weights provide greater transparency, auditability, and control, particularly for sensitive industries and sovereign data environments.
Federated architectures or model meshes may ultimately become the preferred middle ground. Rather than relying on a single model, organizations can route tasks across specialized models, retain local control of sensitive data, and reduce concentration risk associated with any one provider.
That said, open weights do not eliminate bias. They simply make the sources of bias more inspectable and, in some cases, more correctable. Every model reflects choices made in training data, architecture, tuning, and governance. The question is not whether bias exists, but again... whether it can be understood, monitored, and managed. And who controls the weights?
Your point about service companies accumulating operational knowledge is particularly relevant here. The strategic issue may not be AI itself but the concentration of data, expertise, and decision-making influence. Whether that resides in a service company, cloud provider, model developer, or platform operator, the underlying business continuity question becomes one of dependency management and resilience.
In that respect, I think your earlier observation about cross-domain cascades is exactly where the conversation should be focused. The most significant risks may emerge not from a model failure, but from the interactions among technology providers, operators, regulators, suppliers, and business processes that become increasingly interconnected over time.
Best,
Nick Robbins, P. Eng.
Research Director, Oil and Gas (Production & Facilities)
Darcy Partners
Original Message:
Sent: 06-22-2026 11:46 AM
From: David Feineman
Subject: You're in the Passenger Seat: Sovereignty, Technology, and the Illusion of Control
Syed
I was holding off on responding to you to give time for others to weigh in on an important topic. But I will get back on the soap box to make a few more comments.
This morning I typed into Google a query "risks to business continuity from ai" twice and got two different answers. The second one was
"AI introduces highly dynamic, silent, and systemic risks to business continuity that traditional Disaster Recovery (DR) frameworks-built for simple server outages-are entirely unprepared to handle. When traditional IT fails, it leaves clear error logs; when AI fails, it often decays silently, hallucinates, or breaks critical automated workflows without warning."
The first answer was completely different and emphasized how Business Impact Analysis needs to be updated for a long list of risks like agentic failures, model drift, user developed AI solutions, dependency of workflows on AI, data integrity issues, and over automating work to remove human judgement in sensitive areas.
My point – besides highlighting how the non-stationarity of AI answers could lead one to very different approaches to recognizing and dealing with its own risks- is that some of the risks are unique to workflows enabled by AI, and some are issues that were with us before when applying business analytics in E&P. And my own experience from information related bow tie analysis is that recognizing and naming a risk is often much easier than implementing barriers and controls to minimize their impact & recover when they are triggered in an event. Disruption caused by an Ai supplier taking the knowledge gained across multiple companies and using it to launch its own competing business ventures could be one such risk.
Is it entirely possible to do cross domain business process modeling that includes the linkage context to outside the enterprise organizations like suppliers, regulators, and customers- yes, but it takes time, tools and expertise to do so. I only mentioned Zachman in terms of there being lots of easily accessible information on a framework that considers multiple dimensions of information moving through an enterprise.
The ability to analyze cross domain linkages of issues and risks to business delivery is theoretically possible- the key question you need to ask is who is concerned enough with the potential risks and impacts to dedicate the resources to analyze the problem and implement changes.
------------------------------
Dave Feineman
------------------------------
Original Message:
Sent: 06-21-2026 01:08 PM
From: Syed Shah
Subject: You're in the Passenger Seat: Sovereignty, Technology, and the Illusion of Control
David, thank you for this. It is genuinely the kind of engagement that makes a discussion worthwhile.
On the caveat emptor point, fair, and worth addressing directly. Aquarian Systematic Resilience (ASR) is a framework I have developed, and I have an obvious interest in it. The real test, however, is whether the underlying argument holds regardless of who is making it.
I agree that Zachman and Bowtie have established track records and answer important questions. My view is that they address different analytical problems. Zachman helps map and classify systems. Bowtie traces causes, controls, and consequences for defined risks. Both are valuable.
Where ASR is attempting to contribute is in understanding what happens when disruptions cross domains that may each be individually well designed. A digital disruption becomes an operational interruption, which becomes a financial issue, which begins affecting institutional decision making. The cascade is not a property of any single node; it emerges from the interactions between them.
Your observation regarding service companies accumulating data and progressively becoming operators is particularly interesting. To me, that illustrates a shift in control, influence, and dependency that extends beyond technology alone. It raises questions about who ultimately controls critical flows of data, authority, and value, the issue ASR attempts to examine through the concept of Flow Sovereignty.
I would be interested in your perspective on whether the frameworks you mentioned have been successfully applied to modelling such cross domain cascades, or whether in practice they tend to remain largely domain specific.
Thank you again for the thoughtful challenge.
------------------------------
Syed Abid Shah
Founder Aquarian Systematic Resilience
connect@syedabidshah.com
+92 331 3330 188
Karachi Pakistan / Dubai, UAE
------------------------------
Original Message:
Sent: 06-21-2026 11:13 AM
From: David Feineman
Subject: You're in the Passenger Seat: Sovereignty, Technology, and the Illusion of Control
This was a rather unique post, so worth trying to get a different perspective on the themes presented.
My sense was it tries to frame a business problem which can only be addressed by a specific product that the author was associated with. Caveat emptor.
Given the big crew change, most folks seeing the post might not be aware that there is some historic track record in applying tools in E&P organizations to understand somewhat related issues. Top of my mind would be :
The Zachman Framework: Enterprise architects have tried to use the Zachman framework to understand an enterprise and its information systems interactions with various customers as an integrated whole.
Bowtie Analysis of Risks: Bowtie analysis allows an organization to assess a risk and look at both the causes and protections already in place against the consequences and mitigations.
Probably multiple ways to combine both types of approaches.
Does AI deployment pose unique and different risks than the wave of self-service analytics that preceded it? Yes- in terms of the pace of updates to the technology and its capabilities itself. But in terms of the quality assurance and controls on the inputs and outputs that should have been there before, perhaps not.
The big risk that we had on analytics that was difficult to mitigate was that service companies acquire data for multiple operators and were using the data collection to improve their own analytics to create new value-added services over the top which they could then sell to the market- and potentially create opportunities for themselves through disintermediation by becoming a form of operator themselves. Seems entirely likely that the same risk is even higher in the AI domain – and even harder to constrain irrespective of your risk mitigation approach.