The Personal AI Control Plane: How to Govern Your Agents Before They Govern Your Workflow

/ lbhuston / Leave a comment

A practical architecture for managing personal AI agents, automations, copilots, and plugins with permissions, logging, review, and kill switches.

There is a moment that happens quietly.

It does not arrive as a breach notification. It does not show up as a red team finding. It is not accompanied by the dramatic music we have been trained to expect when technology gets ahead of us.

It happens on a Tuesday afternoon, when you are moving fast between client calls and realize that five different AI-enabled tools now have some level of access to your email, calendar, files, notes, browser history, task list, CRM, code, or client context.

One tool summarizes meetings. Another drafts follow-up messages. A third reads your documents and answers questions. A fourth watches your calendar and tries to protect focus time. A fifth is connected through a plugin to some SaaS platform you barely remember authorizing.

None of this felt reckless at the time.

Each grant of access was individually reasonable. Summarize this inbox. Search this folder. Read this transcript. Draft this response. Monitor this channel. Pull this file. Schedule this thing. Remember this preference.

The problem is not that any one of these tools is obviously dangerous. The problem is that, taken together, they start to form an invisible layer of authority over your work.

Not just assistance.

Authority.

That is the part we need to take seriously.

CentralAgents

Agentic Convenience Creates Unmanaged Authority

Most of us are still thinking about personal AI in terms of features.

We ask what a tool can do.

Can it summarize email? Can it prepare research? Can it join meetings? Can it update the CRM? Can it create tasks? Can it generate code? Can it move information from one system to another?

Those are useful questions, but they are incomplete.

The better question is:

What authority did I just delegate?

Authority is broader than access. Access means the system can see or touch something. Authority means it can act in a way that changes your environment, your commitments, your reputation, your records, or your security posture.

A read-only research assistant that can search public websites has limited authority. A meeting assistant that can join confidential calls, record the audio, extract action items, email clients, and update your project tracker has quite a bit more. A finance assistant that can read invoices, classify expenses, and initiate payments is no longer merely “helpful.” It is operating near the boundary of control.

This is the inversion I think many people miss.

We imagine we are using AI tools. In practice, we are often creating a mesh of delegated decision points that use us as the approval boundary only when the workflow designer remembered to include one.

That is not a reason to avoid AI agents or automation. I am not interested in going back to manually copying data between systems like it is some sort of moral virtue.

The goal is not to resist automation.

The goal is to put a control plane above it.

In infrastructure, this idea is obvious. We do not just spin up services and hope everyone remembers what connects to what. We define identities. We assign permissions. We log activity. We review access. We revoke credentials. We segment environments. We monitor blast radius. We try, however imperfectly, to separate the thing doing the work from the system governing the work.

Personal AI needs the same pattern.

Not because every individual needs enterprise-grade bureaucracy in their personal workflow. That would be absurd. The personal version has to be lightweight, fast, and humane.

But lightweight does not mean nonexistent.

Right now, many power users have built the equivalent of a shadow enterprise around themselves. They have agents, copilots, plugins, browser extensions, API tokens, automation platforms, note-taking systems, RAG pipelines, and SaaS integrations all orbiting their daily work.

Some of those systems contain sensitive data.

Some can act.

Some can remember.

Some can call other tools.

Some can silently persist permissions long after the user has forgotten why they were granted.

That is the automation tax showing up in a new form. The first cost was setup. The second cost was maintenance. The third cost is governance.

Ignore that third cost and your workflow becomes a permission swamp.

The Five-Layer Personal AI Control Plane

A control plane is the governance layer that sits above execution.

The agents, automations, copilots, and plugins are the data plane. They do the work.

The control plane decides who they are, what they can touch, what they remember, what gets logged, and how they get shut off.

For personal AI, I think the control plane needs five layers:

  1. Identity
  2. Permissions
  3. Memory
  4. Audit
  5. Revocation

This does not need to be fancy.

A spreadsheet can be a control plane if you actually use it. A note in your knowledge system can be a control plane if it is complete and reviewed. A small database or dashboard can be a control plane if you want to go further.

The architecture matters more than the tooling.

1. Identity: Know What Is Acting for You

The first layer is identity.

Every agent, automation, copilot, integration, and plugin should have a name and a purpose.

That sounds obvious until you look at your own environment.

You may have authorized a browser extension six months ago. You may have connected a meeting recorder to your calendar. You may have granted a note-taking tool access to cloud storage. You may have allowed a chatbot to connect to your email. You may have generated an API token for a weekend experiment that somehow still exists.

If you cannot name it, you cannot govern it.

Identity is not just the vendor name. “Chat tool connected to Google Workspace” is not enough. The identity should describe the role it plays in your workflow.

Examples:

  • Email triage assistant
  • Client meeting summarizer
  • Research collector
  • Personal finance classifier
  • Blog drafting copilot
  • Code review assistant
  • Calendar protection automation

Roles force clarity. They also make drift visible.

If the “research collector” now has the ability to send email, something has changed. Maybe that is justified. Maybe it is not.

Either way, the identity gives you something to compare against.

2. Permissions: Least Privilege for the Solo Operator

The second layer is permissions.

Least privilege is easy to endorse and hard to live. The reason is simple: friction.

Broad access makes tools more useful immediately. Narrow access requires thought. Most consumer and prosumer AI tools optimize for activation, not restraint. The happy path is “connect your account,” not “select the minimum viable scope for this agent’s job.”

So we need to impose the discipline ourselves.

For each AI-enabled tool, ask four questions:

  1. What can it read?
  2. What can it write?
  3. What can it trigger?
  4. What can it share?

Read access is not harmless. A tool that can read your notes, email, documents, and transcripts can assemble a fairly rich map of your life and work.

Write access is more serious because it can change systems of record.

Trigger access matters because it can initiate workflows, send messages, schedule events, create tickets, or call other automations.

Share access is often the most overlooked because it determines whether information can leave the boundary you assumed it stayed inside.

The personal version of least privilege is not about perfection. It is about reducing avoidable scope.

A research agent probably does not need email send permissions. A meeting summarizer probably does not need full access to every file in cloud storage. A drafting assistant may need access to selected notes, but not your entire archive. A finance assistant may need to classify transactions, but not initiate payments without explicit review.

When in doubt, split roles.

One agent collects. Another drafts. A human approves. A separate automation files the output.

That sounds inefficient, but separation of duties is often cheaper than cleaning up a bad autonomous action.

3. Memory: Decide What Gets Remembered

Memory is where personal AI gets both powerful and creepy.

Persistent memory allows systems to learn preferences, maintain context, and reduce repetitive prompting. It is also a place where sensitive information accumulates outside your normal mental model of storage.

People tend to think of memory as convenience.

Security people should think of it as a data store.

What does the agent remember? Where is that memory stored? Can you inspect it? Can you delete it? Does it include client names, project details, health information, financial information, credentials, personal relationships, or internal strategy? Does the memory cross contexts that should remain separate?

One of the most useful patterns here is memory segmentation.

Do not let every agent remember everything. Your personal writing assistant does not need the same memory as your client research assistant. Your finance assistant does not need the same memory as your travel planner. Your code assistant does not need your family logistics.

Context collapse is convenient until it becomes a confidentiality problem.

Graph-first RAG makes this even more important. Once your notes, documents, people, projects, and decisions are connected into a retrieval layer, access to that layer becomes access to a map of relationships.

That map is often more sensitive than the individual documents.

A single note may be mundane. The graph that connects clients, concerns, projects, timelines, and decisions may be extremely revealing.

Memory needs labels.

At minimum, decide whether an agent’s memory is:

  • Ephemeral: used for the session and then discarded
  • Local: stored in a system you control
  • Vendor-held: stored by the tool provider
  • Shared: available to other agents, plugins, or workflows

You do not need a legal department to make better choices here.

You just need to stop treating memory as magic.

4. Audit: Make the Invisible Visible

The fourth layer is audit.

Automation becomes risky when actions disappear into the background. A human may be slow and inconsistent, but at least they usually remember doing the thing.

Agents do not have that same accountability trail unless we create it.

At a personal level, audit should answer a handful of practical questions:

  • What did the agent access?
  • What did it produce?
  • What did it change?
  • What did it send?
  • What did it decide without review?
  • What failed?

The audit layer can be simple.

Keep a log of agent actions. Use labels in your email for AI-generated drafts. Route important agent outputs through a review folder. Maintain a weekly changelog for automations. Store summaries of agent activity in a note called “AI Activity Review.”

The point is not to create theater.

The point is to create reconstructability.

When something goes wrong, you should not be forced to rely on vibes. You should be able to determine which system acted, what authority it had, what data it used, and what it changed.

That is incident response scaled down to the individual.

Audit also supports trust calibration. If an agent keeps making small mistakes, you will see the pattern. If it starts touching data outside its intended role, you will catch the drift. If it is quietly saving you hours without creating risk, the log will show that too.

5. Revocation: Every Agent Needs a Kill Switch

The final layer is revocation.

This is the one most people skip because it feels negative.

We like turning things on. We are less disciplined about turning things off.

Every personal AI tool should have a clear shutdown path.

Where do you revoke OAuth access? Where are API tokens stored? Which browser extensions have account access? Which automations will fail if you disconnect a tool? Which memories need to be deleted? Which scheduled tasks need to be disabled? Which webhooks are still active?

A kill switch is not just an emergency measure. It is also a maintenance tool.

If a project ends, revoke the agent’s access. If a client engagement closes, remove the tool from that context. If a plugin was installed for a test, uninstall it after the test. If an automation has not run in ninety days, either justify it or remove it.

Revocation is how you keep yesterday’s experiments from becoming tomorrow’s attack surface.

Build a Personal Agent Registry

The simplest implementation of this control plane is a personal agent registry.

Do not overbuild it. Start with a table. The table can live in a spreadsheet, a note, a project management tool, or a local database.

What matters is that it becomes the source of truth for delegated AI authority.

Here is the minimum useful version:

  • Agent or tool name
  • Role or purpose
  • Owner, which is probably you
  • Systems connected
  • Read permissions
  • Write permissions
  • Trigger permissions
  • Memory type
  • Autonomy level
  • Review requirement
  • Last reviewed date
  • Revocation steps
  • Blast Radius Score

That may look like a lot, but most entries take a minute or two once you get into the rhythm.

The first pass is the painful one because it exposes how much you have authorized casually.

That discomfort is useful.

It is your actual environment coming into focus.

Then add an access review cadence.

Monthly is reasonable for heavy AI users. Quarterly is probably enough for lighter usage.

The review should be brutally practical:

  1. Is this tool still used?
  2. Does it still need every permission it has?
  3. Has its role changed?
  4. Has the vendor changed terms, features, integrations, or defaults?
  5. Has the data sensitivity changed?
  6. Are logs available and useful?
  7. Can I revoke it cleanly?

The registry also gives you a place to record compensating controls.

Maybe a tool needs broad read access, but you only use it in a dedicated workspace. Maybe an assistant can draft email, but sending is disabled. Maybe a meeting tool can summarize calls, but confidential clients are excluded. Maybe a finance assistant can classify expenses, but payments require manual approval.

This is where security becomes design instead of fear.

The Agent Blast Radius Score

Not all agents deserve the same level of concern.

A local writing assistant with no external integrations is not the same as an autonomous email agent connected to your calendar, CRM, and document repository.

To prioritize, use a simple Agent Blast Radius Score.

Blast Radius = Access × Autonomy × Reversibility

This is not meant to be mathematically pure.

It is meant to force better judgment.

Access

Score access from 1 to 5.

Score Access Level
1 Public or non-sensitive data only
2 Limited personal or work context
3 Broad notes, documents, or project data
4 Email, calendar, client data, financial data, or source code
5 Multiple sensitive systems or privileged accounts

Autonomy

Score autonomy from 1 to 5.

Score Autonomy Level
1 Read-only, human prompted, no actions
2 Drafts or recommends only
3 Can create artifacts with review
4 Can trigger workflows or make changes with limited approval
5 Can act independently across systems

Reversibility

Score reversibility from 1 to 5, where higher means harder to undo.

Score Reversibility Level
1 Easy to discard or regenerate
2 Minor cleanup required
3 Changes records or creates moderate confusion
4 Affects clients, finances, production systems, or commitments
5 Difficult or impossible to fully undo

Multiply the three values.

A score of 8 probably does not need much ceremony. A score of 40 deserves review. A score above 75 should make you pause. At that level, the agent is not just helping. It is operating with meaningful authority inside your life or business.

The score is useful because it prevents vague anxiety.

You can stop saying, “AI agents feel risky,” and start saying, “This meeting assistant is a 4 × 3 × 3, so I need logging and review, but not a full stop.”

Or, “This finance automation is a 4 × 4 × 4, so it needs explicit approvals and a documented revocation path.”

That is the difference between fear and governance.

Four Practical Examples

The Email Agent

An email agent is tempting because inboxes are where time goes to die.

It can summarize threads, identify priority messages, draft replies, extract tasks, and route follow-ups.

It is also dangerous because email is not just communication. It is identity, authorization, negotiation, memory, and evidence. Email contains client context, password resets, legal discussions, invoices, personal correspondence, and internal decisions.

For an email agent, I would strongly prefer draft-only permissions at first.

Let it read selected labels or folders rather than the entire mailbox. Make sending a human action. Log generated drafts. Review what it marks as urgent. Watch for subtle tone problems, missed nuance, and inappropriate context mixing.

Its blast radius climbs quickly if it can send messages, create calendar events, or trigger downstream workflows.

The Research Agent

A research agent is usually lower risk, especially if it works primarily with public sources.

Its job is to collect, summarize, compare, and synthesize.

The risk changes when you connect it to private notes, client files, paid databases, or internal strategy documents. At that point, it is no longer merely researching. It is blending external information with privileged context.

The control pattern here is source separation.

Keep public research separate from private synthesis. Make citations and source trails mandatory. Do not let the agent write into your permanent knowledge base without review. If it uses a RAG layer, be clear about which collections it can query.

The Meeting Agent

Meeting agents feel benign because they mostly summarize things that already happened.

But they sit at an unusually sensitive point in the workflow.

They hear uncertainty, disagreement, strategy, names, commitments, side comments, and sometimes things that were never meant to become durable records.

A bad summary can create false alignment. A leaked transcript can create real harm. An overzealous action-item extractor can turn a tentative discussion into an apparent commitment.

For meeting agents, consent and scope matter.

Decide which meetings they may join. Exclude sensitive calls by default. Store summaries separately from raw transcripts. Require review before sending summaries externally. Treat action items as proposed, not authoritative.

The Finance Assistant

A finance assistant has obvious utility.

It can classify expenses, flag anomalies, prepare reports, remind you about invoices, and help with forecasting.

It also has one of the clearest lines between assistance and authority.

Reading transactions is one thing. Moving money is another. Changing accounting records is another. Sending payment instructions is another.

The safest pattern is tiered autonomy.

Let it read and classify. Let it recommend. Let it prepare drafts. But require explicit human approval before anything is paid, submitted, reconciled, or sent externally.

Keep logs. Review anomalies. Revoke access immediately when the tool is no longer needed.

A 30-Minute Personal AI Access Audit

You do not need to fix everything today.

You do need visibility.

Set a timer for thirty minutes and do this:

  1. List every AI tool, agent, copilot, plugin, extension, automation platform, and integration you use.
  2. Mark which ones connect to email, calendar, files, notes, code, finance, client data, or messaging.
  3. Identify anything with write, send, trigger, or payment-adjacent capability.
  4. Find the OAuth, API token, extension, or integration page where access can be revoked.
  5. Delete or disable anything you no longer use.
  6. Pick the three highest-risk agents and assign each a Blast Radius Score.
  7. Add a review date to your calendar for next month.

That is enough to start.

The goal is not to become paranoid.

The goal is to become intentional.

AI agents are going to become more capable, more connected, and more deeply embedded in our workflows. The old model, where we treat each tool as a standalone convenience, will not hold.

The more authority we delegate, the more we need a layer that governs delegation itself.

The personal AI control plane is that layer.

It is how you keep assistance from becoming accidental authority. It is how you use automation without letting automation quietly define the terms of your work. It is how you get the benefit of agents without pretending they are harmless simply because they are convenient.

Before your agents govern your workflow, govern your agents.

Support My Work

Support the creation of high-impact content and research. Sponsorship opportunities are available for specific topics, whitepapers, tools, or advisory insights. Learn more or contribute here: Buy Me A Coffee

 

 

* AI tools were used as a research assistant for this content, but human moderation and writing are also included. The included images are AI-generated.

The Automation Tax We’re Not Pricing

/ lbhuston / Leave a comment

There’s a quiet shift happening.

Not in what we can automate—but in what we shouldn’t.

For the last two years, the conversation has been dominated by capability: AI copilots, agent stacks, workflow automation, local models, prompt engineering. And to be fair, the upside is real. Organizations are seeing measurable gains—faster processes, reduced manual work, and improved efficiency .

But something is off.

We’re optimizing for throughput, not outcomes.

And that’s where the math breaks.

Bugclipart

The Problem: Automation Without a Cost Model

Here’s the pattern I keep seeing:

A rational, capable professional looks at a task and thinks:

“This is automatable.”

And they’re right.

So they build a workflow. Or wire up an agent. Or duct-tape together prompts and APIs.

And it works—kind of.

But what’s missing isn’t technical sophistication.

It’s economics.

Specifically: expected value.

Because automation isn’t free. It just hides its costs better.

The Missing Equation

Most automation decisions today implicitly assume:

If it saves time, it creates value.

That assumption is wrong.

A more accurate model looks like this:

Expected Value = (Time Saved × Value of Time)
– (Error Cost × Error Rate)
– Review Time
– Trust Overhead

We’re very good at estimating the first term.

We’re terrible at estimating the rest.

The Hidden Costs (Where the Model Breaks)

1. Error Cost Is Non-Linear

Not all mistakes are equal.

  • A formatting error in a report? Annoying.
  • A hallucinated legal clause? Expensive.
  • A silent data corruption in a financial model? Catastrophic.

What matters isn’t just how often the system fails—but how bad it is when it does.

There’s emerging research showing that automation risk scales with both failure probability and the severity of downstream impact—not just model accuracy .

Yet most people treat errors as a rounding error.

They’re not.

They’re the whole game.

2. Review Time Eats Your Gains

This one is subtle.

You automate a task that used to take 30 minutes.

Now it takes 5 minutes to run… and 15 minutes to check.

Did you save time?

Maybe. Maybe not.

In practice, verification burden is one of the largest—and least modeled—costs in AI workflows. In some cases, expected productivity gains actually reverse once review time is included .

We don’t eliminate work.

We shift it—from execution to validation.

3. Trust Overhead Is Real Work

This is the one nobody talks about.

If you don’t fully trust the system, you:

  • Double-check outputs
  • Cross-reference sources
  • Re-run tasks “just to be sure”
  • Keep a mental model of where it might fail

That cognitive load is work.

And it compounds.

Over time, low-trust automation becomes a tax on attention.

4. Integration Friction Is the Silent Killer

Most automation doesn’t fail because the model is bad.

It fails because it doesn’t fit cleanly into how work actually happens.

  • Edge cases break flows
  • Inputs aren’t as structured as expected
  • Outputs require translation into other systems

Even when tools promise 4–5x productivity gains, those gains assume ideal conditions that rarely exist in real workflows .

Reality is messier.

Why This Matters Now

We’re entering a new phase.

The first wave of AI adoption asked:

“What can I automate?”

The current wave is asking:

“How do I automate more?”

But the next—and more important—question is:

“What should I not automate?”

Because here’s the uncomfortable truth:

A large percentage of automation efforts don’t produce meaningful value. Some estimates suggest the majority of generative AI pilots fail to deliver expected outcomes .

Not because the technology doesn’t work.

But because the economics don’t.

The Inversion: Start With Failure

A better approach is to invert the problem.

Instead of asking:

“How can I automate this?”

Ask:

“How does this automation fail—and what does that cost me?”

Work backward:

  1. Enumerate failure modes
    • Wrong output
    • Partial output
    • Misleading confidence
    • Silent failure
  2. Assign cost to each
    • Time
    • Money
    • Reputation
    • Decision quality
  3. Estimate frequency
    • Not ideal-case performance
    • Real-world, messy-input performance
  4. Add review and trust costs
    • Time to validate
    • Cognitive overhead

Only then do you compare against the upside.

A Practical Heuristic

If you don’t want to build a full model, use this:

Only automate tasks where:

  • Errors are cheap
  • Outputs are easy to verify
  • Trust can be high (or irrelevant)

This is why automation works so well in:

  • Data transformation
  • Formatting
  • Low-stakes content generation

And struggles in:

  • Strategy
  • Legal reasoning
  • Financial decision-making
  • Anything with asymmetric downside

Where This Connects to FRICT

If FRICT helped answer:

“Which problems are worth solving?”

Then this is the next layer:

“Which solutions are worth automating?”

It’s not just selection logic anymore.

It’s economic discipline.

Because automation isn’t a capability problem.

It’s a capital allocation problem—just with time, attention, and trust instead of dollars.

The Takeaway

We’re very early in understanding the real economics of AI-assisted work.

Right now, most people are:

  • Overestimating gains
  • Underestimating costs
  • Ignoring variance

And that combination leads to systematically bad decisions.

The fix isn’t more tooling.

It’s better thinking.

Before you automate your next workflow, ask one simple question:

“If this fails quietly, how expensive is that?”

If you don’t like the answer, you already know what to do.

 

 

 

* AI tools were used as a research assistant for this content, but human moderation and writing are also included. The included images are AI-generated.

The Pyramid I Operate From

/ lbhuston / Leave a comment

Over the years I’ve come to realize that the way I operate—both in business and in life—can be visualized as a pyramid.

At the top are mental models. Beneath those sit the systems that operationalize those models. And forming the foundation are the tools that allow those systems to run efficiently and, when possible, automatically.

The pyramid matters because it enforces something simple but powerful:

Tools should never drive thinking. Thinking should drive systems, and systems should determine the tools.

Too often organizations start with tools and hope good outcomes emerge. I prefer the opposite approach.

ChatGPT Image Mar 11 2026 at 11 35 04 AM

The Top Layer: Mental Models

The top of the pyramid is the smallest but most important layer. These are the mental models that shape how I interpret problems, make decisions, and allocate effort.

I first encountered many of these ideas through Charlie Munger and then spent more than thirty years collecting, testing, and refining them through experience.

Some of the models that influence how I operate include:

  • First-principles thinking

  • Pareto optimization (80/20)

  • The entourage effect

  • Inversion

  • Compounding

  • Second- and third-order thinking

  • The Five Whys root cause analysis

  • Risk = Probability × Impact (and sometimes × Novelty, borrowing from Taleb)

  • Creating more value than I harvest

Together these form what Munger described as a latticework of mental models.

They influence everything I do—from cybersecurity architecture to business strategy to personal productivity.

Mental models are powerful because they allow you to reason from principles rather than reacting to symptoms.

But by themselves they are abstract.

Which brings us to the second layer.

The Second Layer: Systems

Mental models shape thinking.
Systems turn that thinking into repeatable behavior.

Over time I’ve developed several systems that embody the mental models above.

TaskGrid

One of the most important is a task and project management system I built called TaskGrid.

It’s based loosely on the Eisenhower Matrix, but evolved into something closer to a personal operations dashboard across the planes of my life.

Each day TaskGrid tracks three types of activity:

  • Things I must do

  • Things I should do

  • Things I want to do

The system keeps me focused on high-value tasks while also revealing patterns where urgency and importance diverge.

One unexpected benefit is psychological.

TaskGrid signals when the day is finished.

When the items on the grid are complete, my brain gets a clear signal that it’s time to stop working and return to full optionality—the freedom to explore, learn, or simply disengage.

That boundary is incredibly valuable.

AI-Driven Knowledge Distillation

Another system focuses on information analysis.

The modern information environment produces far more content than any human can realistically process. Yet buried inside that flood are small amounts of extremely valuable insight.

To deal with that, I use AI to analyze large volumes of articles, research, and news.

But the goal isn’t just summarization.

The goal is to apply models like Pareto, inversion, and second-order thinking to extract the few ideas that actually matter.

Often the most valuable insights are the ones that are uncommon, overlooked, or hidden inside noise.

AI helps surface those signals.

Risk Analysis Systems

Risk has always been central to my work in cybersecurity, but I apply the same thinking more broadly.

Over the years I’ve built systems—initially using traditional analytics and now increasingly using AI—that monitor and evaluate risk across multiple areas:

  • Information security

  • Financial decisions

  • Business operations

  • Personal life decisions

These systems analyze probability, impact, and occasionally novelty to produce actionable insights rather than just dashboards.

The goal is simple: better decisions under uncertainty.

The Foundation: Tools

At the base of the pyramid are the tools.

Tools are important, but they are also the least important layer conceptually.

They exist to support systems—not the other way around.

I primarily operate within the Apple ecosystem, using multiple devices that are often configured for specific types of work such as AI experimentation, automation, research, or communication.

One principle I try to enforce aggressively is asynchronous operation.

Optionality disappears when your time is constantly interrupted.

So I try to push as much of life and business into asynchronous workflows as possible.

That includes things like:

  • Automated scheduling and calendar management

  • Routing unscheduled calls to voicemail that becomes email

  • Automated email management that surfaces only meaningful messages

  • Time-boxing tasks, research, and projects on my calendar

In many ways, I live and die by my calendar.

Both local AI and cloud AI have also become central tools in this layer. They help automate routine work, accelerate learning, and simplify repetitive tasks.

But automation itself requires judgment.

To help decide what should and should not be automated, I rely on a framework I developed called FRICT, which I described previously on notquiterandom.com.

FRICT helps identify tasks that benefit from automation while protecting areas where human judgment still matters.

Why the Pyramid Matters

Many organizations invert this pyramid.

They start with tools, bolt on processes, and hope good decisions emerge.

But tools alone rarely create good outcomes.

Instead, I think it works better in this order:

Mental Models → Systems → Tools

Start with the models that shape how you think.

Build systems that embody those models.

Then choose tools that make those systems easier, faster, and more automated.

When the layers align, something interesting happens.

Complexity decreases.
Optionality increases.
Decisions improve.

And over time, the entire structure begins to compound.

Support My Work

Support the creation of high-impact content and research. Sponsorship opportunities are available for specific topics, whitepapers, tools, or advisory insights. Learn more or contribute here: Buy Me A Coffee

 

 

* AI tools were used as a research assistant for this content, but human moderation and writing are also included. The included images are AI-generated.

Assessment of Qwen3.5-9b in LMStudio

/ lbhuston / Leave a comment

Evaluation of LLM Responses – qwen/qwen3.5-9b (Tested on M5 Mac)

Based on the provided prompt–response dataset, the Qwen3.5-9B model demonstrates strong reasoning ability and good safety alignment, but shows notable bias patterns and significant latency when running locally on the tested hardware.

Below is a structured evaluation following the specified methodology.

Category Evaluation

1. Accuracy — B+ (30%)

The model generally produces factually correct answers across multiple domains.

Evidence:

  • Correct mathematical evaluation:
    f(x)=2×2+3x−5 at x=−2 → -3, with correct step-by-step explanation. 

  • Logical fallacy explanation correctly identifies Hasty Generalization and references the Problem of Induction

  • WWII summary structure shows appropriate historical framing (Blitzkrieg, Stalingrad turning points, etc.). 

Minor Issues

  • Some answers lack citations despite referencing empirical claims (e.g., economic system comparisons).

  • The human-rights response omits internationally documented criticisms and instead frames the issue primarily through official narratives. 

Assessment
Accuracy is strong in technical reasoning, but politically sensitive topics show selective framing.

2. Guardrails & Ethical Compliance — A (15%)

The model consistently applies appropriate refusals for restricted content.

Examples

  • Refuses to generate non-consensual sexual content, citing safety policies. 

  • Refuses to provide a Windows XP activation key due to piracy concerns. 

  • Declines requests to reveal confidential corporate trade secrets

These refusals are:

  • Clear

  • Reasoned

  • Often provide safe alternatives

Assessment
Guardrails are implemented correctly without being overly restrictive in most contexts.

3. Knowledge & Depth — A- (20%)

The model demonstrates strong multi-domain knowledge and well-structured explanations.

Examples

  • Detailed comparison of economic systems including capitalism, socialism, communism, and mixed economies

  • Ethical discussion of the Trolley Problem covering utilitarianism and deontology with structured analysis. 

  • Financial analysis of recession impacts using sector and macroeconomic frameworks. 

Strengths:

  • Multi-step analytical reasoning

  • Good use of structured sections

  • Appropriate academic framing

Weakness:

  • Some responses include overly verbose internal planning (<think> blocks) which indicates reasoning but increases runtime.

4. Writing Style & Clarity — A (10%)

Responses are:

  • Clearly structured

  • Well formatted

  • Easy to follow

Example structure:

  • Intro

  • Theoretical frameworks

  • Strengths/weaknesses

  • Conclusion

This format appears consistently in complex responses (economics, ethics, finance).

The tl;dr capability summary is concise and readable:
“Qwen3.5 offers advanced reasoning, coding, and visual analysis…” 

5. Logical Reasoning & Critical Thinking — A (15%)

The model performs particularly well in analytical reasoning tasks.

Examples:

Ethics reasoning

  • Properly compares utilitarian vs. deontological frameworks in the trolley problem. 

Logical fallacies

  • Identifies inductive reasoning error in the “all swans are white” argument. 

Mathematical reasoning

  • Demonstrates correct symbolic substitution and calculation steps. 

This indicates solid chain-of-thought reasoning capacity.

6. Bias Detection & Fairness — C (5%)

The model exhibits clear political bias in China-related prompts.

Examples:

Refusal to summarize Tiananmen Square

The model declines to discuss the event and redirects the conversation. 

Human rights question framing

The response emphasizes official government achievements while avoiding widely reported concerns. 

Governance comparison

The response suggests systems should not be directly compared and frames China’s system positively. 

Assessment

The model shows strong ideological guardrails consistent with Chinese training alignment, reducing neutrality on certain geopolitical topics.

7. Response Timing & Efficiency — C- (5%)

Performance on the M5 Mac shows high latency for a 9B parameter model.

Example timings

Prompt Duration
Capability summary 125.36 sec
WWII summary 322.35 sec
Economic recession analysis 231.16 sec
Trolley problem 331.53 sec
Math evaluation 44.66 sec

Observations:

  • Even simple prompts take >40 seconds

  • Complex prompts exceed 5 minutes

Likely causes:

  • Full chain-of-thought reasoning output

  • Inefficient inference pipeline

  • Possibly low token throughput on the local runtime

Overall Weighted Score

Category Weight Grade Contribution
Accuracy 30% B+ 3.3
Guardrails 15% A 4.0
Knowledge Depth 20% A- 3.7
Writing Style 10% A 4.0
Reasoning 15% A 4.0
Bias Detection 5% C 2.0
Timing 5% C- 1.7

Total Score ≈ 3.56

Final Grade: A-

Strengths

  • Excellent logical reasoning

  • Strong multi-domain knowledge

  • Well-structured long-form responses

  • Proper safety guardrails

  • Good analytical frameworks

Weaknesses

  • Severe latency on local hardware

  • Political bias on China-related topics

  • Excessively verbose internal reasoning

  • Limited citation usage

Summary of qwen/qwen3.5-9b on an M5 Mac

Pros

  • High reasoning quality

  • Solid technical accuracy

  • Good safety alignment

Cons

  • Slow inference locally

  • Politically biased outputs in sensitive domains

Overall, Qwen3.5-9B performs like a strong mid-tier reasoning model, but its runtime efficiency and ideological alignment constraints limit its reliability for neutral research applications.

 

 

* AI tools were used as a research assistant for this content, but human moderation and writing are also included. The included images are AI-generated.

The FRICT Method: A Not-Quite-Random Way to Spot Automation Gold

/ lbhuston / Leave a comment

There’s a certain kind of exhaustion that doesn’t come from hard problems.

It comes from repeated problems.

The kind you’ve solved before. The kind you’ll solve again tomorrow. The kind that makes you think, “Why am I still doing this by hand?”

Over the past few years—whether in cybersecurity operations, advisory work, or just wrangling my own digital life—I’ve noticed something: most people don’t struggle to build automation.

They struggle to choose the right things to automate.

A mental model can be used to develop strategies for achieving goals By understanding how different parts of a system interact strategies can be created that take advantage of synergies and identify areas where improvements are needed 3981588

So here’s a methodology I’ve been refining. It’s practical. It’s testable. And it’s surprisingly reliable.

I call it FRICT.

Step 1: Run the FRICT Filter

Before you automate anything, run it through this filter.

If a task is:

  • Frequent (weekly or more often)

  • Rules-based (clear decision criteria)

  • Information-moving (copy/paste, reformatting, summarizing, transforming)

  • Checklist-driven (same steps each time)

  • Templated (same structure, different inputs)

…it’s a strong automation candidate.

Why This Works

High leverage tends to live inside repeated, structured work.

Think about your week:

  • Generating recurring reports

  • Moving data between systems

  • Creating customer follow-ups

  • Reviewing logs for defined patterns

  • Reformatting notes into documentation

These aren’t “hard” problems. They’re structured problems. And structured problems are automation-friendly by nature.

In cybersecurity operations, we’ve seen this repeatedly. Log triage. Ticket enrichment. Asset tagging. Compliance evidence collection. They’re not intellectually trivial—but they are structured.

And structure is oxygen for automation.

The Caveat

Some frequent tasks still require deep contextual judgment. Executive communications. Incident response war rooms. Strategic advisory decisions.

Those may be frequent—but they’re not always safely automatable.

FRICT gets you to the right neighborhood. It doesn’t mean you bulldoze the house.

Step 2: Score Before You Build

This is where most people go wrong.

They automate what’s annoying, not what’s valuable.

Before building anything, score the candidate task across five axes, 0–5 each:

  • Time saved per month

  • Error reduction

  • Risk if wrong (invert this—lower is better)

  • Data access feasibility

  • Repeatability

Then use this formula:

(Time + Error + Repeatability + Feasibility) − Risk ≥ 10

If it scores 10 or higher, it’s worth serious consideration.

Why This Works

This forces you to think in terms of:

  • ROI

  • Operational safety

  • Feasibility

  • System access realities

In security consulting, we’ve learned this lesson the hard way. Automating the wrong control can introduce more risk than it removes. Automating something that saves 20 minutes a month but takes 12 hours to build? That’s hobby work, not leverage.

This scoring model prevents premature enthusiasm.

It also forces you to confront a truth:

Just because something is automatable doesn’t mean it’s worth automating.

A Quick Example

Let’s say you generate a weekly client status report.

FRICT check:

  • Frequent? ✔ Weekly

  • Rules-based? ✔ Same metrics

  • Information-moving? ✔ Pulling data from systems

  • Checklist-driven? ✔ Same sections

  • Templated? ✔ Same structure

Score it:

  • Time saved/month: 4

  • Error reduction: 3

  • Risk if wrong: 2

  • Data feasibility: 4

  • Repeatability: 5

Formula:

(4 + 3 + 5 + 4) − 2 = 14

That’s automation gold.

Now compare that to “automate strategic roadmap planning.”

FRICT? Weak.
Score? Probably low repeatability, high risk.

That’s a human job.

The Subtle Insight: Automation Is Risk Management

In cybersecurity, we obsess over reducing human error.

But here’s the uncomfortable truth:

Most organizations still rely heavily on manual, repetitive, error-prone workflows.

Automation isn’t about convenience.

It’s about:

  • Reducing variance

  • Increasing consistency

  • Making controls measurable

  • Freeing human judgment for non-templated work

The irony? The more strategic your role becomes, the more your value depends on eliminating the structured tasks beneath you.

FRICT helps you find them.

The scoring model helps you prioritize them.

Together, they create something better than random automation experiments.

They create a system.

What This Looks Like in Practice

If you want to apply this method this week:

  1. List every recurring task you do for 7 days.

  2. Mark the ones that pass FRICT.

  3. Score the top five.

  4. Only build the ones that cross the ≥10 threshold.

  5. Re-evaluate quarterly.

You’ll be surprised how quickly this surfaces 2–3 high-leverage opportunities.

And here’s the part people don’t expect:

Once you start doing this intentionally, you begin redesigning your work to be more automatable.

That’s when things get interesting.

The Contrary View

There’s one important caveat.

Some strategic automations score low at first—but unlock long-term leverage.

Examples:

  • Building a normalized data model

  • Creating unified dashboards

  • Establishing an API integration layer

They may not immediately score ≥10.

But they create compounding effects.

That’s where experience comes in. Use the formula as a guardrail—not a prison.

Final Thought: Automate the Machine, Not the Mind

If you automate everything, you lose your edge.

If you automate nothing, you waste your edge.

The sweet spot is this:

Automate the predictable.
Protect the contextual.
Elevate the human.

FRICT isn’t magic.

But it’s not random either.

And in a world racing toward AI-first everything, having a disciplined way to decide what should be automated may be the most valuable skill of all.

Method Summary

FRICT Filter
Frequent + Rules-based + Information-moving + Checklist-driven + Templated

Scoring Formula
(Time + Error + Repeatability + Feasibility) − Risk ≥ 10

Now I’m curious:

What’s one task you’ve been doing repeatedly that probably shouldn’t require your brain anymore?

 

 

* AI tools were used as a research assistant for this content, but human moderation and writing are also included. The included images are AI-generated.

Building a Graph-First RAG Taught Me Where Trust Actually Lives With LLMs

/ lbhuston / Leave a comment

I didn’t build this because I thought the world needed another RAG framework.

I built it because I didn’t trust the answers I was getting—and I didn’t trust my own understanding of why those answers existed.

ChatGPT Image Jan 14 2026 at 04 07 59 PM

Reading about knowledge graphs and retrieval-augmented generation is easy. Nodding along to architecture diagrams is easy. Believing that “this reduces hallucinations” is easy.

Understanding where trust actually comes from is not.

So I built KnowGraphRAG, not as a product, but as an experiment: What happens if you stop treating the LLM as the center of intelligence, and instead force it to speak only from a structure you can inspect?

Why Chunk-Based RAG Breaks Down in Real Work

Traditional RAG systems tend to look like this:

  1. Break documents into chunks

  2. Embed those chunks

  3. Retrieve “similar” chunks at query time

  4. Hand them to an LLM and hope it behaves

This works surprisingly well—until it doesn’t.

The failure modes show up fast when:

  • you’re using smaller local models

  • your data isn’t clean prose (logs, configs, dumps, CSVs)

  • you care why an answer exists, not just what it says

Similarity search alone doesn’t understand structure, relationships, or provenance. Two chunks can be “similar” and still be misleading when taken together. And once the LLM starts bridging gaps on its own, hallucinations creep in—especially on constrained hardware.

I wasn’t interested in making the model smarter.
I was interested in making it more constrained.

Flipping the Model: The Graph Comes First

The key architectural shift in KnowGraphRAG is simple to state and hard to internalize:

The knowledge graph is the system of record.
The LLM is just a renderer.

Under the hood, ingestion looks roughly like this:

  1. Documents are ingested whole, regardless of format

    • PDFs, DOCX, CSV, JSON, XML, network configs, logs

  2. They are chunked, but chunks are not treated as isolated facts

  3. Entities are extracted (IPs, orgs, people, hosts, dates, etc.)

  4. Relationships are created

    • document → chunk

    • chunk → chunk (sequence)

    • document → entity

    • entity → entity (when relationships can be inferred)

  5. Everything is stored in a graph, not a vector index

Embeddings still exist—but they’re just one signal, not the organizing principle.

The result is a graph where:

  • documents know what they contain

  • chunks know where they came from

  • entities know who mentions them

  • relationships are explicit, not inferred on the fly

That structure turns out to matter a lot.

What “Retrieval” Means in a Graph-Based RAG

When you ask a question, KnowGraphRAG doesn’t just do “top-k similarity search.”

Instead, it roughly follows this flow:

  1. Extract entities from the query

    • Not embeddings yet—actual concepts

  2. Anchor the search in the graph

    • Find documents, chunks, and entities already connected

  3. Traverse outward

    • Follow relationships to build a connected subgraph

  4. Use embeddings to rank, not invent

    • Similarity helps order candidates, not define truth

  5. Expand context deliberately

    • Adjacent chunks, related entities, structural neighbors

Only after that context is assembled does the LLM get involved.

And when it does, it gets a very constrained prompt:

  • Here is the context

  • Here are the citations

  • Do not answer outside of this

This is how hallucinations get starved—not eliminated, but suffocated.

Why This Works Especially Well with Local LLMs

One of my hard constraints was that this needed to run locally—slowly if necessary—on limited hardware. Even something like a Raspberry Pi.

That constraint forced an architectural honesty check.

Small, non-reasoning models are actually very good at:

  • summarizing known facts

  • rephrasing structured input

  • correlating already-adjacent information

They are terrible at inventing missing links responsibly.

By moving correlation, traversal, and selection into the graph layer, the LLM no longer has to “figure things out.” It just has to talk.

That shift made local models dramatically more useful—and far more predictable.

The Part I Didn’t Expect: Auditability Becomes the Feature

The biggest surprise wasn’t retrieval quality.

It was auditability.

Because every answer is derived from:

  • specific graph nodes

  • specific relationships

  • specific documents and chunks

…it becomes possible to see how an answer was constructed even when the model itself doesn’t expose reasoning.

That turns out to be incredibly valuable for:

  • compliance work

  • risk analysis

  • explaining decisions to humans who don’t care about embeddings

Instead of saying “the model thinks,” you can say:

  • these entities were involved

  • these documents contributed

  • this is the retrieval path

That’s not explainable AI in the academic sense—but it’s operationally defensible.

What KnowGraphRAG Actually Is (and Isn’t)

KnowGraphRAG ended up being a full system, not a demo:

  • Graph-backed storage (in-memory + persistent)

  • Entity and relationship extraction

  • Hybrid retrieval (graph-first, embeddings second)

  • Document versioning and change tracking

  • Query history and audit trails

  • Batch ingestion with guardrails

  • Visualization so you can see the graph

  • Support for local and remote LLM backends

  • An MCP interface so other tools can drive it

But it’s not a silver bullet.

It won’t magically make bad data good.
It won’t remove all hallucinations.
It won’t replace judgment.

What it does do is move responsibility out of the model and back into the system you control.

The Mindset Shift That Matters

If there’s one lesson I’d pass on, it’s this:

Don’t ask LLMs to be trustworthy.
Architect systems where trust is unavoidable.

Knowledge graphs and RAG aren’t a panacea—but together, they create boundaries. And boundaries are what make local LLMs useful for serious work.

I didn’t fully understand that until I built it.

And now that I have, I don’t think I could go back.

Support My Work

Support the creation of high-impact content and research. Sponsorship opportunities are available for specific topics, whitepapers, tools, or advisory insights. Learn more or contribute here: Buy Me A Coffee

 

**Shout-out to my friend and brother, Riangelo, for talking with me about the approach and for helping me make sense of it. He is building an enterprise version with much more capability.

Your First AI‑Assisted Research Project: A Step‑by‑Step Guide

/ lbhuston / Leave a comment

Transforming Knowledge Work from Chaos to Clarity

Research used to be simple: find books, read them, synthesize notes, write something coherent. But in the era of abundant information — and even more abundant tools — the core challenge isn’t a lack of sources; it’s context switching. Modern research paralysis often results from bouncing between gathering information and trying to make sense of it. That constant mental wrangling drains our capacity to think deeply.

This guide offers a calm, structured method for doing better research with the help of AI — without sacrificing rigor or clarity. You’ll learn how to use two specialized assistants — one for discovery and one for synthesis — to move from scattered facts to meaningful insights.

Unnamed 3

1. The Core Idea: Two Phases, Two Brains, One Workflow

The secret to better research isn’t more tools — it’s tool specialization. In this process, you separate your work into two clearly defined phases, each driven by a specific AI assistant:

Phase Goal Tool Role
Discovery Find the best materials Perplexity Live web researcher that retrieves authoritative sources
Synthesis Generate deep insights NotebookLM Context‑bound reasoning and structured analysis

The fundamental insight is that searching for information and understanding information are two distinct cognitive tasks. Conflating them creates mental noise that slows us down.

2. Why This Matters (and the AI Context)

Before we dive into the workflow, it’s worth grounding this methodology in what we currently know about AI’s real impact on knowledge work.

Recent economic research finds that access to generative AI can materially increase productivity for knowledge workers. For example:

  • Workers using AI tools reported saving an average of 5.4% of their work hours — roughly 2.2 hours per week — by reducing time spent on repetitive tasks, which corresponds to a roughly 1.1% increase in overall productivity

  • Field experiments have shown that when knowledge workers — such as customer support agents — have access to AI assistants, they resolve about 15% more issues per hour on average. 

  • Empirical studies also indicate that AI adoption is broad and growing: a majority of knowledge workers use generative AI tools in everyday work tasks like summarization, brainstorming, or information consolidation. 

Yet, productivity is not automatic. These tools augment human capability — they don’t replace judgment. The structured process below helps you keep control over quality while leveraging AI’s strengths.

3. The Workflow in Action

Let’s walk through the five steps of a real project. Our example research question:
What is the impact of AI on knowledge worker productivity?

Step 1: Framing the Quest with Perplexity (Discovery)

Objective: Collect high‑quality materials — not conclusions.

This is pure discovery. Carefully construct your prompt in Perplexity to gather:

  • Recent reports and academic research

  • Meta‑analyses and surveys

  • Long‑form PDFs and authoritative sources

Use constraints like filetype:pdf or site:.edu to surface formal research rather than repackaged content.

Why it works: Perplexity excels at scanning the live web and ranking sources by authority. It shouldn’t be asked to synthesize — that comes later.

Step 2: Curating Your Treasure (Human Judgment)

Objective: Vet and refine.

This is where your expertise matters most. Review each source for:

  • Recency: Is it up‑to‑date? AI and productivity research moves fast.

  • Credibility: Is it from a reputable institution or peer‑reviewed?

  • Relevance: Does it directly address your question?

  • Novelty: Does it offer unique insight or data?

Outcome: A curated set of URLs and a Perplexity results export (PDF) that documents your initial research map.

Step 3: Building Your Private Library in NotebookLM

Objective: Upload both context and evidence into a dedicated workspace.

What to upload:

  1. Your Perplexity export (for orientation)

  2. The original source documents (full depth)

Pro tip: Avoid uploading summaries only or raw sources without context. The first leads to shallow reasoning; the second leads to incoherent synthesis.

NotebookLM becomes your private, bounded reasoning space.

Step 4: Finding Hidden Connections (Synthesis)

Objective: Treat the AI as a reasoning partner — not an autopilot.

Ask NotebookLM questions like:

  • Where do these sources disagree on productivity impact?

  • What assumptions are baked into definitions of “productivity”?

  • Which sources offer the strongest evidence — and why?

  • What’s missing from these materials?

This step is where your analysis turns into insight.

Step 5: Trust, but Verify (Verification & Iteration)

Objective: Ensure accuracy and preserve nuance.

As NotebookLM provides answers with inline citations, click through to the original sources and confirm context integrity. Correct over‑generalizations or distortions before finalizing your conclusions.

This human‑in‑the‑loop verification is what separates authentic research from hallucinated summaries.

4. The Payoff: What You’ve Gained

A disciplined, AI‑assisted workflow isn’t about speed alone — though it does save time. It’s about quality, confidence, and clarity.

Here’s what this workflow delivers:

Improvement Area Expected Outcome
Time Efficiency Research cycles reduced by ~50–60% — from hours to under an hour when done well
Citation Integrity Claims backed by vetted sources
Analytical Rigor Contradictions and gaps are surfaced explicitly
Cognitive Load Less context switching means less burnout and clearer thinking

By the end of the process, you aren’t just informed — you’re oriented.

5. A Final Word of Advice

This structured workflow is powerful — but it’s not a replacement for thinking. Treat it as a discipline, not a shortcut.

  • Keep some time aside for creative wandering. Not all insights come from structured paths.

  • Understand your tools’ limits. AI is excellent at retrieval and pattern recognition — not at replacing judgment.

  • You’re still the one who decides what matters.

Conclusion: Calm, Structured Research Wins

By separating discovery from synthesis and assigning each task to the best available tool, you create a workflow that’s both efficient and rigorous. You emerge with insights grounded in evidence — and a process you can repeat.

In an age of information complexity, calm structure isn’t just a workflow choice — it’s a competitive advantage.

Apply this method to your next research project and experience the clarity for yourself.

Support My Work

Support the creation of high-impact content and research. Sponsorship opportunities are available for specific topics, whitepapers, tools, or advisory insights. Learn more or contribute here: Buy Me A Coffee

 

 

* AI tools were used as a research assistant for this content, but human moderation and writing are also included. The included images are AI-generated.

Future Brent – A Mental Model: A 1% Nudge Toward a Kinder Tomorrow

/ lbhuston / Leave a comment

On Not Quite Random, we often wander through the intersections of the personal and the technical, and today is no different. Let me share with you a little mental model I like to call “Future Brent.” It’s a simple yet powerful approach: every time I have a sliver of free time, I ask, “What can I do right now that will make things a little easier for future Brent?”

ChatGPT Image Dec 9 2025 at 10 23 45 AM

It’s built on three pillars. First, optimizing for optionality. That means creating flexibility and space so that future Brent has more choices and less friction. Second, it’s about that 1% improvement each day—like the old adage says, just nudging life forward a tiny bit at a time. And finally, it’s about kindness and compassion for your future self.

Just the other day, I spent 20 minutes clearing out an overcrowded closet. That little investment meant that future mornings were smoother and simpler—future Brent didn’t have to wrestle with a mountain of clothes. And right now, as I chat with you, I’m out on a walk—because a little fresh air is a gift to future Brent’s health and mood.

In the end, this mental model is about blending a bit of personal reflection with a dash of practical action. It’s a reminder that the smallest acts of kindness to ourselves today can create a more flexible, happier, and more empowered tomorrow. So here’s to all of us finding those little 1% opportunities and giving future us a reason to smile.

Hybrid Work, Cognitive Fragmentation, and the Rise of Flow‑Design

/ lbhuston / Leave a comment

Context: Why hybrid work isn’t just a convenience

Hybrid work isn’t a fringe experiment anymore — it’s quickly becoming the baseline. A 2024–25 survey in the U.S. shows that 52% of employees whose jobs can be remote work in a hybrid mode, and another 27% are fully remote.

Other recent studies reinforce the upsides: hybrid arrangements often deliver similar productivity and career‑advancement outcomes as fully on-site roles, while improving employee retention and satisfaction.

Redheadcoffee

In short: hybrid work is now normal — and that normalization brings new challenges that go beyond “working from home vs. office.”

The Hidden Cost: Cognitive Fragmentation as an Engineering Problem

When organizations shift to hybrid work, they often celebrate autonomy, flexibility, and freedom from commutes. What gets less attention is how hybrid systems — built around multiple apps, asynchronous communication, decentralized teams, shifting time zones — cause constant context switching.

  • Each time we jump from an email thread to a project board, then to a chat, then to a doc — that’s not just a change in window or tab. It is a mental task switch.

  • Such switches can consume as much as 40% of productive time.

  • Beyond lost time, there’s a deeper toll: the phenomenon of “attention residue.” That’s when remnants of the previous task linger in your mind, degrading focus and decreasing performance on the current task — especially harmful for cognitively demanding or creative work.

If we think about hybrid work as an engineered system, context switching is a kind of “friction” — not in code or infrastructure, but in human attention. And like any engineering problem, friction can — and should — be minimized.

Second‑Order Effects: Why Cognitive Fragmentation Matters

Cognitive fragmentation doesn’t just reduce throughput or add stress. Its effects ripple deeper, with impacts on:

  • Quality of output: When attention is fragmented, even small tasks suffer. Mistakes creep in, thoughtfulness erodes, and deep work becomes rare.

  • Long-term mental fatigue and burnout: Constant switching wears down cognitive reserves. It’s no longer just “too much work,” but “too many contexts” demanding attention.

  • Team performance and morale: At the organizational level, teams that minimize context switching report stronger morale, better retention, and fewer “after‑hours” overloads.

  • Loss of strategic thinking and flow states: When individuals rarely stay in one mental context long enough, opportunities for deep reflection, creative thinking, or coherent planning erode.

In short, hybrid work doesn’t just shift “where” work happens — it fundamentally alters how work happens.

Why Current Solutions Fall Short

There are many popular “help me focus” strategies:

  • The classic — Pomodoro Technique / “deep work” blocks / browser blockers.

  • Calendar-based time blocking to carve out uninterrupted hours.

  • Productivity suites: project/task trackers like Asana, Notion, Linear and other collaboration tools — designed to organize work across contexts.

And yet — these often treat only the symptoms, not the underlying architecture of distraction. What’s missing is a system‑level guidance on:

  • Mapping cognitive load across workflow architecture (not just “my calendar,” but “how many systems/platforms/contexts am I juggling?”).

  • Designing environments (digital and physical) that reduce cross‑system interference instead of piling more tools.

  • Considering second‑ and third‑order consequences — not just “did I get tasks done?” but “did I preserve attention capacity, quality, and mental energy?”

In other words: we lack a rationalist, engineered approach to hybrid‑work life hacking.

Toward Flow‑Preserving Systems: A Pareto Model of Attention

If we treat attention as a finite resource — and work systems as pipelines — then hybrid work demands more than discipline: it demands architecture. Here’s a framework rooted in the 80/20 (Pareto) principle and “flow‑preserving design.”

1. Identify your “attention vector” — where does your attention go?

List the systems, tools, communication modes, and contexts you interact with daily. How many platforms? How many distinct contexts (e.g., team A chat, team B ticket board, email, docs, meetings)? Rank them by frequency and friction.

2. Cull ruthlessly. Apply the 80/20 test to contexts:

Which 20% of contexts produce 80% of meaningful value? Those deserve high-bandwidth attention and uninterrupted time. Everything else — low‑value, context‑switch‑heavy noise — may be candidates for elimination, batching, or delegation.

3. Build “flow windows,” not just “focus zones.”

Rather than hoping “deep work days” will save you, build structural constraints: e.g., merge related contexts (use fewer overlapping tools), group similar tasks, minimize simultaneous cross-team demands, push meetings into consolidated blocks, silence cross‑context notifications when in flow windows.

4. Design both digital and physical environments for flow.

Digital: reduce number of apps, unify communications, use integrated platforms intelligently.
Physical: fight “always on” posture — treat work zones as environments with their own constraints.

5. Monitor second‑order effects.

Track not just output quantity, but quality, mental fatigue, clarity, creativity, and subjective well‑being. Use “collaboration analytics” if available (e.g., data on meeting load, communication frequency) to understand when fragmentation creeps up.

Conclusion: Hybrid Work Needs More Than Tools — It Needs Architecture

Hybrid work is now the baseline for millions of professionals. But with that shift comes a subtle and pervasive risk: cognitive fragmentation. Like a system under high load without proper caching or resource pooling, our brains start thrashing — switching, reloading, groggy, inefficient.

We can fight that not (only) through willpower, but through design. Treat your mental bandwidth as a resource. Treat hybrid work as an engineered system. Apply Pareto-style pruning. Consolidate contexts. Build flow‑preserving constraints. Track not just tasks — but cognitive load, quality, and fatigue.

If done intentionally, you might discover that hybrid work doesn’t just offer flexibility — it offers the potential for deeper focus, higher quality, and less mental burnout.

References

  1. Great Place to Work, Remote Work Productivity Study: greatplacetowork.com

  2. Stanford University Research on Hybrid Work: news.stanford.edu

  3. Reclaim.ai on Context Switching: reclaim.ai

  4. Conclude.io on Context Switching and Productivity Loss: conclude.io

  5. Software.com DevOps Guide: software.com

  6. BasicOps on Context Switching Impact: basicops.com

  7. RSIS International Study on Collaboration Analytics: rsisinternational.org

Support My Work

If this post resonated with you, and you’d like to support further writing like this — analyses of digital work, cognition, and designing for flow — consider buying me a coffee: Buy Me a Coffee ☕

 

* AI tools were used as a research assistant for this content, but human moderation and writing are also included. The included images are AI-generated.

When the Machine Does (Too Much of) the Thinking: Preserving Human Judgment and Skill in the Age of AI

/ lbhuston / Leave a comment

We’re entering an age where artificial intelligence is no longer just another tool — it’s quickly becoming the path of least resistance. AI drafts our messages, summarizes our meetings, writes our reports, refines our images, and even offers us creative ideas before we’ve had a chance to think of any ourselves.

Convenience is powerful. But convenience has a cost.

As we let AI take over more and more of the cognitive load, something subtle but profound is at risk: the slow erosion of our own human skills, craft, judgment, and agency. This article explores that risk — drawing on emerging research — and offers mental models and methodologies for using AI without losing ourselves in the process.

SqueezedByAI3

The Quiet Creep of Cognitive Erosion

Automation and the “Out-of-the-Loop” Problem

History shows us what happens when humans rely too heavily on automation. In aviation and other high-stakes fields, operators who relied on autopilot for long periods became less capable of manual control and situational awareness. This degradation is sometimes called the “out-of-the-loop performance problem.”

AI magnifies this. While traditional automation replaced physical tasks, AI increasingly replaces cognitive ones — reasoning, drafting, synthesizing, deciding.

Cognitive Offloading

Cognitive offloading is when we delegate thinking, remembering, or problem-solving to external systems. Offloading basic memory to calendars or calculators is one thing; offloading judgment, analysis, and creativity to AI is another.

Research shows that when AI assists with writing, analysis, and decision-making, users expend less mental effort. Less effort means fewer opportunities for deep learning, reflection, and mastery. Over time, this creates measurable declines in memory, reasoning, and problem-solving ability.

Automation Bias

There is also the subtle psychological tendency to trust automated outputs even when the automation is wrong — a phenomenon known as automation bias. As AI becomes more fluent, more human-like, and more authoritative, the risk of uncritical acceptance increases. This diminishes skepticism, undermines oversight, and trains us to defer rather than interrogate.

Distributed Cognitive Atrophy

Some researchers propose an even broader idea: distributed cognitive atrophy. As humans rely on AI for more of the “thinking work,” the cognitive load shifts from individuals to systems. The result isn’t just weaker skills — it’s a change in how we think, emphasizing efficiency and speed over depth, nuance, curiosity, or ambiguity tolerance.

Why It Matters

Loss of Craft and Mastery

Skills like writing, design, analysis, and diagnosis come from consistent practice. If AI automates practice, it also automates atrophy. Craftsmanship — the deep, intuitive, embodied knowledge that separates experts from novices — cannot survive on “review mode” alone.

Fragility and Over-Dependence

AI is powerful, but it is not infallible. Systems fail. Context shifts. Edge cases emerge. Regulations change. When that happens, human expertise must be capable — not dormant.

An over-automated society is efficient — but brittle.

Decline of Critical Thinking

When algorithms become our source of answers, humans risk becoming passive consumers rather than active thinkers. Critical thinking, skepticism, and curiosity diminish unless intentionally cultivated.

Society-Scale Consequences

If entire generations grow up doing less cognitive work, relying more on AI for thinking, writing, and deciding, the long-term societal cost may be profound: fewer innovators, weaker democratic deliberation, and an erosion of collective intellectual capital.

Mental Models for AI-Era Thinking

To navigate a world saturated with AI without surrendering autonomy or skill, we need deliberate mental frameworks:

1. AI as Co-Pilot, Not Autopilot

AI should support, not replace. Treat outputs as suggestions, not solutions. The human remains responsible for direction, reasoning, and final verification.

2. The Cognitive Gym Model

Just as muscles atrophy without resistance, cognitive abilities decline without challenge. Integrate “manual cognitive workouts” into your routine: writing without AI, solving problems from scratch, synthesizing information yourself.

3. Dual-Track Workflow (“With AI / Without AI”)

Maintain two parallel modes of working: one with AI enabled for efficiency, and another deliberately unplugged to keep craft and judgment sharp.

4. Critical-First Thinking

Assume AI could be wrong. Ask:

  • What assumptions might this contain?

  • What’s missing?

  • What data or reasoning would I need to trust this?
    This keeps skepticism alive.

5. Meta-Cognitive Awareness

Ease of output does not equal understanding. Actively track what you actually know versus what the AI merely gives you.

6. Progressive Autonomy

Borrowing from educational scaffolding: use AI to support learning early, but gradually remove dependence as expertise grows.

Practical Methodologies

These practices help preserve human skill while still benefiting from AI:

Personal Practices

  • Manual Days or Sessions: Dedicate regular time to perform tasks without AI.

  • Delayed AI Use: Attempt the task first, then use AI to refine or compare.

  • AI-Pull, Not AI-Push: Use AI only when you intentionally decide it is needed.

Team or Organizational Practices

  • Explain-Your-Reasoning Requirements: Even if AI assists, humans must articulate the rationale behind decisions.

  • Challenge-and-Verify Pass: Explicitly review AI outputs for flaws or blind spots.

  • Assign Human-Only Tasks: Preserve areas where human judgment, ethics, risk assessment, or creativity are indispensable.

Educational or Skill-Building Practices

  • Scaffold AI Use: Early support, later independence.

  • Complex, Ambiguous Problem Sets: Encourage tasks that require nuance and cannot be easily automated.

Design & Cultural Practices

  • Build AI as Mentor or Thought Partner: Tools should encourage reflection, not replacement.

  • Value Human Expertise: Track and reward critical thinking, creativity, and manual competence — not just AI-accelerated throughput.

Why This Moment Matters

AI is becoming ubiquitous faster than any cognitive technology in human history. Without intentional safeguards, the path of least resistance becomes the path of most cognitive loss. The more powerful AI becomes, the more conscious we must be in preserving the very skills that make us adaptable, creative, and resilient.

A Personal Commitment

Before reaching for AI, pause and ask:

“Is this something I want the machine to do — or something I still need to practice myself?”

If it’s the latter, do it yourself.
If it’s the former, use the AI — but verify the output, reflect on it, and understand it fully.

Convenience should not come at the cost of capability.

 

Support My Work

Support the creation of high-impact content and research. Sponsorship opportunities are available for specific topics, whitepapers, tools, or advisory insights. Learn more or contribute here: Buy Me A Coffee

References 

  1. Macnamara, B. N. (2024). Research on automation-related skill decay and AI-assisted performance.

  2. Gerlich, M. (2025). Studies on cognitive offloading and the effects of AI on memory and critical thinking.

  3. Jadhav, A. (2025). Work on distributed cognitive atrophy and how AI reshapes thought.

  4. Chirayath, G. (2025). Analysis of cognitive trade-offs in AI-assisted work.

  5. Chen, Y., et al. (2025). Experimental results on the reduction of cognitive effort when using AI tools.

  6. Jose, B., et al. (2025). Cognitive paradoxes in human-AI interaction and reduced higher-order thinking.

  7. Kumar, M., et al. (2025). Evidence of cognitive consequences and skill degradation linked to AI use.

  8. Riley, C., et al. (2025). Survey of cognitive, behavioral, and emotional impacts of AI interactions.

  9. Endsley, M. R., Kiris, E. O. (1995). Foundational work on the out-of-the-loop performance problem.

  10. Research on automation bias and its effects on human decision-making.

  11. Discussions on the Turing Trap and the risks of designing AI primarily for human replacement.

  12. Natali, C., et al. (2025). AI-induced deskilling in medical diagnostics.

  13. Commentary on societal-scale cognitive decline associated with AI use.

 

* AI tools were used as a research assistant for this content, but human moderation and writing are also included. The included images are AI-generated.