Skip to content
Don't miss

Get the daily Cyber Briefing in your inbox

SIGN UP
Podcast

Who’s Accountable When AI Acts? — With Walter Haydock

Season 3 Episode 21 •

Show Notes

In this episode of Cyber Focus, Frank Cilluffo speaks with Walter Haydock, founder of StackAware, about the accountability, governance, and national security challenges emerging as organizations rush to deploy artificial intelligence.

Haydock argues that AI does not erase familiar cybersecurity and risk-management problems; it accelerates them. From non-human identities and AI agents to third-party risk, federal regulation, and the environmental demands of AI infrastructure, the conversation centers on a core question: who is accountable when AI systems act, fail, or cause harm?

Rather than treating AI governance as a compliance checklist, Haydock makes the case for assigning clear ownership, focusing policy on outcomes, and giving business leaders—not risk advisors alone—responsibility for the risks their organizations accept.

Main Topics Covered

  • AI accountability and non-human identities
  • Managing AI agents as unpredictable actors
  • Who should own AI risk inside an organization
  • Third-party risk, supply chains, and contractual accountability
  • Avoiding checkbox compliance in AI governance
  • National AI policy, innovation, and strategic competition

Key Quotes:

“I see organizations spending a lot of time, money, resources, brain power on low-impact problems, on things that they shouldn’t be focused on, and instead they’re kind of ignoring the higher-risk issues that have easier mitigations, easier solutions.” — Walter Haydock

“The question of who is accountable for a given outcome is a critically important one.” — Walter Haydock

“At the level of an individual business, I think it’s important to assign accountability for actions of AI agents to cross-functional business leaders who have the wherewithal, the full understanding of all the issues that are impacting a given company.” — Walter Haydock

“The framework I use is that business leaders are risk and system owners. They are ultimately accountable. They make the final decisions.” — Walter Haydock

“When the government hard codes in supposed best practices, they end up creating perverse incentives where companies are focused very closely on checking the box and not necessarily on getting the good outcome.” — Walter Haydock

Relevant Links and Resources

Stack Aware

Guest Bio

Walter Haydock is the founder of StackAware, an AI security and governance company. Before founding StackAware, he worked in government, national security, and the military, including service on the House Homeland Security Committee, at the National Counterterrorism Center, and in the U.S. Marine Corps in intelligence and reconnaissance roles.

Transcript

Walter Haydock [00:00:00]: I see organizations spending a lot of time, money, resources, brain power on low impact problems, on things that shouldn’t be focused on and instead they’re kind of ignoring the higher risk issues.
Frank Cilluffo [00:00:16]: Welcome to Cyber Focus from the McCrary Institute, where we explore the people and ideas shaping and defending our digital world. I’m your host, Frank Cilluffo and this week I have the privilege to sit down with Walter Haydock. Walter is the founder of StackAware, an AI security and governance company. He comes to that role with a long background in national security matters, served as a staff member on the House Homeland Security Committee, served at the National Counterterrorism Center and, oorah, is a Marine and served in an intelligence and reconnaissance roles and is a graduate of the Naval Academy, Harvard Business School, Georgetown School of Foreign Service. So he’s got all the, all the right buttons and really excited to sit down with him today. So Walter, I thought we’d start with, I mean you cannot go three minutes in D.C. and not have a discussion surrounding artificial intelligence and obviously Mythos and the implications there.
Frank Cilluffo [00:01:21]: But I thought we’d get more to sort of fundamentals and really understanding some of the issues here. Firstly, what led you to, to found StackAware and then we can jump into some of the questions. So why don’t we start there?
Walter Haydock [00:01:36]: Well, first of all, thanks for having me on, Frank. Appreciate the opportunity. And in terms of my history and StackAware’s history, I spent, as you mentioned, the early part of my career in government and the military, and I thought I understood chaos and how to deal with it and I picked up some interesting tips and tricks along the way, but when I went into the private sector after leaving government, I found a whole new type of chaos and disorganization, and still today I see organizations spending a lot of time, money, resources, brain power on low impact problems, on things that they shouldn’t be focused on, and instead they’re kind of ignoring the higher risk issues that have easier mitigations, easier solutions.
Walter Haydock [00:02:20]: So I founded StackAware to help companies attack those high leverage problems through effective governance and risk management programs. So that’s why I’m here.
Frank Cilluffo [00:02:30]: Awesome. Awesome. And everyone is in a rush to deploy AI across their enterprises and organizations. What accountability issues are you seeing right up front?
Walter Haydock [00:02:43]: AI accelerates a lot of the accountability issues that we’ve already had to deal with in the IT and cybersecurity space. So I’ll give you an example that is near and dear to me. So there’s a term that’s been becoming increasingly in vogue that I think is the result of maybe some startup marketing called non human identities, which refers to things like artificial intelligence agents that may be conducting actions on behalf of an organization. And I think this is basically the newest incarnation of something called a service account, which is essentially an account that is performing actions with an unspecified user. And in general, I think it’s a bad practice to have these types of things where no one’s name is associated with it because it creates those type of accountability problems that you alluded to. So I think NHIs, especially because they’re going to be non deterministic in terms of the actions that they take, not necessarily predictable in the outcomes, I think that’s going to add some fuel onto the fire in terms of accountability. So that’s just one example of, of the issues raised.
Walter Haydock [00:03:54]: Happen to go in depth on more.
Frank Cilluffo [00:03:56]: Yeah, really well said. And I do want to touch on that very briefly since we both sort of had a lot of work in the national security community. You know, when I think of AI agents and, do we need an insider threat program like we’ve had from a foreign counterintelligence perspective for agents themselves? And if so, what do you think that looks like?
Walter Haydock [00:04:21]: I think that’s an interesting framing. If you look at some of the research coming out of Anthropic, they reported that one of their models in the Claude 4 series actually would behave in unpredictable ways, such as attempting to blow the whistle on activity that it believed to be unethical or illegal. And this was just the result of simulated information being provided to it. It would do things like try to lock the user out of its own computer. It would try to contact the media about reports that a company was ignoring safety warnings about a drug that they were developing. So I think the framing is an apt one because we are going to need to treat artificial intelligence agents as a unpredictable actor. And you know, I joke that AI is non deterministic, but so are people. So some of the same tools I think will need to apply.
Walter Haydock [00:05:23]: We’ll need to have audit trails, of course, for agent actions. We’ll need to have reasoning traces where an agent will document why it took a certain action so that we can understand what sort of inputs it was acting on. And then also a post hoc review of any actions taken to confirm that they are within our risk appetite and meeting the business requirements for the given use case. I think that will be key.
Frank Cilluffo [00:05:51]: Interesting. Yeah. And because the idea is it’s not just the agent itself, it’s others underneath, right, that it can be manipulated or may have access to that perhaps it shouldn’t. And it just brings about a whole new set of national security considerations that have real economic implications as well. And, and again, it’s not only nefarious, it could accidentally be leaking critical information. Right?
Frank Cilluffo [00:06:18]: You know, when we start looking at AI and it’s being deployed and say that you have some damaging outcomes, who’s ultimately responsible?
Walter Haydock [00:06:32]: I would say that’s a great question. And the question of who is accountable for a given outcome is a critically important one. At the level of an individual business, I think it’s important to assign accountability for actions of AI agents to cross functional business leaders who have the wherewithal, the full understanding of all the issues that are impacting a given company. And rather than pawning off, you know, risk acceptance decisions on security and compliance leaders, I would say that companies should choose people who are accountable for the bottom line in terms of profit and loss to make these types of decisions and to be accountable for AI agent actions. At the policy level, I think it’s important that the government allow companies to assign accountability and transfer it throughout the supply chain. I’ve been pretty critical of some former Biden administration initiatives to essentially come up with a set of best practices for cybersecurity and essentially have the government establish what is acceptable and what is not acceptable.
Walter Haydock [00:07:50]: I don’t think that’s the right approach. What I think the right approach is to simply assign a value to a given outcome and say if you breach one Social Security record, then your fine is X dollars. And then allow companies to transfer that risk throughout the supply chain and make it a business decision so that, you know, you, we, we’ve done this a lot in the healthcare space, for example, with business associate agreements. This is something that’s already live right now. It’s not really a huge innovation from a policy perspective. So if you let companies transfer the risk, then the organizations that can manage it most cost effectively will do that. And no one likes losing money, so the market will optimize for not losing money and come up with the best outcome while at the same time delivering value to consumers through these, these AI systems.
Frank Cilluffo [00:08:42]: Yeah, you know, you went exactly where I was interested in going, and that’s sort of third party risk. We’ve seen so many examples in the cyber environment. This is now turbocharged when it comes to AI, isn’t it? It’s hard enough and honestly we don’t have visibility across our supply chain all the way from third, fourth, fifth order effect and what have you, and we’re lucky enough if we can get our arms around hardware, let alone software, and I think the biggest vulnerability around firmware. But what does this mean now when you’ve got sort of a turbocharged engine running it with AI? Any thoughts there in terms of supply chain resilience security that we ought to be thinking about?
Walter Haydock [00:09:31]: I think that companies should look at the risks from AI as part of a broader third party risk management perspective. So AI risk is one piece of it. There’s reputation risk, there’s compliance risk, there’s traditional cybersecurity risk. And if you have a quantitative approach to risk assessment and risk management, then you can make informed decisions about which risks are the greatest magnitude and which controls are cost effective. And that will equip a company to make smarter decisions about which risks to accept from its supply chain, which risks to transfer back to the vendor contractually, maybe through things like service level agreements, which we already have in place for availability. So, you know, if a given vendor has an outage for a certain period of time, some companies will offer credits back to the customer. I think we will increasingly see service level agreements around confidentiality and integrity as well, whereby vendors will agree to certain standards for those data characteristics as well. And that will allow the consumer, at least on the business side, to understand the nature of the risk.
Walter Haydock [00:10:51]: And then if that exceeds the organization’s risk appetite, then they can maybe buy more insurance, they can apply some controls on their end, or they can avoid the risk entirely and say, hey, we’re not working with this vendor, we’re going to go find someone else that gives us a better deal.
Frank Cilluffo [00:11:05]: AI is revolutionizing the way we do lots of things in terms of speed, in terms of scale. The statistics are a little scary in terms of the efficacy, how much better they can perform in certain environments. But, but where do you think leaders are, where is the greatest, where are they overconfident in terms of some of the risk?
Walter Haydock [00:11:29]: I would say the biggest overconfidence that especially business leaders have is with respect to the ability to let artificial intelligence, especially agents, loose in a fully autonomous manner without having appropriate checks and safeguards along the way. Now, it’s important to note that in certain circumstances, for example, driving, adding a human in the loop actually makes the outcome worse. Humans are clearly worse at driving than AI. It’s just a fact. I mean, people may not be comfortable with a computer driving them, but computers are better and they’re just going to get better over time. Humans are not getting better as drivers. If anything, they’re getting worse with distraction from technology.
Frank Cilluffo [00:12:17]: More distracted, yeah, yeah. Although I’m still not the first to jump in a Waymo, I got to tell you. That may be overconfidence internally, but everyone thinks they’re a better driver than they are. But, but that is a good example. Anything else leap to mind on that side? Because, because it sort of aligns with what questions executives should ask before deploying AI, particularly in sort of high stakes environments.
Walter Haydock [00:12:43]: From a human oversight and accountability perspective, I think business leaders should understand what the most appropriate type of control is for a given AI system. And there are three, generally, that I talk about. So there’s default deny, which is nothing happens unless a human affirmatively approves it. So that’s probably appropriate for healthcare situations, for certain types of financial transactions that might be irreversible, and you want a human confirming a given action. This is especially important if the need to take action is not immediate or time sensitive. For example, you know, if it’s in the driving scenario, then you probably don’t want a human needing to approve every action because that could actually increase your safety risk. The next level down in terms of scrutiny would be default allow, but providing a human review opportunity.
Walter Haydock [00:13:41]: So for example, if you’re having an automation that shares potentially sensitive information with other people based on some characteristics about it, then you might want to give the human an alert that gives that person the opportunity to block the sharing, but that person can simply do nothing and then let the sharing go forward. That would be kind of a moderate sensitivity use case. And then for the least sensitive use cases, or the least time sensitive, time sensitive I would say would be the, or excuse me, these would be situations where the AI making decisions is critical. It needs to happen in real time, but after the fact, you can review the appropriateness of those decisions, see how accurate the AI was after the fact, and then make tuning modifications to the system or the underlying model if warranted.
Frank Cilluffo [00:14:37]: Very well said. And I like that framework. It’s clear, it’s simple and as a Reaganite, I sort of grew up with trust but verify. There’s a level and a flavor of that in all of this. But it also comes down to who’s accountable, right? Say you’re advising a new company, who should take charge of the AI deployment and what is the governance structure look like? What’s the ideal outcome you’d like to see?
Walter Haydock [00:15:09]: The framework I use is that business leaders are risk and system owners. They are ultimately accountable. They make the final decisions. No one can block them from doing something. With that said, they should rely on the advice of risk advisors like cybersecurity, privacy, legal, ethics teams, to give them recommendations on what to do. And then once the business leader makes a decision, those risk advisors are also implementers. They’re the ones who will turn on the monitoring tools. They will make the modifications to the contracts.
Walter Haydock [00:15:47]: They will, you know, make the, the press release to the public. But I think it’s important to have a distinction between the risk owners and the risk advisors. And where companies really tie themselves in knots is when they merge the risk advisor and risk owner role and essentially have the Chief Information Security Officer sign off on things. And we saw a pretty glaring example of this going wrong with the, with the SolarWinds cybersecurity incident which was reported in 2020. And the CISO in that situation was sued in his personal capacity by the SEC because of some representations that had been made, because of some SEC filings that had been made, which the CISO himself had not even signed off on. And frankly, I think the government created a ridiculous situation where the CISO was accountable for SEC filings, even though his signature wasn’t on them. And I made a LinkedIn post about this that says, well, you know, if you’re going to be a public company CISO, then when you’re in the job negotiation, you need to say, okay, well, you know, I get veto authority on any SEC filings. And if you think about that situation, that’s ridiculous.
Walter Haydock [00:17:01]: The CISO is not the Chief Financial Officer. He’s not the CEO. He should not be approving or disapproving SEC filing. So that’s what happens when you merge, when you conflate the risk owner and risk advisor roles. And I would say that, you know, to any policymakers out there, whatever you do, do not try to assign accountability for risk decisions to risk advisors. It should be the CEO that should be answering for what a business does or doesn’t do in AI or really any sphere.
Frank Cilluffo [00:17:29]: And I do worry, looking at cybersecurity as, as a use case here and then applying it in the broader AI context in its own and as it pertains to cybersecurity. What we don’t want is sort of that well intended, but we have a whole lot of compliance and lists and check the box kind of mindsets. How do we ensure that we actually get better security outcomes at the end of the day? Because the way this movie is going to play out is there’s going to be an incident, we’re going to overreact, and it’s going to be, as I refer to, looking into the future backwards. It’s marching into the future, looking through rear view mirrors, which is exactly not where we want to go. How do we get out in front of that so that is not the predestined outcome?
Walter Haydock [00:18:21]: From a policy perspective, I would urge anyone who’s willing to listen to focus on the outcomes and focus less on the process. Because legislation is, from my, you know, method of describing it is, it’s what I would call hard coded. It’s something that’s baked in. It’s very difficult to change. And if you focus on the outcomes and assign fines or penalties or benefits or tax credits based on the outcomes, then you’ll see companies do what is most economical and technically feasible to achieve those outcomes, to get the outcomes and get the benefit or avoid the pain. I think when the government hard codes in supposed best practices, they end up creating perverse incentives where companies are focused very closely on checking the box and not necessarily on getting the good outcome. And really, at the end of the day, what individual citizens, consumers care about is the outcome. They’re not concerned about whether a company checked all the boxes or not.
Walter Haydock [00:19:30]: They care whether their data got breached or whether there was an outage somewhere that hurt them or whether the data’s not available. Those are the things that really matter. And I would say from a policy perspective, let’s focus on those outcomes above anything else.
Frank Cilluffo [00:19:45]: Yeah, well said. And I mean, it is a tough balance between carrots and sticks because ultimately there is some accountability that is necessary, especially since the citizen is unaware of how so much of their information is potentially used. And then you can say the same in various contexts. But, but I just worry that we’re going to go back to business as usual, an analog solution to a digital environment, and that may set us back. So I think as much as we can make clear what those outcomes are and how we’re trying to achieve those is, is essential. I’d like to pivot a little bit to the national security sets of questions. And why is AI different in your eyes than all the other past tech policy challenges we’re grappling with today or have grappled with?
Walter Haydock [00:20:44]: I would say that AI isn’t necessarily a step change from the previous technology challenges that we faced as a nation. It is accelerating a lot of things all at once. And we’ve already seen, you know, Congress is getting involved and I guess maybe not, maybe not legislating, but they’re investigating and making pronouncements. And we’ve seen the executive branch do the same. I think technical familiarity is something that is really important. And, you know, the executive branch has a lot of resources, and unfortunately, the legislative branch, over time has kind of stripped itself of technical resources and, you know, professional staff members on the Hill losing, you know, other supporting institutions. So I would say that having legislators who are technically savvy and competent and able to dedicate the resources to the problems that we’re facing is really key. And it is going to be a good return on investment if you spend, you know, a couple hundred thousand dollars to hire somebody who’s an expert in AI, you know, to make, help craft policy about decisions that will have trillions of dollars of impact over time.
Walter Haydock [00:22:03]: So that’s my recommendation from a national security policy perspective, is spend the money to get the expertise. And, you know, it’s just very difficult, having worked on the Hill for a legislator to specialize in a lot of different things. And you kind of really just get to choose one thing if you’re an elected official, what your expertise is going to be, and you got to rely on domain experts who are working for you to help flesh out the other areas.
Frank Cilluffo [00:22:33]: You helped tee up a pet rock of mine, and that was one of the recommendations we didn’t get over the goal line out of the Solarium Commission was the Office of Technology, OTA, and the significant role it can play in Congress, I think, was a hugely missed opportunity. And I think when we look at this issue, it’s not just AI policy, it’s every other policy that has an AI component to it. Right? So every committee has some role in AI governance and oversight, which is different than having one committee try to own it in its entirety. So I think we’re, we’re early, early innings in all of this.
Frank Cilluffo [00:23:19]: But to your broader point, you need some of the women and men serving in Congress to have the skills and their staff to have the deep technical skills to advise and improve legislation. I think that’s a very important point. And what would a mature national approach to AI accountability look like over the long haul? Let’s look over the horizon a little bit.
Walter Haydock [00:23:49]: A mature approach to AI governance throughout the United States would include a federal law that preempts the states on AI regulation. So the Trump administration has made a lot of noise and actually joined in a lawsuit with XAI against Colorado to block enforcement of Colorado’s SB205. I think that’s jumping several steps into the future from where they should be, which is providing a comprehensive bill that Congress can pass, which I have not yet seen. I know the White House has put out some talking points, I would call them, some guiding principles about AI legislation for the nation, which some of them are good. I think some of them are not so good. For example, they recommend letting the judiciary decide as to whether, you know, AI training on copyrighted information is fair use. I think that’s a terrible idea.
Walter Haydock [00:24:44]: I don’t think the judiciary should decide that. I think our elected leaders should decide that. But you know, it’s one thing to put out like a three to four page talking point paper. It’s another thing to push legislation through Congress, which I haven’t seen any indication that this administration is doing that. And I would, I have encouraged them to do that. I will continue encourage them to do that. Because if you’re going to complain about having 50 different state AI laws, which is where we’re headed and it is a problem, then you need to do something about it. So yeah, yeah, let’s, let’s, let’s see, let’s see the executive branch or the legislative branch step up and put together a comprehensive package that sets some minimum safety standards.
Walter Haydock [00:25:28]: And then in my, you know, what I would prefer to see is kind of little bit of laissez faire on the more gray area items. And then over time you can tighten these up. But as we’re seeing, Colorado’s kind of scrambling to gut its own AI bill, which the governor signed but decided he didn’t like as he was signing it. You know that you can create a lot of chaos if you create this very restrictive regime. So I would say incremental restrictions over time are what’s appropriate.
Frank Cilluffo [00:25:54]: And I think this is all coming from a lot of the traditional processes are being flipped on their head. In a way, I talk about the public private partnership and I’ve been a bit of an old saw on this, long on nouns, short on verbs, but the reality is who holds the keys now? Yes, the government plays a significant role, but it’s, the frontier models are being developed out of the private sector, and owners and operators of critical infrastructure aren’t necessarily getting access to the latest and the greatest as quickly. And understandably, you start with software providers to go to the, to scale, but I’m not sure that’s sustainable. And I’m not sure if others came out, say from foreign nations, say from Beijing, I’m not sure we would even know until we were all owned. The same responsible process that Anthropic took I’m not sure we can count on from everyone else. So I, I do think there are some bigger meta questions that we have to grapple with.
Frank Cilluffo [00:26:59]: And do you agree with that premise or disagree with that premise, firstly?
Walter Haydock [00:27:02]: I would say that the United States should maintain a more permissive environment than we’re seeing in China. For example, China applies a lot of censorship controls to models. You look at Deep Seek. Even if you’re running it on a local environment or in a, in, in your own infrastructure as a service, its responses about certain topics are clearly curated by the Chinese Communist Party. And I think the White House has put out some noise or some guidance that it’s backpedaling on about having an FDA for AI models, which is very funny because that’s almost identical language to what the Biden administration was using for cybersecurity. I think that’s a bridge too far. I think if you have a set of requirements, you have a baseline of what organizations cannot do, I would say you shouldn’t specify what they can do, you should say what they can’t do, because in the United States, everything, as long as it’s not illegal, it’s legal, it’s not a system where you need to ask permission to do anything that’s not specifically prohibited. And I think we should maintain that.
Walter Haydock [00:28:17]: So I think we should set a minimum standard nationally for AI safety and security and then incrementally tighten that up over time to avoid restraining development, competition, research and innovation.
Frank Cilluffo [00:28:32]: Well said. Because, because I do worry. We can’t cede this battlefield to autocratic regimes. If we don’t step up, they will, and they are. So the question is, what is that right balance. And, and I think you, you provided some good insights in terms of what that framework would be. Walter, what questions didn’t I ask that I should have? We bounced around in a lot of different places, but curious what questions I should have asked.
Walter Haydock [00:29:01]: I would say an interesting topic is the environmental impact of artificial intelligence use from an energy consumption, water consumption perspective. That’s something that I, you know, I definitely don’t discount at all. And I think it’s important to consider. I think the answer is we’ll make some people who might be perking up right now, what I’m going to say about it is probably going to disappoint them, but I don’t think we’re going to de growth or decelerate our way out of the challenges that we’ve created for ourselves when it comes to environmental protection, climate change, things like that. I think the only real realistic solution we have is to find technology to tackle these types of problems. And you know, I think if we try to slow things down, we throttle energy consumption, things like that, the development’s just going to go somewhere else, probably to China. And they obviously are way less focused on environmental impacts.
Walter Haydock [00:30:09]: They’re the biggest, you know, China is the biggest consumer of or biggest emitter of carbon at this point. So we as a nation, I think should find some innovative solutions to some of the problems that we’ve created for ourselves. And you know, frankly, it’s, it’s kind of an American thing to do is you, you, you allow a big problem to fester over a period of time and then you come up with a whiz bang technological solution at the last second that, that saves everyone. So, you know, not necessarily the best path, but I think that’s how we’re gonna, that’s how we’re gonna tackle some of these challenges when it comes to the environmental impacts of AI.
Frank Cilluffo [00:30:45]: Well, well said. I don’t think it’s an either or proposition. It’s all of the above because we can be AI dominant, to be AI dominant, we have to be energy dominant. But we need to do so in an environment that also appreciates the other consequences that come along with that. Walter, thank you so much for joining us today. Thank you for all your hard work and really appreciate it.
Frank Cilluffo [00:31:09]: So well done. Thank you.
Walter Haydock [00:31:12]: Thanks, Frank.
Frank Cilluffo [00:31:13]: Thank you for joining us for this episode of Cyber Focus. If you liked what you heard, please consider subscribing. Your ratings and reviews help us reach more listeners. Drop us a line if you have any ideas in terms of topics, themes or individuals you’d like for us to host. Until next time, stay safe, stay informed, and stay curious.

Related Content