Governing enterprise AI before the threshold is crossed.
If your AI system caused harm tomorrow, could you say which layer of it did? A cascade does not announce itself. The curve stays smooth right up to the point of no return, and after the incident nobody can say which layer caused it.
Kesslernity
Governing enterprise AI before the threshold is crossed.
Mathieu Kessler
Your AI estate grew the way every estate grows: one sensible deployment at a time. An assistant here, a fine-tuned model there, a vendor feature switched on by default. Every decision was reasonable. Nobody chose to cross a line, because there is no line you can see.
Then something goes wrong, and you discover the part that actually hurts: you cannot say which layer did it. The base model, the fine-tune, the corpus, the orchestration, the prompt, each owned by a different party, each able to change behaviour without telling the others. The logs sit in three systems on three clocks with no joinable timeline.
The capacity to say who did it is not recovered after the incident. It is a property you build in before, or it is absent forever.
# reconstruct.sh — join logs across the layers $ join --by date base.log vendor.log orch.log base-model v? clock: UTC, no version pin vendor "latest" clock: PST, silent update orchestration deploy#? clock: local, no deploy ts ──────────────────────────────── JOIN FAILED keys do not match CLOCKS 3 timezones, no offsets RESULT cannot reconstruct — no joinable timeline
The book reasons about your AI estate through the Kessler Syndrome, the orbital-debris cascade where each collision makes the next more likely until a shell of orbit becomes unusable. It is a clean, emotionally neutral model of how dependency accumulates, how thresholds get crossed without an alarm, and how accountability dissolves once the harm is done.
It is an instrument, not a thesis. The orbit story leads the first third and then recedes on purpose, until the governance substance carries the page on its own. By Part II you are reading audit practice, not space. No predictions about how AI ends. No hype, no doom. An operating manual.
# licence-plate-test — 12 items, 0-2 each $ score customer-facing-assistant crit=4 [2] 01 base model + version named [2] 02 config reproducible by date [1] 03 input/output logs retained [0] 04 vendor vs own change — none [0] 05 corpus snapshotted + curated [1] 06 composed system evaluated ...items 07-08... [0] 09 clocks + ids joinable ...items 10-12... ──────────────────────────────── SCORE 9 / 24 BAND RED crit-4 on RED → does not deploy
# the bands gate deployment, not a grade RED below 12 crit-4 cannot go live AMBER 12 to 18 conditions + a date GREEN 19 and up attributable ──────────────────────────────── # the three zeros, found on a Tuesday: 04 no joinable vendor/own change record 05 no snapshotted, curated corpus 09 clocks + ids do not let layers join COST NOW a few days of platform work COST LATER a drawing with no owner
Twelve items, two points each, twenty-four possible. Red below 12, Amber 12 to 18, Green 19 and up. No system at criticality 4 or higher goes live on a Red. You check before the incident whether the system can even be attributed.
Three beats each, no filler. Every chapter runs the same pattern, and ends with something to do on Monday:
Board-ready files that assemble into one system. Each ships as PDF, HTML, and editable Markdown.
// IN THE DOWNLOAD
The book in three formats, read anywhere.
Each as a styled PDF, browser HTML, and editable Markdown.
Re-delivered when the EU AI Act dates move.
The artifacts arrive one chapter at a time, but they are one system. The Density Register is the spine: one scored row per AI touchpoint, and everything else attaches to those rows. The cadence schedules the refresh so the system stays true instead of decaying into paperwork.
┌───────────────────────────────────────────┐ │ THE DENSITY REGISTER │ │ one scored row per AI touchpoint │ │ the spine — everything attaches to it │ └───────────────────────────────────────────┘ │ │ │ scores each names each examines each ▼ ▼ ▼ ┌────────────────┐ ┌────────────┐ ┌───────────────────┐ │ ATTRIBUTION- │ │ RACI-for- │ │ AUDIT QUESTION │ │ READINESS │ │ AI │ │ BANK │ │ can we trace │ │ who owns │ │ can we evidence │ │ the failure? │ │ it? │ │ it to an auditor? │ └────────────────┘ └────────────┘ └───────────────────┘ ▲ ▲ ▲ └──────────────┼───────────────┘ │ ┌───────────────────────────────────────────┐ │ THE GOVERNANCE-CADENCE CONTROL SPEC │ │ schedules the refresh of all the above │ │ keeps the system from decaying │ └───────────────────────────────────────────┘
The examples lean toward EPC and energy because that is the seat the author operates from, but nothing is sector-locked. A bank examiner, a hospital's risk officer, and an insurer's model-risk lead all find their own register rows.
One price
$59
The ten-chapter book plus the five-artifact toolkit. One ZIP, instant download.
Free updates
Re-delivered
The fastest-aging facts are the EU AI Act dates, and they are still moving. When a load-bearing fact shifts, the updated files re-deliver to every buyer. You do not repurchase.
Team use included
No per-seat
Share with your platform, audit, and risk teams. No per-seat fees inside your org.
The break-even is one system. Get a single criticality-4 system named, attributed, and owned before it fails instead of after, and the book has paid for itself many times over before your next governance review.
No. The Kessler Syndrome is a thinking instrument, used to reason cleanly about dependency and thresholds, and it recedes after the first third. By Part II you are reading AI audit practice. There is no orbital-mechanics lecture beyond what the model needs.
No. The opening scenario is fictional. The examples lean toward EPC and energy but nothing is sector-locked. Banks, hospitals, insurers, and manufacturers all map their own systems onto the register, the RACI, and the checklist without translation.
It is written for the operating seat. The executive chapters (ownership, procurement, cadence) read cleanly for a CIO or an audit lead. The traceability chapter goes deep enough for a platform lead to write requirements from. Both audiences find their layer.
Sourced and dated throughout. The high-risk dates, the Article 50 marking grace, and the Digital Omnibus status are all flagged as volatile with their as-of dates, because they are still provisional. Free updates re-deliver when they settle, and the AI at Work newsletter tracks the changes between updates.
A ZIP with the book as a print-ready PDF (A4), a reflowable EPUB, and a browser HTML copy, plus the five toolkit artifacts each in three formats: a ready-to-print PDF, a browser-viewable HTML, and editable Markdown you can drop straight into your internal docs or wiki.
Build the Density Register first, because you cannot govern what you have not counted. Then stand up the cadence so it stays current. The other three slot in as their triggers fire. The free Licence-Plate Test is a ten-minute taste of the attribution checklist if you want to score one system before you buy.
The ten-chapter book and the five-artifact toolkit. One ZIP, free updates, team use included.
Get Critical Density — $59Instant download · PDF · EPUB · HTML · 5-artifact toolkit
Not ready? Score one system free with the Licence-Plate Test. Questions? Contact us