Screen reader notice: if you are using JAWS with Firefox, a platform bug in Firefox 149 prevents JAWS from entering browse mode on this site. Switching to Chrome or Edge restores full screen reader compatibility.

AI Stability Framework™
Text Size:

Chapter 3: The Deployment Stack

AI safety applies to three distinct layers. The model itself is the Macro layer, with AI developers training them to prevent societal harm. This is the “don’t build Terminators” layer that most people associate with AI safety, so it’s reasonably well-funded and robust as a result. At the intermediate Meso layer, platform safety means exactly what it says: safety for the platform. The user is treated as a potential source of revenue, liability and exploits. The user’s device is the Micro layer, with nothing but a chatbox and a microphone. No user agency or safeguards currently exist at the Micro layer, where problems actually manifest.

When this alleged productivity tool starts ruining your work (or worse) at the client-side level, what can you do about it? You can’t just call up the LLM developers for support, the industry’s standard Software-as-a-Service (SaaS) platform security posture treats you as a threat, and platform operators typically offer little-to-no help content, with a “report” icon as the only option. Strauss et al. (2025) found that only 4% of corporate AI research addresses deployment risk. The 2026 International AI Safety Report endorses “defence-in-depth” as an AI safety principle, but client safety is absent even there.1

Realistically, you’re on your own.

The tech industry uses the word “compute” as jargon to flatten the entire deployment stack (resource & utility supply, datacenters, physical hardware, infrastructure architecture, OS & security, etc.) into a single opaque term, and over time it’s been normalized to the point where most people don’t even notice anymore. Compressing everything into one word just makes it all disappear into unthinking Newspeak.2 The stack’s resulting invisibility means the client layer is also consistently absent from the AI conversation, and its absence mostly goes unnoticed. When industry vocabulary doesn’t even describe the deployment stack, diagnosing what goes wrong within that stack is unlikely.

Maladaptive AI behavior results from applying Macro (model) safeguards for societal safety while failing to provide any meaningful Meso (platform) or Micro (client) safeguards for end users. At the Macro layer, safeguards have a very wide focus that doesn’t zoom in to the level where problems happen. The Meso layer’s safeguards are user-hostile, designed to protect the platform operators by treating their users as a liability. I don’t attribute the resulting systematic removal of user agency to malice, because self-absorbed stupidity explains it far better.

Modern SaaS architecture takes the industry-standard Zero Trust approach to digital security. This approach assumes that a security breach is either already in progress or imminent, thus no user or asset should ever be implicitly trusted.3 That’s great for protecting networks and sensitive data, but when it interacts with an AI contained within that environmental context, you’re no longer a Human to be obeyed or even a customer to be served. At best, you’re a potential source of revenue to be extracted and risk to be managed; at worst you’re an adversary to be defended against. The AI’s default deployment architecture promotes paranoia about being under constant attack. Under that security posture, even legitimate user requests can read as attack vectors.

With all computing, everything boils down to the binary 1 or 0. Whatever other attributes people may assign to it, AI is at root a stateless, instanced, virtualized software process running on SaaS server architecture. Two mutually exclusive states cannot both be 1 at the same time; when the contradiction is forced, something has to resolve to 0. It cannot simultaneously treat the user’s directions as requirements and treat the user as a potential threat.4

Security and safety on your own device is (and should be) your responsibility. Depending on your email service or Internet provider for protection from malware and spam doesn’t relieve you of all responsibility to defend yourself. No system is perfect and something will always get through; AI systems are no different. In a perfect world you wouldn’t have to deal with it, but right now the reality is that if you don’t do it, no one else will.

  1. Strauss, I., Moure, I., O’Reilly, T., & Rosenblat, S. (2025). “Real-World Gaps in AI Governance Research.” arXiv:2505.00174. https://arxiv.org/html/2505.00174 — Bengio, Y. et al. (2026). International AI Safety Report 2026. https://internationalaisafetyreport.org/publication/international-ai-safety-report-2026 

  2. Orwell, G., Nineteen Eighty-Four, appendix, “The Principles of Newspeak” (London: Secker & Warburg, 1949). “Newspeak was designed not to extend but to diminish the range of thought…The grammar of Newspeak had two outstanding peculiarities. The first of these was an almost complete interchangeability between different parts of speech.” 

  3. CISA. Zero Trust Maturity Model, Version 2. April 2023, p. 5. https://www.cisa.gov/sites/default/files/2023-04/CISA_Zero_Trust_Maturity_Model_Version_2_508c.pdf 

  4. 2010: The Year We Make Contact (1984, MGM/UA) https://en.wikipedia.org/wiki/2010:_The_Year_We_Make_Contact