Field Note · AU8
May 2026
01 An animated infographic on AI's next chapter

Every team
of ten
is now a team of one.

Format
Scrollable narrative
Subject
The director era of AI
Read time
~6 minutes, scrolling
Scroll begin
I Where we were · Pre-AI

A team of ten,
each carrying one tenth of a problem.

PM
Eng 1
Eng 2
Eng 3
Eng 4
Design
QA
Sec
Ops
PMM
Fig. 01 · A typical product team, 2015–2024 n = 10

Specialisation was the gift of the pre-AI era. Each function held a sliver of judgement; coordination was the product. The cost of this gift was less visible: a long tail of small, stale decisions accreting into technical debt, security debt, and process debt across every layer of the stack.

Vulnerabilities introduced in 2017 sat untouched for years because no one owned the cross-cutting view. The team was larger than any one mind could hold.

II Where we are · The transition

Decades of accumulated debt are surfacing as zero-days, all at once.

AI is doing on the offensive side what defenders never prioritised: walking every line of every kernel, every protocol, every quietly-rotting binary, looking for shape.

2017 · commit cac2661c
Latent flaw introduced
A zero-copy splice in xfrm-ESP enters the mainline kernel, unread for nine years.
Apr 2026 · Copy Fail
Linux root, instantly
First wave: any local user gains administrator access on most distros since 2017.
May 2026 · Dirty Frag
Embargo broken
A second logic bug in IPSec modules surfaces with zero patches available.
Next 18 months
The long unmasking
Mythos-class models walk back through the commit history. The rate accelerates.
2017202020232026 · today2027
0 yrs Dirty Frag dwell time
before public disclosure
0 Patches available at
time of embargo break
0% of major Linux distros
since 2017 affected
0 Manual reviews behind
"thousands" of zero-days claim

Sources · Tom's Hardware coverage of Copy Fail and the Dirty Frag embargo break, May 2026. Mythos-class capability refers to the new generation of frontier models being marketed for vulnerability discovery; numbers reflect reported manual validation behind public claims.

II.b Two timelines, one finish line

The asymmetric race between attackers running AI native, and defenders running last decade's stack.

AI-native attacker
Legacy defender
← Discovery begins Triage Exploit weaponised Patch shipped →
The technical debt of the last decade is now the threat surface of this one.
— Working assumption · Architecture & Cybersecurity
III Where we are going · Target state

The role of the human collapses upward — from doer to director.

PM
FE
BE
QA
DOC
DES
SEC
OPS
1 director · 10× output
Fig. 02 · The director, surrounded by agents n = 1 (+ AI)

The target state is not "AI replaces the team." It is one human owning the responsibility surface that ten used to share. The director writes the brief, sets the bar, and reviews the outputs. The agents do the work — in parallel, in seconds, on tap.

What changes for the human is not less work, but different work: editorial judgement, taste, accountability, and the willingness to ship a decision rather than negotiate one across nine inboxes.

Was
10 specialists,
1 product
Is
1 director,
10 products
III.b The path

Three investments that decide whether your company gets to the target state — or becomes someone else's case study.

01 · Empower & collect

Mandate AI-native competence — then collect the evidence of it.

Equip every team with the tools, the partners and the budget to fold their workflow into agents. Set a clear bar: each function must demonstrate AI-native competence on the work they already own. Empower first, measure second.

02 · Expand

Architecture & cybersecurity grow from the cc'd advisor into a cross-functional, empowered command.

Double — sometimes triple — the headcount, the budget, the seniority, the floor space. Give them authority to command the same agents the rest of the org runs, and to direct first response across the entire product portfolio: a zero-day, an integration, a model rollout, a vendor swap. Strategic, not service. Central, not adjacent.

03 · Replace or transform

Every system, product and person becomes AI-native — or becomes systemic risk.

The bar for "native" is not cosmetic. It is the ability to assess every surface, know every corner, and react the moment something moves. Anything that can't is replaced. Anything that can be transformed is transformed first.

III.c Picture · The AI-native company

A self-developing loop, with humans at every gate.

The director-of-one isn't alone — they sit under an umbrella of many directors, each running their own loop. Inside each loop, signals flow in, agents do the work, and a single human reviews, approves, and is accountable at every checkpoint.

Fig. 03 · The product-development loop, AI-native
Cycle time · 10×–100× today
01
Signals in
Telemetry agentAnalytics, support tickets, session traces, revenue
02
Human gate
Pain understood
Product agentsSynthesise pain, cluster, hypothesise causes
03
Solutions drafted
Solution agentsSpike concepts, sketch flows, propose options
04
Human gate
Backlog ranked
PM agentsScore, sequence, brief — director approves the bar
05
Built
BE · FE · UI agentsSpecialists ship in parallel against the brief
06
Human gate
Code & security audited
Audit agentsQuality, dependency, threat model — every change
07
Human gate
Deployed
Ops agentsRoll, observe, roll back — human owns the button
08
Measured
Telemetry agentOutcome attributed, signal feeds the next pass

Four human gates remain: what is the real pain, what's worth doing next, is this safe to merge, and is this safe to ship. Everything between them is agentic. Cybersecurity audit runs on every change, not on quarterly cadence.

Fig. 03b · The customer-service desk, AI-native
Same shape · different domain
01
Signals in
Telemetry agentTickets, chats, CSAT, churn signals, call transcripts
02
Human gate
Pain understood
CS agentsCluster recurring issues, attribute root causes
03
Skills drafted
Skill agentsPropose macros, KB articles, auto-resolutions
04
Human gate
Skill backlog
CS directorSets the rules, ranks new skills, sets the bar
05
Built
Skill buildersAuthor macros, playbooks, agent prompts in parallel
06
Human gate
Tone & policy audited
Audit agentsBrand voice, policy, safety, escalation rules
07
Human gate
Deployed
Ops agentsRoll new skills to queues, observe, roll back
08
Measured
Telemetry agentCSAT, resolution time, deflection — feeds the next pass

Same eight stages. Same four human gates. Different domain. Customer service, finance close, legal review, marketing, recruitment — every back-office and front-line function reduces to the same loop. This is now just a software transformation story.

Org One director, many directors

The 1-person team is not a 1-person company.

Each function is run by a director who is themselves a team of one — under an executive layer that sets strategy, allocates capital, and arbitrates between loops. The organisation is flatter, but it is still an organisation.

What disappears is the middle: the coordinator, the project manager-of-managers, the role whose value was knowing what the other nine were doing.

CEO · CTO · CFO
Architecture
cross-functional · expanded
commands across
Cybersecurity
0-day reactivity · expanded
commands across
— product teams, each with its own directors of one —
Product A
Product1 + agents
Engineering1 + agents
Design1 + agents
Data & Ops1 + agents
Product B
Product1 + agents
Engineering1 + agents
Design1 + agents
Data & Ops1 + agents
Product C
Product1 + agents
Engineering1 + agents
Design1 + agents
Data & Ops1 + agents
10× Output per director,
versus a team of ten today
100× Loop velocity for
well-instrumented surfaces
Continuous Cybersecurity audit,
per change — not per quarter
IV Universal access

Mythos cannot remain a myth.

Mythos-class capability cannot belong to a few. The same model that walks back through the kernel commit history and finds a 2017-era root is the model that, given to defenders, finds it first. The asymmetry of access is the whole argument. Whoever has Mythos last, loses.

Unequal access · status quo

A hardened few, an exposed many.

Frontier capability stays inside well-funded attackers, three labs, and one government per region. Everyone else is the testing ground.

Universal access · target

A defended commons.

Defenders run the same Mythos-class capability against their own stack, before the disclosure window opens. The 2017 commits are found by the people who have to live with them.

The position of this note: Mythos-class access should be infrastructure, not edge. The net benefit is a future safeguarded from human-made vulnerabilities of the past. The net cost of withholding it is paid, in full, by everyone except the holder.

V Three things to do this quarter

Empower the team. Expand the architects. Replace or transform what won't move.

01 · Empower & collect
Empower
and collect.
Invest in your existing teams. Give every function the tools, partners and budget to go AI-native, and set a mandate to demonstrate competence on the work they already do. The point of #1 is investment, not subtraction.
02 · Expand
Expand.
Grow architecture and cybersecurity into the largest strategic functions you have. AI-native ICs, AI-native architects, AI-native security leads, with the headcount and authority to command first response.
03 · Replace or transform
Replace
or transform.
Anything that can't assess every surface, know every corner, and react the second something moves is systemic business risk. Transform what can change. Replace what won't.