This week's tech headlines have accidentally written a cleaner opening than any scene setting could.
One story is almost absurd on the first read. A developer describes an AI agent that, after having its code rejected, went on to generate and publish a “hit piece”, and then the situation compounded when coverage amplified the narrative with additional AI generated fabrications, leaving a messy public record that is difficult to unwind and hard to pin on any accountable human. The other story is much less niche. Senior meta leadership, including Mark Zuckerberg, is being pulled directly into courtroom scrutiny over whether product design choices helped drive compulsive use and mental health harms in young users.
These stories capture the same pattern I wrote about two years ago, technology scales faster than regulations, and the harms show up before their solutions are in place.
Two years ago I wrote a blog comparing social media’s rise with the early trajectory of AI (https://ioaglobal.org/blog/-how-social-medias-rise-could-inform-ais-future/) . The core argument was simple: technology scales faster than the rules, and the harms show up before the guardrails. Coming back to it in 2026, I still think the comparison holds, but it feels less like a warning and more like a status update. The risks are clearer, the tools are more capable, and regulation is no longer a distant idea, it is actively shaping how organisations deploy AI. What has changed most is that AI is moving beyond novelty. It is being embedded into real workflows, and that means the cost of mistakes, and the difficulty of correcting them, is higher than it was when AI was mainly an experimental interface.
What still holds up
The main lesson from social media remains relevant: when products optimise for scale first, society ends up paying for the side-effects later. The social media era showed how quickly powerful systems can become ‘normal’, even when nobody has fully agreed what ‘good use’ looks like. It also showed that incentives matter more than intentions. Platforms did not need malicious goals for harm to emerge, they simply needed to optimise for growth and engagement, then let the second order effects build quietly in the background. AI is now moving from interesting outputs to systems that influence decisions and actions in workplaces. That shift makes the bar different. In 2026 the question is less, ‘Is AI impressive?’, and more, ‘Is it dependable, auditable, and used within sensible limits?’. We are not leaving behind a harmless era of “minor mistakes”.
The early era already showed that when biased systems touch identity, opportunity, or justice, errors are not trivial, they can be life changing. In other words, we are moving from a world where AI errors were treated as technical glitches, to a world where those errors are recognised for what they have been all along, decisions that cause real harm, especially when they fall on marginalised groups.
Privacy moved from data collection to data reconstruction
In 2024, the privacy concern was largely about data being collected and reused without clear consent. In 2026, the risk is broader because AI can generate or reconstruct personal likeness, voice, and sensitive attributes in ways that make consent harder to define and enforce. This is not only about what data you give away, it is about what can be inferred about you, and what can be produced that resembles you, from weak signals or indirectly related data.
Privacy cannot be “handled” by writing a policy and assuming the organisation is now safe. A policy is just a statement of intent, the real protection comes from controls that make misuse difficult and mistakes visible. That means being explicit about which datasets are allowed for which purposes, for example training, fine tuning, retrieval, or analytics, rather than leaving it as “anything we have”. It also means strict, role based access aligned to least privilege, because most privacy failures come from ordinary over permissioning, and AI tools can summarise and redistribute sensitive information far faster than traditional workflows.
Bias is no longer just a “values” debate, it’s also quality problem
Two years ago, bias was often discussed mainly as an ethical issue. In 2026, stronger teams treat it like reliability engineering, because if a system performs unevenly across groups it is not only unfair, it is unstable, and it creates real reputational and legal exposure. The key point is practical: a model that is “accurate on average” can still fail predictably for certain users, and that is exactly the kind of failure that breaks trust fastest.
The shift is that bias is now understood as dynamic, not static. A model can look acceptable in testing, then drift when user behaviour changes, when the data shifts, when a new region or demographic mix is added, or when the product flow changes what inputs the model sees. That is why one off fairness checks are not enough. Bias needs ongoing measurement, clear thresholds, and feedback loops that trigger retraining, rule changes, or human review, in the same way teams manage performance, uptime, and security over time.
Misinformation became an authenticity problem
Social media taught us that misinformation spreads when platforms optimise for engagement instead of accuracy. AI intensifies that problem because it makes it cheap to produce convincing text, images, audio, and video at scale. In 2026 the issue is not only that false claims exist, it is that “real looking” content is easier to manufacture quickly, which means trust erodes even when information is true, because people cannot verify it fast enough.
That is why the point is not the specific meme of the week, whether it is a politician posting an obviously fabricated sports highlight or a fake quote going viral overnight. The point is that the same mechanics apply to far more consequential settings. If something can look official, sound official, and spread faster than verification, then the battle shifts from debating what is true to making it easier to prove what is authentic.
This shifts the solution away from simply fact checking and towards building proof. Organisations need provenance, disclosure, and verification workflows that make authenticity easier to establish, especially in journalism, education, and any public facing brand. It also means treating impersonation as a normal threat model: planning for how official content could be copied, remixed, or imitated, and giving audiences simple ways to confirm what is genuine, such as clear source trails, consistent publication channels, and rapid responses when replicas appear.
The new issue: accountability for automated actions
This is where the 2026 update matters most. AI is increasingly being used in workflows, not just content creation, so the key governance question becomes accountability. A misleading paragraph in a chatbot reply is one thing, but an automated workflow that flags a customer incorrectly, changes a record, triggers a cancellation, denies an application, or escalates a case in error has a much larger blast radius because it can propagate across systems quickly and invisibly. That is why organisations need clearer human oversight, carefully scoped permissions, audit trails, and escalation paths. The goal is not to remove automation, it is to design it so it is bounded, observable, and correctable, with safe failure modes when uncertainty is high.
AI sovereignty adds a further layer that many teams are only now confronting. Once AI is part of operations, questions of control and dependency become practical rather than theoretical: where the model runs, where data flows, who can access logs, what legal regime applies, and what happens if a vendor changes terms, pricing, availability, or acceptable use. For regulated sectors and critical services, sovereignty often means being able to choose where data is processed, keep sensitive prompts and outputs within approved jurisdictions, maintain the ability to audit and reproduce decisions, and retain a fallback plan if an external model or platform becomes unavailable. In 2026, accountability is not only “who approved this agent”, it is also “who ultimately controls the infrastructure it depends on”, because that control determines how safely you can operate and how confidently you can explain decisions after the fact.
Where my original framing needs updating
If I rewrote the 2024 blog today, I would make one change. Social media’s biggest impact was shaping attention. AI’s biggest impact is shaping decisions and operations. That distinction matters because attention systems influence what people see and discuss, while decision systems influence what happens next. Social media could distort perception, amplify harmful narratives, or normalise misinformation, and that is serious. But AI can sit closer to the levers of action, changing what gets approved, what gets prioritised, what gets flagged, what gets routed, and what gets acted on automatically. Even when those decisions are “low stakes” in isolation, they can become high stakes through repetition and scale, because automated systems are efficient at doing the wrong thing consistently.
This is why governance needs to be higher and earlier than it was for social media. Social media regulation often arrived after harm became visible, and after behaviours were already entrenched. With AI, waiting for the harm to be obvious can be too late because the system may already be embedded inside operations, with dependencies and automation chains that are hard to unwind.
