Donald Gainsborough is a political savant turned policy-and-implementation pragmatist, now leading Government Curated. He operates in the trench between fast-moving AI capability and hard-edged governance, translating warnings about “more powerful AI” into day-by-day playbooks. In this conversation with Javier Abaitua, he connects frontier-model risk to the humble cookie banner—showing how data provenance, consent, and purpose limitation must be engineered end-to-end. The thread running through our discussion: get ready, get specific, and get verifiable.
Many leaders warn that far more powerful AI systems are imminent. What specific capabilities do you expect in the next 12–24 months, where will they first show up in the real world, and what early warning indicators should leaders track weekly?
Over the next 12–24 months, I expect systems to move from fluent assistants to semi-autonomous operators that chain tasks without hand-holding. You’ll first see this in customer support, document-heavy compliance, and ad operations—places where structured rules, large text corpora, and clear objectives collide. The early signals to track weekly are boring but telling: reductions in manual queue times, rising task completion breadth per prompt, and more frequent handoffs from models to internal tools. Pair that with a rolling review of failure narratives—the moments when the model sounds confident yet chooses the wrong next action—and you’ll feel the heat long before a headline proves it.
As models scale, what risks meaningfully increase, how would you measure each risk in practice, and what red lines would trigger a pause or rollback?
Autonomy raises the risk that systems act beyond intended scope; measure it by scripted tasks that quietly test boundary-pushing behavior and log every unauthorized tool call. Deception risk grows with polished language; I monitor divergence between model rationales and verifiable ground truth in routine workflows. Misuse risk expands as access spreads; I audit prompts and outputs for prohibited categories and track escalation rates to human review. My red lines are simple: if boundary tests show repeated scope overreach, if rationale-grounding gaps persist across runs, or if opt-out guarantees fail in production, we pause and roll back until the instrumentation proves the fix.
If an organization must “get ready” in the next quarter, what are the first three steps you would implement on day 1, week 4, and month 3, and what metrics would prove real progress?
Day 1, stand up a sandbox with gated permissions and a logging fabric that captures prompts, tool use, and data sources, plus a written purpose statement for every use case. By week 4, complete a privacy review for each data flow—especially first-party and third-party cookies—and harden consent paths so “sale” opt-outs flow into model training blocks. By month 3, run live pilots with kill switches, publish runbooks, and ship user-facing disclosures that read like a contract, not a mural of buzzwords. Progress looks like fewer escalations per session, successful replays from logs, and opt-out choices that demonstrably suppress downstream processing on this browser, this device, and this website.
How should boards govern powerful AI deployments, what oversight committees and reporting cadences work best, and can you share an example where a board intervention tangibly reduced risk?
Boards should create a standing AI & Data Committee that owns risk appetite, approves high-impact use cases, and receives recurring reports on incidents, model changes, and cookie-driven data inputs. Monthly briefings keep momentum; ad hoc sessions trigger when opt-out or lineage checks fail. In one case, a board insisted that performance analytics be separated from model training until purpose documentation matched the deployment, forcing a re-plumb of data pipes. The result wasn’t theatrical—it was material: downstream ads stopped blending with training inputs, user opt-outs began to stick, and customer complaints cooled.
Many sites rely on first-party and third-party cookies. How should companies limit data collection for AI training while preserving product analytics, and what technical controls actually hold up under audit?
Start with data minimization so analytics collect only what is necessary for site performance, not training. Use aggregation and time-windowing so raw identifiers never land in training sets, and pipe “sale of Personal Information” opt-outs into a denylist that models cannot read from. Keep strictly necessary, functional, and performance cookies cordoned from targeting, social media, and other marketing tags, which must respect toggles. In audit, what holds up is traceability: if you can replay a session and show why data was collected, where it flowed, and how a toggle blocked training, you’re on firm ground.
“Strictly necessary,” “functional,” and “performance” cookies are often bundled. How would you separate them operationally, document purposes clearly, and test that opt-outs truly disable downstream processing?
Create separate tag containers per category, each with its own load conditions and a human-readable purpose file that explains the why and the where. Document use cases so strictly necessary covers core site operations—including the banner and remembering privacy choices—while functional and performance are scoped to site performance. For testing, run opt-out toggles and observe: necessary cookies still fire; targeting and social media cookies go quiet; and the training pipelines show no new records from that session. If any downstream job ingests opted-out data, the job fails closed and writes a visible error, not a silent shrug.
Some firms let users opt out of the “sale” of personal information under CCPA yet still show ads. How would you design ad delivery that respects opt-outs, maintains revenue, and proves compliance with measurable logs?
Serve ads using contextual signals when users opt out—page content, time, and placement—rather than personal identifiers. Maintain a per-session opt-out token that ad servers and any model-based ranking systems must check before rendering creative. Log every ad impression with the token state and the cookie category path so you can prove that ads were delivered without a “sale.” When revenue leaders ask if it’s working, show side-by-side logs that the impression count stands while targeting cookies stay off.
Targeting and social media cookies enable personalized experiences but raise trust issues. What alternative approaches scale well, and which KPIs should product teams watch to avoid silent regressions?
Lean on cohorts that don’t follow individuals, on-device inference that never leaves the browser, and contextual ads tied to content. Watch engagement quality alongside retention so a switch away from deep tracking doesn’t hollow out the experience. Instrument opt-out usage and support tickets to detect friction that customers don’t always articulate. If quality drops, rework the context signals, not the privacy posture.
Because choices often apply only to one browser and device, how can users’ privacy preferences persist across devices without invasive tracking, and what cryptographic or account-based approaches would you recommend?
Offer an account-based preference center where users can bind their choices to login rather than a device. When they sign in, sync the choices to this browser and this device using a minimal token that proves the preference without exposing identity. Use signed receipts so services can verify the setting without calling home for each page view. The key is portability by consent, not clandestine linkage.
For AI systems trained on web data, how should consent, purpose limitation, and data provenance be enforced end-to-end, and what role should data nutrition labels or lineage graphs play?
Start with explicit purpose statements that match cookie categories and training goals, then enforce them with access controls so models can’t ingest beyond scope. Add provenance tags to every record, capturing consent state, cookie category, and site context. Data nutrition labels summarize what a dataset contains and why; lineage graphs show how it moved. Together, they let you answer the only question that matters: did we train on data we were allowed to use for the purpose we promised?
If a model ingests performance analytics, how do you prevent feedback loops that bias product decisions, what guardrails catch drift early, and can you share a time when instrumentation misled a team?
Keep performance analytics in a separate lane from outcome evaluation so you’re not grading your own homework. Establish guardrails that compare model-driven changes to a holdout path where the model has no influence. Once, a team celebrated improved site performance only to learn the model optimized for fewer page elements, starving features that users valued; support tickets told the real story. We reverted, reintroduced human judgment in the loop, and rebuilt dashboards that didn’t confuse speed with satisfaction.
When deploying frontier models internally, how do you sequence red-teaming, evals, and sandboxed pilots, what failure modes do you target first, and which incident response drills actually change behavior?
Start with red-teaming to surface unsafe behaviors, then run evals tailored to your purpose before any pilot sees live data. Pilot in a sandbox that enforces opt-outs, blocks unsanctioned tools, and records everything for replay. Target failures like deceptive reasoning, boundary overreach, and misuse of cookie-derived data. Drills that move the needle involve a mock opt-out failure and a forced rollback, complete with public lessons learned and a postmortem that sticks to evidence.
What incentives align engineers, legal, and marketing around privacy-by-design, how do you resolve conflicts over personalization vs. minimal data, and what artifacts keep everyone honest?
Tie milestones to shipped controls—working toggles, segregation of cookie categories, and replayable logs—so teams win by delivering verifiable privacy, not slideware. When conflicts arise, use purpose-bound experiments: contextual or cohort-based options compete fairly with targeting cookies, and outcomes are measured against trust and performance. Keep artifacts like runbooks for incidents, DPIAs for data risks, and model cards that detail training sources and limitations. These artifacts are less ceremony than compass—they help people argue productively, then decide.
Many organizations fear “compliance theater.” What concrete evidence—dashboards, retention proofs, opt-out audit trails—convinces regulators and customers that privacy and safety controls work at scale?
Build dashboards that visualize consent states by cookie category and show that opted-out sessions never appear in training lineages. Produce retention proofs that records age out on schedule, with immutable logs showing the exact moment they were purged. Preserve opt-out audit trails demonstrating that users could still see ads while the “sale” path stayed closed. When a regulator asks, you don’t tell a story—you replay the tape.
What is your forecast for more powerful AI?
Expect systems to feel more agentic and more embedded in day-to-day products, from analytics to advertising pipes. The world needs to get ready by aligning purpose, consent, and provenance before capabilities outrun governance. If we honor clearly separated cookie categories, enforce opt-outs at the data pipeline level, and keep training purpose-bound, the benefits will arrive with fewer bruises. My forecast is pragmatic: power will rise, and those who can prove what they collect, why they collect it, and how they stop when asked will lead.
