Software Scaled. Risk Didn’t.
Amir Kabir, Founding Partner of Overlook Ventures, on the trillion-dollar gap behind the AI economy and the firms being built to close it.
This is a long-form analysis piece and a departure from the standard edition format, published when the argument requires the space.
I. The Bankruptcy Line
The labs running today’s AI race have been candid about the math. A year of demand slippage and the most aggressive of them go bankrupt. It will be less about technology failure, but more so about the system around it that cannot absorb what gets built.
Consider the current scale: Hyperscalers are projected to spend roughly $600 billion on AI infrastructure in 2026 alone and closer to $1 trillion across the full supply chain. The industry is building 20 gigawatts of compute capacity this year, on a path to 300 gigawatts by 2029, at $10–13 billion per gigawatt. A single hyperscale campus now concentrates tens of millions of dollars of insured value per square foot. Autonomous agents inside the stack are making real-money decisions at inference speed. Seventy-nine percent of enterprise teams have deployed those agents and only twenty-one percent have a mature framework to govern them.
That is a systemic reliability bottleneck. It is the trillion-dollar gap in the Control Plane that decides which of these models are actually allowed to touch the real economy.
“Software scaled. Risk didn’t.”
II. The Three Exponentials
The frontier labs frame their world as two exponentials.
The first is the capability exponential: how fast models get smarter. By their own accounts, that curve is approaching its inflection. Models that passed the bar exam in 2024 are doing PhD-level reasoning in 2026. The leading labs are now projecting that the next twenty-four months produce systems performing at the level of a top human researcher across most economically valuable work.
The second is the diffusion exponential: how fast that capability flows into the economy. The most aggressive lab in the field went from zero to roughly $10 billion in annualized revenue in three years. Faster than any technology adoption curve in history. Real enough that its CEO has openly said the company could go bankrupt if demand slips by a single year.
They are right about the first two but are underestimating a third.
The trust & accountability exponential: the rate at which systems exist to secure, govern, insure, attribute, and underwrite autonomous action, is years behind the other two. And unlike the capability and diffusion curves, it is not really a curve at all. It does not double and it does not benefit from Moore’s Law, model scaling, or compute buildout. It moves at the speed of hardware certification, regulatory sandboxes, validation protocols, safety standard revisions, and institutional governance cycles.
AI can scale at the speed of compute. Trust scales at the speed of consequence.
Moreover, AI is the most visible catalyst, but autonomy is the deeper shift. For the first time in modern economic history, software is moving beyond prediction and recommendation into decision-making and action.
Google emerged from the abundance of information. CrowdStrike, Palo Alto Networks, and Okta emerged from the abundance of cloud computing.
The next generation of category-defining companies may emerge from the challenge of making intelligence trustworthy.
As systems gain the ability to make decisions, take actions, and hold delegated authority, entirely new forms of risk emerge. The infrastructure required to govern, secure, observe, verify, and transfer those risks is what we call the Infrastructure of Risk.
Look at some of the evidence: In insurance, ISO endorsements CG 40 47 and CG 40 48 just removed Generative AI from General Liability cover; overnight, a category of silent exposure that had been absorbed by existing policies became uninsured by default. Professional liability insurers are reclassifying agent errors as “systemic software drift,” an excluded category that leaves the loss with no carrier. In regulation, over 700 AI bills were introduced across 45 US states in 2024 alone, and the EU AI Act’s High-Risk mandates become enforceable in August 2026 with fines up to €35 million or 7% of global annual turnover. In disclosure, the S&P 500 share of companies citing AI as a material risk jumped from 12% in 2023 to 83% in 2025. In cybersecurity, US breach costs hit $10.22 million per incident, with one in six now involving Shadow AI agents inside the stack. In autonomous vehicles, NHTSA has pivoted its safety benchmarks from simulated miles to mandatory physical pass/fail evaluations, signaling that the sim-to-real defense is no longer a legal shield. In national security, governments are already restricting the deployment of certain frontier AI systems inside sensitive environments, illustrating that capability alone is insufficient when trust, attribution, and governance requirements are not met. In robotics, industrial humanoids are scaling on warehouse floors faster than the liability frameworks that govern autonomous physical actors can be written. And we haven’t even thought about what the world looks like with personal humanoid robots. In healthcare, certified diagnostic AI systems are running on patient populations they were never trained on. This is what researchers call zombie algorithms, because recertification cycles cannot keep pace with model drift.
Every one of those signals points the same direction: The systems creating capability are accelerating faster than the systems designed to absorb consequence. The gap points to markets that have not yet been built.
Capability can be engineered, while trust must be earned.
The capability and diffusion exponentials assume the trust exponential will catch up. It has not and it can’t, at this pace, without being built deliberately. Intelligence is becoming abundant. Balance-sheet capacity is not, and balance-sheet capacity is the financial, physical, and institutional capacity to finance, power, govern, and insure what software now makes possible at speed. When the trust exponential lags the capability exponential by years, capability stops being able to deploy. That is the gap.
That is the trillion-dollar question this decade will answer. Every major technological wave has required its own infrastructure layer to scale safely. The trust exponential is the next one.
“AI is the most visible catalyst, but autonomy is the deeper shift.”
III. The New Risk Surface
Every major technological wave creates new forms of risk.
The internet created cyber risk, globalization created supply chain risk, and cloud computing created concentration risk and many others. The rise of autonomous systems is creating an entirely new risk surface as it changes how failures propagate.
Moreover, historically a software bug affected one company, a manufacturing defect affected one product line, a human mistake affected one decision. AI changes those assumptions as a single model update can influence thousands of organizations simultaneously.
Correlated Decision Risk. Historically, organizations made independent decisions. They might have used similar tools, but the decisions themselves remained decentralized. AI changes that as increasingly, thousands of organizations rely on the same models, the same evaluation frameworks, and the same reasoning engines. The risk is not that systems fail together. The risk is that they think together. A flawed assumption, a model update, a hidden bias, or an unexpected failure mode can propagate across thousands of organizations simultaneously. Historically, diversification reduced exposure because decisions remained independent. For the first time, organizations are beginning to rely on shared cognition rather than merely shared infrastructure. That is a very different problem.
Model Dependency Risk. Organizations are increasingly outsourcing judgment to systems they neither built nor control. Previous generations outsourced compute, while this generation is outsourcing reasoning. Critical decisions increasingly depend on models whose incentives, training data, evolution, and decision-making processes remain outside the organization’s control. The question is what happens when a critical decision process depends on infrastructure owned by someone else.
Governance Risk. Software is increasingly embedded inside decisions rather than workflows. Customer service decisions, underwriting calls, legal review, code commits, compliance flags, healthcare triage, operational routing etc. Many of these are already being influenced or executed by automated systems, embedded models, and agentic tools that leadership cannot fully see or audit. AI is introducing ‘Architectural Fragility’ at the protocol level. We are embedding ‘black-box’ reasoning into critical infrastructure without the verification layers required to ensure that a model update in the cloud doesn’t cause a physical failure in the field.
Most organizations know they are adopting these systems. Far fewer can identify where they sit inside critical decisions and even fewer can explain what happens when they fail.
Autonomous and Embodied Risk begins when systems stop making recommendations and start taking actions. Agents move money, sign contracts, route shipments, approve claims, and increasingly interact with the physical world. For the first time, machines are beginning to hold delegated authority rather than merely providing advice.
The same transition is now occurring in warehouses, factories, logistics networks, hospitals, and eventually homes. Humanoid robots, autonomous vehicles, industrial automation systems, and AI-driven infrastructure are moving decision-making from software interfaces into the physical economy.
The challenge is who bears responsibility when these systems can act. Liability, safety, accountability, and risk transfer frameworks were built around human actors. They do not yet fully address a world where authority is increasingly delegated to autonomous systems.
Each of these risks creates a new infrastructure requirement. The mapping is direct:
Just as cybersecurity emerged from cyber risk, not as a single product line but as an ecosystem of monitoring, response, identity, and threat intelligence firms, each of these four categories will spawn its own ecosystem.
“The risk is not that systems fail together. The risk is that they think together.”
IV. The Builder
I have been a builder first and an investor second. I grew up in Europe, immigrated to the United States a little over a decade ago, and came to this thesis from inside the industry as an outsider.
I have spent my career building, operating, and scaling within the early-stage sector, from writing code and launching enterprise software startups to navigating capital formation and execution at day zero.
At Munich Re, I was on the founding team that built the venture platform, scaling it from roughly $50 million to over $1 billion in assets under management. The seat gave me an unusual macro perspective. I watched carriers underwrite the first generation of AI-driven companies. I watched the assumptions in those policies stop matching the exposures inside them. I watched reinsurers ask questions their treaties were not designed to answer.
Most investors saw sectors. However, from where I sat as an operator, sectors were the wrong unit of analysis. Insurance, cybersecurity, autonomous mobility, robotics, financial networks, and machine learning were all crashing into the exact same foundational bottleneck: innovation moving orders of magnitude faster than the institutions built to absorb its consequences.
Risk was the hidden horizontal layer underneath every market that mattered and the arrival of the autonomous economy has simply made that reality impossible to ignore. Overlook exists exclusively to build and back the infrastructure of that layer.
V. The Architects
Every technological revolution creates a new infrastructure layer. The internet required cloud infrastructure, digital commerce required cybersecurity and the autonomous economy will require risk infrastructure.
Overlook exists to back the architects building that layer.
We launched in 2025 and each of our portfolio companies exists because part of that infrastructure needs to be built. The layers map directly to the risk surface: verification and security for correlated decisions, control and resilience for model dependency, observability and audit for governance, accountability and risk transfer for autonomous and embodied systems. Read them not as a portfolio but as the layers of a system being assembled in real time.
Verification & Security. When decisions become correlated, they must be verified — both in their soundness and in their security. Asymmetric Security builds AI agents that automate incident response, delivering forensic-grade analysis in minutes. Hacktron extends the line into autonomous offense, automating the discovery and exploitation of code vulnerabilities so security teams can find them before adversaries do. Three stealth investments complete the layer: agent reliability infrastructure, autonomous security for AI agents themselves, and voice AI security for an attack surface that did not exist eighteen months ago.
Control & Resilience. When organizations outsource judgment to systems they neither built nor control, they need new control layers. Seedless builds synthetic data infrastructure for regulated AI adoption, because the industries that need AI most cannot let their real data leave the building. A stealth investment is building the post-training infrastructure that lets regulated industries adapt frontier models to their own data and risk constraints.
Observability & Audit. When software-driven decisions become invisible inside organizations, they must be made visible. Eloquent AI builds AI operators for regulated financial workflows, because the categories where mistakes are expensive e.g. insurance, healthcare, financial services have been left to last. Prediction Guard is the LLM safety and governance platform for regulated enterprises — the layer that determines what agents are allowed to do, what they can touch, and how those actions are logged, attributed, and audited. Alongside it, a stealth investment is building the agent reliability infrastructure that makes that control layer enforceable across orchestrated agent systems.
Accountability & Risk Transfer. When systems begin to hold delegated authority and act in the physical world, the consequences of their actions must be assignable and financially absorbable. IronGrid uses physics-informed modeling with AI to predict failures across critical infrastructure, because as AI moves into the physical economy, the ability to underwrite infrastructure risk must move with it. Strala is rebuilding the claims observability layer for carriers, captives, and MGAs, making real-time, trusted decisions possible in the most payout-critical workflows in the value chain. Soteris is rebuilding underwriting infrastructure from the ground up. Soma is rebuilding the distribution layer with autonomous AI brokers, starting in the $130B excess and surplus market.
VI. The Bet
Every transformative technology in history required new trust infrastructure invented from scratch. Steam engines created boiler insurance and the Hartford Steam Boiler. Electricity created fire codes and Underwriters Laboratories. Automobiles created the DMV, the seatbelt, and the modern auto insurance industry. Nuclear power created the IAEA. The firms and institutions that built each layer became permanent fixtures of the next century. AI is the same pattern, compressed. The trust infrastructure created for previous technological revolutions outlived the technologies themselves. The trust infrastructure created for AI will likely do the same.
Historically, the “Utility” layer of a technology wave produces the initial giants, but the “Integrity” layer, the firms that make that utility safe, compliant, and deployable for the global economy, ultimately captures a primary share of long-term, sustainable enterprise value. We expect the firms governing the autonomous economy to mirror the trajectory of the cloud and cybersecurity giants that preceded them.
The obvious counter is that the frontier labs will build this layer themselves. They will build parts of it. They are already investing heavily in safety, security, evaluation, and enterprise controls. But the trust layer cannot be owned entirely by the same actors racing to deploy capability. Markets require independent verification, external accountability, insurance capacity, legal attribution, and governance infrastructure whose incentives are not tied to model adoption. The trust exponential will be built partly inside the labs, but it will clear the market only through independent actors whose incentives run the other way.
Three predictions follow from it. Each one is testable, while none of them is consensus.
By 2030, Fortune 500 companies will spend more on governing AI than deploying AI. Not because regulators require it, but because the cost of operating without those controls becomes economically unacceptable.
Second, agent, autonomy and robotics (Physical AI) liability will become standalone insurance lines comparable in scale to cyber. The fastest-growing line in the industry since environmental cover emerged in the 1980s. The carriers writing the first policies today will own it for the next two decades.
Third, the most valuable AI infrastructure company of the next decade will build the layer that makes the models deployable. The frontier labs are right about the capability exponential. They are also, without quite naming it, defining the trillion-dollar gap that decides whether their vision scales.
Intelligence is becoming abundant, while trust is becoming scarce.
The next generation of trillion-dollar companies will be built around that imbalance.
— Amir
Founder, Managing Partner – Overlook VC
Twitter: @AmirKabir99 | 🔗 LinkedIn
🔗 Sign Up Executive Risk Dinners