Back to Insights
AI Governance5 min read

Even an Infinitely Fast Model Would Only Get You 2x

TokenShift Executive Note

Even an Infinitely Fast Model Would Only Get You 2x

The next time a vendor promises you a model that's "twice as fast," ask them Jeff Dean's question.

Google's chief scientist framed it at the NVIDIA GTC 2026 conference, sitting across from Bill Dally: if you make your model infinitely fast, you gain only a factor of two or three — as soon as the tools it operates account for a meaningful share of the work. Not ten. Not a hundred. Two or three.

This is Amdahl's law applied to your business. And it says something uncomfortable: the model is probably no longer your constraint.

The Bottleneck Has Moved Downstream

For three years, the race has been about the model's intelligence and speed. That race is becoming a sideshow — not because it's won, but because the chokepoint has shifted.

An agent can now produce, analyze, or decide at 10, 50, sometimes 100 times the human pace. But everything that comes after it — verification, approval, correction, integration into a real system — is still set to human clocks and processes designed for humans.

We call this limit the absorption ceiling: the maximum throughput at which your organization can verify, validate, and act on what AI produces. Below that ceiling, every gain in model speed is wasted. It's the metric nobody measures, yet it's the one that decides your ROI.

The Sharpest Evidence Comes From Cybersecurity

If you want to see the absorption ceiling laid bare, look at application security.

In August 2025, Google's Big Sleep agent autonomously discovered around twenty unknown flaws in massively used open-source software (FFmpeg, among others), and even identified a critical SQLite vulnerability (CVE-2025-6965) before it could be exploited. Anthropic, for its part, launched its Project Glasswing initiative in April 2026, where CrowdStrike's CTO sums up the shift in a single sentence: "the window between discovering a vulnerability and exploiting it has collapsed — what used to take months now plays out in minutes."

Finding flaws is exploding. And fixing them?

According to Edgescan's 2025 report, 45.4% of vulnerabilities detected in large enterprises are still unpatched after twelve months — nearly a fifth of them rated high or critical. The average time to remediate a critical flaw is still measured in months (on the order of 130 to 160 days, depending on the source), and two-thirds of organizations carry a backlog of more than 100,000 vulnerabilities.

The ability to find has moved to machine speed. The ability to fix has stayed at human speed. The gap between the two isn't a technical detail: it's precisely the absorption ceiling, and it's widening.

This Isn't Just a Security Problem

The same pattern replays in every function that adopts agents. Commentator Nate B. Jones puts it bluntly: an agent can produce at 100x, but if your organization only reviews at 3x, you haven't solved a problem — you've created a bottleneck.

And that's where the real danger lies for a COMEX. When output explodes and review can't keep up, the temptation is to loosen the review. You approve faster, you check less, you trust the agent's "self-reporting." You automate on top of a process you never mapped.

Automating a broken workflow simply gives you a faster broken workflow.

For a bank, an insurer, or a regulated infrastructure operator, that loosening isn't technical debt. It's legal and prudential exposure. The AI Act already mandates effective human oversight over high-risk uses — not a ticked box, but a real capacity to understand, challenge, and correct a model's output. An absorption ceiling set too low is compliance theater.

The Investment Mistake to Avoid

The strategic implication is counterintuitive, which makes it valuable.

Investing in a faster or smarter model when your constraint is downstream is like widening the inlet pipe when it's the drain that's clogged. You pay more to produce even more of what you already can't absorb. Amdahl's law guarantees you'll plateau at 2–3x — but the bill doesn't plateau.

The lever isn't the model. It's the redesign of the verification and decision layer: who validates, against what criteria, with what traceability, at what cadence. This is exactly the territory of governed production — explicit ownership, guardrails, model-independent observability, governance rhythm. Human work doesn't disappear; it moves up a notch, from "doing" to "verifying and arbitrating what the agents do."

4 Questions for Your Next COMEX

Before funding the next pilot or the next model upgrade, measure your absorption ceiling:

  1. Review throughput. For each agentic use case in flight, how many outputs per day can we actually verify and approve — and who does it?
  2. Independent observability. Would we know that an agent botched a task without relying on its own report? Through what third-party mechanism?
  3. Ownership of correction. When an output is wrong, who is named as responsible for fixing it, and in what timeframe? (Is our backlog growing or shrinking?)
  4. Scope of authority. What can an agent do on its own, and what requires human escalation — in writing, not by habit?

If you can't answer, your constraint isn't the power of AI. It's you. And the good news is that it's the only variable you fully control.

Honestly, which is the function where your output has already outrun your capacity to verify it?

Follow the TokenShift Page — we're preparing the September 2026 COMEX campaign on moving from pilot to governed production.

Sources: Jeff Dean (Google), NVIDIA GTC 2026 — OfficeChai, 2026 · Google Big Sleep / CVE-2025-6965 — Google Security Blog & SecurityWeek, August 2025 · Project Glasswing (CrowdStrike quote) — Anthropic, Apr. 7, 2026 · Vulnerability Statistics Report 2025 — Edgescan · Nate B. Jones, AI News & Strategy Daily (commentary).

#AIGovernance #EnterpriseAI #COMEX #AIAct #ProductionDeployment

Continue reading

View all insights