What Mission Command Teaches Us About Working With AI
AI has created a familiar temptation for business leaders: hand more work to the machine and assume speed will solve the problem.
In cybersecurity, that instinct can be dangerous.
The real opportunity is not to replace judgment. It is to extend the reach of good judgment. That distinction matters, especially in environments where mistakes can affect public safety, emergency communications, critical infrastructure, business continuity, and trust.
For leaders with a military background, this way of thinking is not new. The military has spent generations developing methods for leading people through uncertainty, complexity, incomplete information, time pressure, and changing conditions. Those methods were not built for AI, but some of them map surprisingly well to the responsible use of AI agents.
One of the strongest examples is mission command.
Army doctrine describes a commander’s role during operations through a recurring set of activities: understand, visualize, describe, direct, lead, and assess. That framework is useful far beyond the battlefield because it describes what leadership actually has to do when the environment is moving faster than one person can personally control.
That is also the problem AI agents are beginning to introduce into modern organizations.
An AI agent can read, summarize, query, draft, inspect, classify, recommend, and sometimes act through connected tools. Used well, that can increase speed and reduce cognitive load. Used poorly, it can create quiet errors, unclear authority, weak accountability, and automation that moves faster than leadership understands.
The answer is not to reject AI. It is to lead it properly.
A commander does not succeed by issuing vague instructions and hoping the staff guesses correctly. The commander builds shared understanding, defines the purpose, describes the desired end state, gives direction, monitors execution, and reassesses as conditions change.
That same discipline applies to AI-supported work.
Before using an agent, leaders need to understand the environment. What problem is being solved? What data is involved? What decisions are high consequence? What systems could be affected? What would a wrong answer cost?
Then they need to visualize the operational approach. Where does AI belong in the workflow? What work should remain human-led? Where should the agent gather information, prepare analysis, or recommend options? Where should it stop and ask for review?
Then leaders have to describe intent. This is where many AI efforts fail. A weak prompt gives a task. A strong intent gives purpose, constraints, priorities, acceptable risk, and the standard for success.
Then leaders direct action. That may mean assigning an agent a narrow research task, having it prepare a first-pass analysis, using it to compare evidence, or asking it to monitor a defined source set. Direction should include boundaries. Which sources are trusted? Which actions are prohibited? What requires approval? What must be preserved?
Leadership still matters after the task begins. Someone must evaluate the work, ask whether the output fits the mission, and decide what to do next. AI can support decision-making, but it does not carry the responsibility for the decision.
Finally, leaders assess continuously. Conditions change. Data changes. The agent may misunderstand the task. A source may be outdated. A recommendation may be technically correct but operationally wrong. Continuous assessment is what keeps AI from becoming unsupervised momentum.
This is why the staff model is such a useful way to think about AI agents.
A good staff does not replace the commander or leader. It extends the leader’s ability to understand, plan, coordinate, execute, and assess. Staff members bring specialization, speed, and parallel effort. But their work still has to align to intent. It still has to be reviewed. It still has to serve the mission.
AI agents can play a similar supporting role when they are treated as staff capacity, not independent authority. That distinction is especially important in cybersecurity.
Cybersecurity is full of tasks that benefit from speed: log review, alert triage, vulnerability research, policy comparison, documentation, threat summarization, control mapping, and incident preparation. AI can help teams move through those tasks faster.
But cybersecurity is also full of decisions that require context: whether an event is operationally significant, whether a control is practical for a client, whether a recommendation matches the risk environment, whether a system change could disrupt service, whether a response plan fits a real organization under stress.
Those decisions require human accountability.
That is why the more mature model is not “AI runs security.” It is human-led, AI-assisted security operations. AI helps increase visibility, reduce repetitive burden, organize information, and accelerate analysis. Humans retain responsibility for judgment, prioritization, communication, and action.
This is also where mission command offers a useful warning. Mission command is not loose delegation. It depends on competence, mutual trust, shared understanding, clear intent, disciplined initiative, mission orders, and prudent risk. Without those conditions, decentralized execution becomes confusion.
The same is true with AI.
An organization cannot safely scale agents without clear roles, defined authority, review points, source discipline, data protections, and escalation rules. The agent needs boundaries. The human team needs training. Leadership needs enough understanding to know when the system is helping and when it is drifting.
Responsible AI guidance points in the same direction. NIST’s AI Risk Management Framework emphasizes that AI risk has to be managed across design, development, use, and evaluation. The Department of Defense’s responsible AI work similarly frames trust as something built through governance, testing, accountability, human systems integration, and safety considerations. Microsoft Research has also highlighted that human-agent communication brings new challenges around transparency and control.
Those are not abstract governance concerns. They are operating concerns.
If an AI agent is going to support real work, leaders need to know what it was asked to do, what information it used, what assumptions it made, what action it recommends, and where human approval is required. That is the chain of authority between human intent and machine-assisted action.
For OTM Cyber, this way of thinking fits the work we already do. Cybersecurity for public safety, government, business, and critical infrastructure is not just a technical exercise. It is a leadership problem under operational pressure. The question is not only whether a tool is advanced. The question is whether it helps people make better decisions, protect essential services, and respond with discipline when conditions change.
AI has a place in that work, and a meaningful one at that.
I can’t stress this enough: The best use of AI is not dependence. It is leverage. It gives skilled teams more reach, more speed, and more capacity when it is governed by clear intent and human accountability.
That is the lesson mission command brings into the AI era.
Technology can support the staff. It can sharpen the picture. It can reduce friction. It can help leaders see more, decide faster, and keep more work moving.
But leadership still has to do the leading.
That responsibility does not go away because the tools improve. If anything, it becomes more important.
Sources
Continue the conversation.
Explore related services or talk with OTM Cyber about the cybersecurity pressures facing your environment.