What is the AI trust gap in the workplace?

Only 27% of U.S. workers say they trust their employers to use AI responsibly, according to survey data cited by Mozilla's Mark Surman. The gap widens when employees suspect their work is being monitored or their data mined to train AI systems — research shows they begin withholding information, which undercuts the productivity gains companies are chasing.

What are Mark Surman's three principles for building AI trust?

Surman recommends three approaches: give employees agency over how AI is used in their work; be transparent about what AI systems access and what happens to the data; and make AI adoption reversible, so people aren't locked into systems they can't exit or question. All three draw on open-source principles from Mozilla's history.

What is 'portable private memory' in AI?

Portable private memory is a concept Surman introduced to describe user-controlled, interoperable memory across AI systems. The idea is that as AI agents build up context about you — your habits, preferences, communication patterns — that data should belong to you, be portable across platforms, and be private by default rather than locked inside a single provider's infrastructure.

What three questions should a CEO ask about their AI agents?

Okta CEO Todd McKinnon recommends asking: Where are my agents? What can they connect to? And what can they do? His assessment is that most companies' IT teams can't answer any of the three — a gap that grows more serious as agents are granted broader access to data and critical systems.

How do I evaluate a personal AI agent for privacy?

Start by identifying the privacy architecture: is the agent cloud-hosted (data leaves your device), on-device, or hybrid? Cloud-hosted tools like ChatGPT and Claude Pro process data on remote servers you don't control. Ask whether data is used to train models, whether you can export your data if you leave, and whether the agent requires a review step before taking external actions.

Build AI Trust at Work: Mark Surman's 3 Rules

Your employees are using AI. They’re also deeply skeptical of it — at least when it comes from the company. That gap is not a communications problem. It’s a control problem.

Mozilla’s Mark Surman, writing for Fast Company, laid out three ways CEOs can close that trust gap. On the surface, the advice is aimed at corporate leaders managing workforce anxiety. But read it from the angle of someone evaluating agentic AI tools — for your team, your workflow, or your own personal setup — and something clicks. The same principles that make enterprise AI trustworthy are the ones that make a personal AI agent worth using.

There’s one part of Surman’s thinking that the headline misses entirely. We’ll get to it after we unpack the three rules.

What Mark Surman Actually Said

Surman’s piece in Fast Company opens with a number that should make any business leader uncomfortable. Only 27% of workers in the U.S. say they trust their employers to use AI responsibly. Less than one in three. And that survey was conducted before most enterprise AI rollouts hit full stride.

Surman draws on decades of open-source thinking — Mozilla built Firefox on the premise that software should be transparent and user-controlled — to offer three principles for CEOs.

First: give employees agency. Don’t deploy AI as a surveillance tool or a way to extract knowledge from workers so machines can replace them. Have employees be part of shaping how AI gets used. Surman cites Harvard Business School professor Karim Lakhani, whose research points toward AI-human collaboration as the productive mode — not AI-as-replacement.

Second: be transparent. Research shows that when employees suspect their data is being mined, they withhold information. The productivity gain you’re chasing evaporates. Surman argues for open communication about what AI systems do, what they access, and what happens to the data.

Third: make it reversible. Don’t lock employees — or users — into AI systems they can’t exit, modify, or question. This is the open-source instinct applied to enterprise software.

Why AI Trust Is the Real Bottleneck — Not the Models

Let me translate this from CEO advice to plain English for anyone running or evaluating a personal AI agent.

The trust problem Surman describes at the enterprise level is the same one playing out at the individual level. You’ve probably tried several AI tools. Most of them asked you to hand over access — to your email, your calendar, your files — without being especially clear about what happens to that data afterward. That hesitation you felt? It wasn’t irrational. It was correct.

VentureBeat recently reported that trust, not model capability or compute availability, is the primary reason enterprises haven’t moved agentic AI from experiment to production. The quote from their coverage landed cleanly: organizations are experimenting, but few have moved into real operational environments because “trust has become this gating factor.” That’s the same dynamic Surman is describing — just at a different scale.

Okta CEO Todd McKinnon made the same point from a security angle in a Semafor interview this April. His advice for evaluating AI agents: ask three questions. Where are my agents? What can they connect to? What can they do? His honest assessment was that at most companies, the in-house IT team can’t answer any of those questions. That’s not a niche technical gap. That’s a trust gap with teeth.

The Part the Headline Misses: Portable Private Memory

Here’s where Surman’s thinking gets more interesting than the three-bullet summary suggests.

In a longer interview with MediaNama, Surman introduced the concept of “portable private memory” — the idea that as browsers become agent interfaces, users should own and control the memory those agents accumulate about them. It should be interoperable, meaning you can take it from one AI system to another. And it should be private by default.

This is directly relevant to anyone evaluating a personal AI assistant right now. The AI agent you’re using today is building a picture of you — your habits, your contacts, your communication patterns, your decision-making style. The question isn’t whether that’s happening. It is. The question is: who owns that picture, and what happens to it if you switch platforms?

Surman sees this as a competitive and user-rights issue. OpenAI and Perplexity are both building browsers, effectively trying to own the interface layer where agents operate. Mozilla — which built its entire identity around an open, user-controlled web — is arguing that agent memory should not become another lock-in mechanism.

For individual users, this isn’t abstract. The privacy architecture of your AI agent is the single most important evaluation criterion, and it’s the one most people skip. A useful framework from Nevo Systems breaks the market into three models: cloud-hosted (your data leaves your device and is processed on remote servers), on-device, and hybrid. Most mainstream tools — ChatGPT, Claude Pro, Gemini — are cloud-hosted. Your conversations are transmitted, processed, and stored on infrastructure you don’t control.

What to Do With Surman’s Framework Right Now

Whether you’re a CEO deploying AI across a team or an individual setting up a personal AI agent, Surman’s principles translate into concrete questions to ask before you commit:

Ask the agency question. Does this AI system give you control over how it’s used, or does it make decisions on your behalf without a review step? Any agent worth trusting should draft first and act second — showing you what it’s about to do before it does it.
Ask the transparency question. What data does this agent access? What does the provider do with it? If the answer isn’t clearly stated in plain language, treat that as a red flag, not a paperwork oversight.

Beacon the lighthouse illuminating a glowing handshake, symbolizing AI trust, on a dark navy background. Beacon knows trust isn’t built in the dark — it takes steady light, honest signals, and showing up consistently.

Ask the portability question. If you stop using this platform tomorrow, what happens to the context it has accumulated about you — your files, your preferences, your communication history? Can you export it? Does it disappear?
Ask McKinnon’s three questions. Where is your agent running? What systems can it connect to? What actions can it take without your approval? If you can’t answer all three, your agent has more permissions than you’ve audited.
Check the review step. For any AI tool that touches external communication — email, client messages, documents — confirm there is a human review step before anything gets sent or changed. This is non-negotiable.

What This Signals for the AI Agent Market

Surman has spent years thinking about AI trust — not as a PR problem, but as a structural one. His work through Mozilla included investing in AI startups and running an AI fellows program with researchers studying ethics and bias. His view is shaped by watching how the open web got captured by platforms that prioritized engagement over user control.

The same capture risk exists with AI agents. The companies building the agent interface layer — browsers, memory systems, orchestration tools — will have significant leverage over users who don’t pay attention to where their data goes and who can use it.

For a deeper look at how agentic AI companies are positioning themselves around these dynamics, the piece on agentic AI companies building in 2026 covers the competitive landscape in more detail. The trust question is at the center of it.

The teams that figure out how to make AI trustworthy — not just capable — will win users who stay. The ones that optimize purely for capability will keep cycling through churned accounts from people who handed over access, got nervous, and deleted the app.

Three Things That Should Change How You Evaluate AI Tools

Only 27% of U.S. workers trust their employers to use AI responsibly — a number that hasn’t improved as enterprise AI deployments have accelerated. The tools moving faster than the trust infrastructure is a structural problem, not a communications one.
Trust, not model capability, is the primary bottleneck preventing enterprises from deploying agentic AI in production. The same dynamic applies to individual adoption: people hesitate not because the AI doesn’t work, but because they don’t know what it does with their data.
Mozilla’s Mark Surman argues for three CEO principles — employee agency, transparency, and reversibility — that map directly onto what to look for when choosing any personal AI agent or platform.
The concept of ‘portable private memory’ signals the next battle in the AI agent space: who owns the context your agent builds about you, and whether you can take it with you when you switch platforms.
Before deploying any AI agent, ask four questions: What data does it access? What can it do without my approval? What happens to my data if I leave? Is there a review step before it acts externally?

Mozilla’s Mark Surman on 3 ways CEOs can build trust in AI

What Mark Surman Actually Said

Why AI Trust Is the Real Bottleneck — Not the Models

The Part the Headline Misses: Portable Private Memory

What to Do With Surman’s Framework Right Now

What This Signals for the AI Agent Market

Three Things That Should Change How You Evaluate AI Tools

Related Articles

Bitget AI Hits 1 Million Users and $1.2B in Agent Trading Volume Across 58 Tools

Harvard and MIT-linked ToolUniverse powers AI scientists | ETIH EdTech News

Best AI Agents in 2026: Tested, Ranked & Compared by Use Case