Judge AI use by proportion, not yes/no
Require disclosure and provenance to prove human lead
Apply thresholds (≤20%, 20–50%, >50%) to grade and govern

Sixty-two percent of people say they would like their favorite artwork less if they learned it was created entirely by artificial intelligence, with no human involvement. Eighty-one percent believe the emotional value of human art differs from that of AI output. However, in the same survey, a plurality considered people who use AI to create art as artists if they provide “significant guidance” over the tool. This suggests that the public is not outright rejecting AI; instead, it is making distinctions based on the level of human involvement. The question of how much tool support we will accept before labeling a work as “not genuine” has become a key issue for education, the creative industries, and democratic culture. We should stop debating whether AI should be in classrooms and studios and start discussing the level of AI involvement needed to maintain authorship and trust. The good news is we can measure, disclose, and manage that level, opening up new possibilities for creativity and collaboration.

The Missing Metric: Proportion of AI Involvement

The primary issue with current classroom policies is the prevalence of binary thinking. Assignments are labeled as AI or not-AI, as if one prompt means plagiarism and one revised paragraph implies purity. This approach is already failing on two fronts. First, AI-text detectors are clearly unreliable and biased, with peer-reviewed studies showing they often falsely accuse non-native English speakers. Some universities have paused or limited the use of these detectors for this reason. Second, students and instructors are increasingly using generative tools; surveys in 2024 found that about three in five students used AI regularly, compared to about a third of instructors. Policies need to catch up with actual practices by using a metric that understands varying degrees of assistance, rather than one that shifts between innocence and guilt.

A workable standard should focus on the process, not just the product: What percentage of the work’s substance, structure, and surface was created by a model instead of the author? Since we cannot look inside someone’s mind, we should gather evidence around it. Part of that evidence could include provenance—verifiable metadata that shows whether and how AI was used. The open C2PA/Content Credentials system is now being implemented across major creative platforms. Even social networks are starting to read and display these labels automatically. Regulators are following suit: the EU’s AI Act requires providers to label synthetic media and inform users when they interact with AI systems. Meanwhile, the U.S. Copyright Office has established a requirement for human authorship, and courts have confirmed that purely AI-generated works lack copyright protection. Together, these developments make transparency essential for trust.

“Proportion” must be measurable, not mystical. Education providers can combine three clear signals. First, version history and edit differences: in documents, slides, and code, we can see how many tokens or characters were pasted or changed, and how the text evolved. Second, prompt and output logs: most systems can produce a time-stamped record of inputs and outputs for review. Third, content credentials: when available, embedded metadata shows whether an asset was created by a model, edited, or just imported. None of this is about perfect detection; it’s about making a plausible, defensible estimate. As a method note, if an assignment is 1,800 words long and the logs show three pasted AI passages totaling about 450 words, plus smaller AI-edited fragments of another 150 words, a reasonable starting estimate of AI involvement would be 33% to 35%. Instructors can adjust this estimate based on the complexity of those sections, as structure and argument often count more than sentence refinement. The goal is consistency and due process, not courtroom certainty.

This process approach also respects the real capabilities of today’s generative systems. Modern models are impressive at quickly combining known patterns. They interpolate within the range of their training data; they do not intentionally seek novelty beyond it. However, current research warns that training loops filled with synthetic outputs can lead to “model collapse,” a situation where models forget rare events and drift toward uniform and sometimes nonsensical output. This is a significant reason to preserve and value human originality in the data ecosystem. Proportion rules in schools and studios thus protect not just assessment integrity, but also the future of the models by keeping human-made, context-rich work involved.

What Counts as Genuine? Evidence and a Policy Threshold

Public attitudes reveal a consistent principle: people are more accepting of AI when a human clearly takes charge. In the 2025 survey mentioned earlier, most respondents disliked fully automated art; the largest group accepted AI users as artists only when they provided “significant guidance,” Such as choosing the color palette, deciding on the composition, or making the final artistic decisions. Similar trends appear in the news: audiences prefer “behind-the-scenes” AI use to AI-written stories and want clear indications when automation plays a visible role. Additionally, more than half of Americans believe generative systems should credit their sources—another sign that tracking origins and accountability, rather than the absence of tools, underpins legitimacy. These findings do not pinpoint the exact line, but they illustrate how to draw it: traceable human intent combined with clear tool use builds trust.

A proportion-based policy can put that principle into action with categories that reflect meaningful shifts in authorship. One proposal that institutions can adopt today is as follows: works with 20% or less AI involvement may be submitted with a brief disclosure stating “assisted drafting and grammar” and will be treated as human-led. Works with more than 20% and up to 50% require an authorship statement outlining the decisions the student or artist made that the system could not—such as choosing the research frame, designing figures, directing a narrative, or staging a shot—so the contribution is clear as co-creation. Any work with more than 50% AI origin should carry a visible synthetic-first label and, in graded contexts, be assessed mainly on editorial judgment rather than original expression. These thresholds are guidelines, not laws, and can be adjusted by discipline. They provide educators with the middle ground between “ban” and “anything goes,” in line with how audiences already evaluate authenticity. This policy ensures fairness and objectivity in assessing the role of AI in creative work, instilling confidence in its implementation.

This approach also aligns with the views of artists and scholars on the irreplaceable nature of human work. Research from the Oxford Internet Institute suggests that machine learning will not replace artists; it will reshape their workflows while keeping core creative judgment in human hands. Creators express both anxiety and pragmatism: AI lowers barriers to entry and speeds up iteration, but it also risks homogenization and diminishes the value placed on craftsmanship unless gatekeepers reward evidence of the creative process and provenance. Education can establish a reward structure early, allowing graduates to develop habits that the labor market recognizes.

From Classroom to Creative Labor Markets: Building the New Trust Stack

If proportion is the key metric, process portfolios are the way forward. Instead of a single deliverable, students should present a brief dossier: the final work, a log of drafts, prompts, and edits, a one-page authorship statement, and, where applicable, embedded Content Credentials across images, audio, and video. This dossier should become routine and not punitive: students learn to explain their decisions, instructors evaluate their thinking, and reviewers see how, where, and why AI fits in. For high-stakes assessments, panels can review a subset of dossiers for audit. The message is straightforward: disclose, reflect, and show control. This is much fairer than relying on detectors known to misfire, especially against multilingual learners.

Administrators can transform proportion-based policy into governance with three strategies. First, standardize disclosures by implementing a campus-wide authorship statement template that accompanies assignments and theses. Second, require provenance where possible: enable C2PA in creative labs and recommend platforms that maintain metadata. Notably, mainstream networks have begun to automatically label AI-generated content uploaded from other platforms, signaling that provenance will soon be expected beyond the campus. Third, align with laws: the transparency rules in the EU AI Act and U.S. copyright guidance already indicate the need to mark synthetic content and uphold human authorship for protection. Compliance will naturally follow from good teaching practices.

Policymakers should assist in standardizing this “trust stack.” Fund open-source provenance tools and pilot programs; encourage collaborations between disciplines like arts schools, journalism programs, and design departments to agree on discipline-specific thresholds; and synchronize labels so audiences receive the same signals across sectors. Public trust is the ultimate benefit: when labels are consistent and authorship statements are routine, consumers can reward the kind of human leadership they value. The same logic applies to labor markets. Projections indicate AI will both create and eliminate jobs; a 2025 employer survey predicts job reductions for tasks that can be automated, but growth in AI-related roles. Meanwhile, recent data from one large U.S. area shows that AI adoption has not yet led to broad job losses; businesses are focusing on retraining rather than replacing workers. For graduates, the message is clear: the job market will split, favoring human-led creativity combined with tool skills over generic production. Training based on proportions becomes their advantage.

Lastly, proportion standards help guard against subtle systemic risks. If classrooms inundate the world with uncredited synthetic content, models will learn from their own outputs and deteriorate. Recent studies in Nature and industry suggest that heavy reliance on synthetic data can lead to models that “forget” rare occurrences and fall into uniformity. Other research indicates that careful mixing with human data can alleviate this risk. Education should push the boundaries of ideas, not limit them. Teaching students to disclose and manage their AI usage in ways that highlight their own originality protects both academic values and the quality of human data required for future systems.

The public has already indicated where legitimacy begins: most people will accept AI in art or scholarship when a human demonstrates clear leadership. The earlier statistic—62 percent—should be interpreted not as a rejection of tools, but as a demand for clear, human-centered authorship. Education can meet this demand through a proportion-based standard: measure the level of AI involvement, require disclosure and reflection, and evaluate the human decisions that provide meaning. Institutions that build this trust framework—process portfolios, default provenance, and sensible thresholds—will produce students who can confidently say, “this is mine, and here’s how I used the machine.” This approach will resonate across creative industries that increasingly seek visible human intent, preserving a rich cultural and scientific record filled with the kind of human originality that models cannot produce on their own. The question is no longer whether to use AI. It is how much and how openly we can use it while remaining genuine. The answer starts with proportion and should be incorporated into policy now.

The views expressed in this article are those of the author(s) and do not necessarily reflect the official position of the Swiss Institute of Artificial Intelligence (SIAI) or its affiliates.

References

Adobe. (2024, Jan. 26). Seizing the moment: Content Credentials in 2024.
Adobe. (2024, Mar. 26). Expanding access for Content Credentials.
Béchard, D. E., & Kreiman, G. (2025, Sept. 7). People want AI to help artists, not be the artist. Scientific American.
European Union. (2024). AI Act—Article 50: Transparency obligations.
Financial Times. (2024, Jul. 24). AI models fed AI-generated data quickly spew nonsense (Nature coverage).
Kollar, D. (2025, Feb. 14). Will AI threaten original artistic creation? Substack.
Nature. (2024). Shumailov, I., et al. AI models collapse when trained on recursively generated data.
Oxford Internet Institute. (2022, Mar. 3). Art for our sake: Artists cannot be replaced by machines – study. University of Oxford.
Pew Research Center. (2024, Mar. 26). Many Americans think generative AI programs should credit their sources.
Reuters. (2025, Mar. 18). U.S. appeals court rejects copyrights for purely AI-generated art without human creator.
Reuters Institute. (2024, Jun. 17). Public attitudes towards the use of AI in journalism. In Digital News Report 2024.
Stanford HAI. (2023, May 15). AI detectors are biased against non-native English writers.
TikTok Newsroom. (2024, May 9). Partnering with our industry to advance AI transparency and literacy.
Tyton Partners. (2024, Jun. 20). Time for Class 2024 (Lumina Foundation PDF).
U.S. Copyright Office. (2023, Mar. 16). Works containing material generated by artificial intelligence (Policy statement).
Vanderbilt University. (2023, Aug. 16). Guidance on AI detection and why we’re disabling Turnitin’s AI detector.
Federal Reserve Bank of New York (via Reuters). (2025, Sept. 4). AI not affecting job market much so far.
World Economic Forum. (2025, Jan. 7). Future of Jobs Report 2025.

The real risk isn’t the LLM’s words but the agent’s actions with your credentials
Malicious images, pages, or files can hijack agents and trigger privileged workflows
Treat agents as superusers: least privilege, gated tools, full logs, and human checks

In 2025, the average cost of a U.S. data breach reached $10.22 million. Thirteen percent of surveyed organizations reported that an AI model or application was involved, yet 97% of them did not have proper AI access controls. This number should prompt us to rethink our threat model. We focus on the language model—its cleverness, its mistakes, its jailbreaks—while the real risk lies just one step away: the agent that holds keys, clicks buttons, opens files, fetches URLs, executes workflows, and impersonates us across business systems. When a seemingly "harmless" image, calendar invite, or web page provides instructions that an agent follows without question, the potential damage is not simply a bad paragraph; it is a chain of actions performed under your identity. Recent examples have demonstrated "silent hijacking" with minimal or no user interaction, involving mainstream assistants. If we continue to treat these incidents as model problems, we will continue to create superusers with inadequate controls. The solution starts by identifying the risk at its source: the LLM-based program that takes action.

From Chat to System Actor

The significant change is not about better or worse statistics, but about operations. An agent comprises prompt logic, tools and plugins, credentials, and policies. It can browse, run code, read emails, query CRMs, push tickets, edit spreadsheets, and make purchases. This combination brings traditional attack surfaces into a modern interface. Consider a support agent that reads PDFs, screenshots, and forms. A single compromised image or document can carry harmful instructions that the model unwittingly turns into actions—such as forwarding sensitive files, visiting attacker-controlled URLs, or stealing tokens. This is why image or pixel-level manipulations matter now: they don't just "trick" the model, but push a tool-enabled process to take action. Viewing this solely as a content moderation issue overlooks a larger systems problem: input handling, privilege boundaries, output filtering, and identity controls for software that takes action.

Security researchers and practitioners have started to recognize this shift. The OWASP Top 10 for LLM applications warns about prompt injection, insecure output handling, and vulnerabilities associated with plugins and third-party APIs. UK guidance on securely deploying machine-learning systems emphasizes the importance of the runtime environment, including credentials, storage, and monitoring. Attacks often combine methods and exploit areas where the software can act. Most agent incidents are not 'model failures' but failures related to identity and action: over-privileged tokens, unchecked toolchains, unrestricted browsing, and the absence of human oversight for high-risk activities. This necessitates a different solution: treating the agent like a privileged automation account with minimal privileges, outbound controls, and clear logs rather than as a chat interface with simple safeguards.

The description of credentials is particularly overlooked. Unit 42 points out that the theft or misuse of agent credentials puts every downstream system the agent can access at risk. Axios reported that "securing AI agent identities" was a significant theme at RSA this year. If your help desk agent can open HR tickets or your research agent can access lab drives and grant permissions, then agent impersonation represents a serious breach, not just a minor user interface annoyance. The central issue is simple: we connected a probabilistic planner to predictable tools and gave it the keys. The straightforward fix is to issue fewer keys, monitor the doors, and restrict the planner's access to certain areas.

What the Evidence Really Shows

Emerging evidence leads to one uncomfortable conclusion: AI agents are real targets today. In August, researchers revealed "silent hijacking" techniques that enable attackers to manipulate popular enterprise assistants with minimal interaction, thereby facilitating data theft and workflow changes. Shortly after, the trade press and professional organizations highlighted these findings: commonly used agents from major vendors can be hijacked, often by embedding malicious content in areas the agent already visits. The pattern is worryingly similar to web security—tainted inputs and over-trusted outputs—but the stakes are higher because the actor is different: software already authorized to operate within your company.

Governments and standards organizations have responded by extending traditional cyber guidelines into the agent era. A joint U.S. and international advisory on safely deploying AI systems emphasizes that defenses should cover the entire environment, not just the model interface. NIST's Generative AI Profile translates this approach into operational controls: define and test misuse scenarios, carefully restrict tool access by design, and monitor for unusual agent behavior like you would for any privileged service. These measures align with OWASP's focus on output handling and supply-chain risks—issues that arise when agents access code libraries, plugins, and external sites. None of this is groundbreaking; it's DevSecOps for a new type of automation that communicates.

The cost and prevalence of these issues underscore the urgency of addressing this issue for educators and public-sector administrators. According to IBM's 2025 study, the global average breach cost is around $4.44 million, with the U.S. average exceeding $10 million. 'Shadow AI' appeared in about 20% of breaches, adding hundreds of thousands of dollars to response costs. In a large university, if 20% of incidents now involve unauthorized or unmanaged AI tools, and even a small percentage of those incidents go through an over-privileged agent connected to student records or grant systems, the potential loss—financial, operational, and reputational—quickly adds up. A conservative estimate for a 25,000-student institution facing a breach with U.S.-typical costs suggests that the difference can mean a challenging year or a canceled program. We can debate specific numbers, but we cannot ignore the trend.

The demonstration area continues to expand. Trend Micro's research series catalogs specific weaknesses in agents, ranging from code execution misconfigurations to data theft risks concealed in external content, illustrating how these vulnerabilities can be exploited when agents fetch, execute, and write. Additionally, studies have reported that pixel-level tricks in images and seemingly harmless user interface elements can mislead agents that rely on visual models or screen readers. The message is clear: once an LLM takes on the role of a controller for tools, the relevant safeguards shift to securing those tools rather than just maintaining prompt integrity. Focusing only on jailbreak prompts misses the bigger picture; often, the most harmful attacks don't aim to outperform the model at all. Instead, they exploit the agent's permissions.

A Safer Pattern for Schools and Public Institutions

The education sector presents an ideal environment for agent risk: large data sets, numerous loosely managed SaaS tools, diverse user groups, and constant pressure to "do more with less." The same features that make agents appealing—automating admissions, drafting grant reports, monitoring procurement, or large-scale tutoring—also pose risks when guidelines are unclear. Here's a practical approach that aligns with established security norms: begin with identity, limit the keys, monitor actions, capture outputs, and involve a human in any processes that impact finances, grades, credentials, or health records. In practice, this means using agent-specific service accounts, temporary and limited tokens, clear tool allow-lists, and runtime policies that prevent file modifications, network access, or API calls beyond approved domains. When an agent needs temporary elevated access—for example, to submit a purchase order—they require a second factor or explicit human approval. This is not just "AI safety"; it's access management for a communicative RPA.

Implement that pattern with controls that educators and IT teams know well. Use NIST's GenAI profile as a checklist for procurement and deployment, map agent actions against your risk register, and develop scenarios for potential misuse, such as indirect prompt injection through student submissions, vendor documents, or public websites. Utilize the OWASP Top 10 for LLM apps to guide your testing: simulate prompt injection, ensure outputs do not activate unvetted tools, and test input variability. Follow the UK NCSC's deployment recommendations: safeguard sensitive data, run code in a secure environment, track all agent activities, and continually watch for unusual behaviors. Finally, treat agent credentials with utmost importance. If Unit 42 warns about agent impersonation, take it seriously—update keys, restrict tokens to single tools, and store them in a managed vault with real-time access. These are security practices already in place; the change lies in applying them to software that mimics user behavior.

Education leaders must also rethink their governance expectations. Shadow AI is not a moral issue; it's a procurement and enablement challenge. Staff members will adopt tools that work for them. If central IT does not provide authorized agents with clear features, people will use browser extensions and paste API keys into unapproved apps. The IBM data is crystal clear: unmanaged AI contributes to breaches and escalates costs. An effective response is to create a "campus agent catalog" of approved features, with levels of authorization: green (read-only), amber (able to write to internal systems with human oversight), and red (financial or identity actions requiring strict control). Combine this with a transparent audit process that tracks agent actions as you would for any other enterprise service. Encourage use by making the approved route the easiest option: set up pre-configured tokens, vetted toolchains, and one-click workspaces for departments. A culture of security will follow convenience.

Objections will arise. Some may argue that strict output filters and safer prompts suffice; others might insist that "our model never connects to the internet." However, documented incidents show that content-layer restrictions fail when the agent is trusted to act, and "offline" quickly becomes irrelevant once plugins and file access are included. A more thoughtful critique may center on costs and complexity. This is valid—segmented sandboxes, egress filtering, and human oversight can slow down teams. The key is focusing on impact: prioritize where agents can access finances or permissions, not where they merely suggest reading lists. The additional cost of limiting an agent that interacts with student finances is negligible compared to the expense of cleaning up after a credential-based breach. As with any modernization effort, we implement changes in stages and sequence risk reduction; we do not wait for a flawless control framework to ensure safer defaults.

Incidents in the U.S. cost double-digit millions, with a growing number tied to AI systems lacking essential access controls. The evidence has consistently pointed in one clear direction. The issue is not the sophistication of a model; it is the capability of software connected to your systems with your keys. Images, web pages, and files now serve as operational inputs that can prompt an agent to act. If we accept this perspective, the path forward is familiar. Treat agents as superusers deserving the same scrutiny we apply to service accounts and privileged automation: default to least privilege, explicitly restrict tool access, implement content origin and sanitization rules, maintain comprehensive logs, monitor for anomalies, and require human approval for high-impact actions. In education, where trust is essential and budgets are tight, this is not optional. It is necessary for unlocking significant productivity safely. Identify the risk where it exists, and we can mitigate it. If we keep viewing it as a "chatbot" issue, we will continue to pay for someone else's actions.

The views expressed in this article are those of the author(s) and do not necessarily reflect the official position of the Swiss Institute of Artificial Intelligence (SIAI) or its affiliates.

References

Axios. (2025, May 6). New cybersecurity risk: AI agents going rogue.
Cybersecurity and Infrastructure Security Agency (CISA) et al. (2024, Apr. 15). Deploying AI Systems Securely (Joint Cybersecurity Information).
Cybersecurity Dive (Jones, D.). (2025, Aug. 11). Research shows AI agents are highly vulnerable to hijacking attacks.
IBM. (2025). Cost of a Data Breach Report 2025.
IBM Newsroom. (2025, Jul. 30). 13% of organizations reported breaches of AI models or applications; 97% lacked proper AI access controls.
Infosecurity Magazine. (2025, Jun.). #Infosec2025: Concern grows over agentic AI security risks.
Kiplinger. (2025, Sept.). How AI puts company data at risk.
NCSC (UK). (n.d.). Machine learning principles: Secure deployment.
NCSC (UK). (2024, Feb. 13). AI and cyber security: What you need to know.
NIST. (2024). Artificial Intelligence Risk Management Framework: Generative AI Profile (NIST AI 600-1).
OWASP. (2023–2025). Top 10 for LLM Applications.
Palo Alto Networks Unit 42. (2025). AI Agents Are Here. So Are the Threats.
Scientific American (Béchard, D. E.). (2025, Sept.). The new frontier of AI hacking—Could online images hijack your computer?
Trend Micro. (2025, Apr. 22). Unveiling AI agent vulnerabilities—Part I: Introduction.
Trend Micro. (2025, Jul. 29). State of AI Security, 1H 2025.
Zenity Labs. (2025, May 1). RSAC 2025: Your Copilot Is My Insider.
Zenity Labs (PR Newswire). (2025, Aug. 6). AgentFlayer vulnerabilities allow silent hijacking of major enterprise.

AI lowers entry barriers, raises mastery standards
Novices gain most; experts move to oversight and design
Education must deliver operator training and governance mastery

A quiet result from a very loud technology deserves more attention. When a Fortune 500 company gave customer-support agents an AI assistant, productivity rose by 14% on average, but it jumped by 34% for the least-skilled workers. In other words, the most significant early gains from generative AI appeared at the bottom of the ladder, not the top. This single statistic changes how we view the skills debate. Automation is not just about replacing routine jobs; it also helps novices perform at nearly intermediate levels from day one. In factories and offices, this creates a barbell labor market: easier entry for low-skill roles and a faster-moving ceiling for highly skilled workers. Education systems—secondary, vocational, and higher—must change to a world where AI lowers the competence floor and raises the standard for mastery. The policy question is not whether AI will change work; it already has. The question is whether our learning institutions will change at the same speed. The urgency and necessity of ongoing curriculum evolution cannot be overstated.

The New Floor: Automation Expands the Entry Ramp

Evidence from large-scale deployments shows a clear trend. On the factory side, global robot stocks reached about 4.28 million operational units in 2023, increasing roughly 10% in a year, with Asia accounting for 70% of new installations. However, the new wave is less about brute automation and more about software that makes complex equipment understandable to less experienced operators. In administrative settings, AI replaces routine desk tasks; on shop floors, it often supports people by integrating guidance, quality control, and predictive maintenance into the tools themselves. Recent data show an overall shift towards higher demand for machine operators and younger, less-credentialed workers, even as clerical roles continue to shrink. This creates a two-sector split that policymakers cannot ignore.

The mechanism is straightforward. Generative systems capture the playbook of top performers and provide it to novices in real time. In extensive field studies, AI assistants helped less-experienced workers resolve customer issues faster and with better outcomes, effectively condensing months of on-the-job learning into weeks. This aligns with another line of research indicating that access to a general-purpose language model can reduce writing time by about 40% while improving quality, especially for those starting further from the frontier. These are not trivial edge cases or lab-only outcomes; they have now been observed in real workplaces across different task types. For entry-level employees, AI acts as a tutor and a checklist hidden within the workflow.

If this is the new floor, two implications arise for education. First, basic literacy—numeracy, writing, data hygiene—still matters, but the threshold for job-ready performance is shifting from “memorize the rules” to “operate the system that encodes the rules.” Second, AI exposure is unevenly distributed. Cross-country analysis suggests that occupations with high AI exposure are disproportionately white-collar and highly educated. However, this exposure has not led to widespread employment declines to date; in several cases, employment growth has even been positively linked to AI exposure over the past decade. This is encouraging, but it also means that entry ramps are being widened most where AI tools are actively used. Schools and training programs that treat AI as taboo risk exclude students from the very complementarity that drives early-career productivity. Educators and policymakers must ensure equitable access to AI, providing fair opportunities for all.

The Moving Ceiling: Why the Highly Skilled Must Climb Faster

It is tempting to think that if AI boosts lower performers the most, it lowers the value of expertise. However, the emerging evidence suggests the opposite: mastery changes shape and moves upward. In a study of software development across multiple firms, access to an AI coding assistant increased output by about 26% on average. Juniors saw gains in the high-20s to high-30s, while seniors experienced single-digit increases. This does not render senior engineers redundant; it raises the expectations for what “senior” should mean—less focus on syntax and boilerplate and more emphasis on architecture, verification, and socio-technical judgment. In writing and analysis, a similar pattern emerges: significant support on routine tasks and uneven benefits on complex, open-ended problems where human oversight and domain knowledge are crucial. The ceiling is not lower; it is higher and steeper.

This helps explain a paradox in worker sentiment. Even as tools improve speed and consistency, most workers say they rarely use AI, and many are unsure if the technology will benefit their job prospects. Only about 6% expect more opportunities from workplace AI in the long run; a third expect fewer. From a barbell perspective, this hesitation is logical: if AI handles standard tasks, the market will reward those who can operate the system reliably (new entry-level roles) and those who can design, audit, and integrate it across processes (new expert roles). The middle, where careers once developed over many years, is compressing. Education that does not teach students how to climb—from tool use to tool governance—will leave graduates stuck on the flattened middle rung.

For high-skill workers, the solution is not generic “upskilling” but specialization beyond the model’s capabilities: data stewardship, human-factors engineering, causal reasoning, adversarial testing, and cross-domain synthesis. Studies of knowledge workers show that performance can improve dramatically for tasks “inside” the model’s capabilities, but it can decline on tasks “outside” it if workers overly trust fluent outputs. This asymmetry is where advanced programs should focus: teaching when to rely on the model and when to question it. Think fewer assignments aimed at producing a clean draft and more assignments aimed at proving why a draft is correct, safe, and fair, with the model as a visible, critiqued collaborator rather than a hidden ghostwriter.

Designing a Two-Track Education Agenda

If AI lowers the entry threshold and raises the mastery bar, education policy should explicitly support both tracks. On the entry side, we need programs that quickly and credibly certify “operator-with-AI” competence. Manufacturing already sets an example. With robots at record scale and software guiding the production line, short, modular training can prepare graduates to operate systems that once required years of implicit knowledge. Real-time decision support, simulation-based training, and built-in diagnostics reduce the time it takes new hires to become productive. Community colleges and technical institutes that collaborate with local employers to design “Level 1 Operator (AI-assisted)” certificates will broaden access while addressing genuine demand.

The office counterpart is just as practical. Instead of prohibiting AI from assignments and then hoping for honesty, instructors should require paired submissions: a human-only baseline followed by an AI-assisted revision with a brief error log. This approach preserves practice in core skills while teaching students to view systems as amplifiers rather than crutches. It also instills the meta-skills that employers value but often do not assess: prompt management, fact verification, and iterative critique. Early field results indicate that novices benefit most from this structure; schools can gain a similar advantage by incorporating this scaffold into their rubrics.

For the mastery track, universities should shift focus toward governance literacy and system integration. Capstone projects should include model selection and evaluation under constraints, robustness testing, and comprehensive documentation that can be audited by a third party. Practicums can use real data from operations (help desks, registrars, labs) with explicit permissions and guidelines, allowing students to study not only performance improvements but also potential failures. Employers already indicate that adoption, not invention, is the primary barrier; surveys across industries show that enthusiasm outpaces readiness, with leadership, skills, and change management identified as key obstacles. This is a problem education can solve—if curricula are allowed to evolve at the pace of deployment rather than the pace of textbook cycles.

There is also a role for public policy to ensure that the floor rises effectively. Two main approaches stand out. First, expand last-mile apprenticeships linked to AI-enabled roles: a semester-long “operator residency” in advanced manufacturing, a co-op in data-supported student services, and a supervised stint in clinical administration using AI for scheduling and triage. Second, build assessment systems that align incentives: state systems could fund verification labs that test whether graduates can manage, monitor, and explain AI-assisted workflows to professional standards. These are foundational capacities, akin to welding booths or nursing mannequins from an earlier era. They make the invisible visible and certify what truly matters.

Skeptics will raise three reasonable critiques. One concern is that automation may lead to deskilling: if AI takes over tasks such as grammar or standard coding, will students lose foundational skills? Evidence suggests that when curricula sequence tasks—first unaided, then supported with explicit reflection—skills improve rather than deteriorate. A second critique is that AI adoption in the real world remains inconsistent; most workers currently report little to no use of AI in their jobs. This situation strongly argues for education to bridge the usage gap, enabling early-career workers to drive diffusion. A third critique concerns equity: will the benefits be distributed to those who already have access to better schools and devices? This risk is real; however, studies showing significant effects for novices also indicate that universal access and instruction can help reduce inequality. The challenge for policy is to ensure that this complementarity is broad, not exclusive.

34% productivity gains for the least-skilled workers serve as a reminder that AI’s most apparent benefits are not just for specialists. On the factory floor, software-guided machines allow newer operators to contribute sooner. In the office, embedded co-pilots help transform rough drafts into solid first versions. That is the “lowers the floor” aspect. The raised ceiling means that as standard tasks become faster and more uniform, fundamental value shifts to design, verification, and integration—the judgment calls that automation cannot replace. Education must embrace both sides. It must teach students how to use the tools without losing the craft and to take responsibility for the aspects of work that tools cannot handle. This requires credentialing operator competence early, developing governance mastery later, and measuring both through honest assessments. If we act now, the barbell workforce can be a deliberate policy choice rather than a chance occurrence—expanding opportunities at entry and deepening expertise at the top.

The views expressed in this article are those of the author(s) and do not necessarily reflect the official position of the Swiss Institute of Artificial Intelligence (SIAI) or its affiliates.

References

Brynjolfsson, E., Li, D., & Raymond, L. (2025). Generative AI at Work. Quarterly Journal of Economics, 140(2), 889–942.
International Federation of Robotics. (2024, Sept. 24). Record of 4 million robots working in factories worldwide. Press release and global market.
ManufacturingDive. (2025, Apr. 14). Top 3 challenges for manufacturing in 2025: Skills gap, turnover, and AI.
ManufacturingTomorrow. (2025, Aug.). How to Use AI to Close the Manufacturing Skills Gap.
MIT Sloan Ideas Made to Matter. (2024, Nov. 4). How generative AI affects highly skilled workers.
MIT Sloan Ideas Made to Matter. (2025, Mar. 10). 5 issues to consider as AI reshapes work.
Noy, S., & Zhang, W. (2023). Experimental evidence on the productivity effects of generative artificial intelligence. Science, 381.
Pew Research Center. (2025, Feb. 25). U.S. workers are more worried than hopeful about future AI use in the workplace; and Workers’ exposure to AI.
De Souza, G. (2025). Artificial Intelligence in the Office and the Factory: Evidence from Administrative Software Registry Data. Federal Reserve Bank of Chicago Working Paper 2025-11; and VoxEU column summary.