AI system builders don't know you exist

I was recently at an artificial intelligence meetup on a Caribbean island. It wasn't a conference or a corporate retreat. It was the kind of gathering that happens when you put a few hundred digital nomads in a place with good weather, good enough Wi-Fi and enough ambition and passion to fill a donated restaurant space on a Tuesday night.

What I saw there wasn't just enthusiasm for AI. It was evidence of a widening gap the privacy and governance community needs to take seriously: independent builders creating high-impact AI systems with little awareness of the regulatory environment they are already operating in — and no reason to wait for us to catch up.

One person I spoke with was using AI agents to map the human brain for biohacking purposes: tracking neural patterns and experimenting with cognitive enhancement. Five years ago, this kind of project would have required a serious research and development budget and a team of engineers. He was doing it alone, powered by curiosity and freely available tools. It was genuinely brilliant. Another was exploring ways to scale his online marital therapy platform using OpenClaw agents. 

When I asked what they knew about the regulatory environment surrounding their project, they looked at me like I was speaking a different language. Which, for all practical purposes, I was.

The regulatory landscape around AI is already here, already fragmented and already generating real legal exposure. That tension surrounds the environment builders are operating in right now, whether they know it or not. And most of them do not.

What makes this moment different from earlier technology waves is who the builders are. The individuals I spoke about earlier had no formal software engineering background. They were not part of the tech industry in any traditional sense. They taught themselves using AI tools, found a problem worth solving and are building something that offers real value and may work. 

This is the direction the field is moving. The barrier to creating a high-impact AI system has collapsed, but the barrier to understanding the regulatory environment around it has not.

The governance conversations in our community are substantive and necessary. But they are largely happening inside corporate legal departments, compliance teams and conference rooms full of people who already have privacy credentials.

Meanwhile, the actual building is happening at meetups, in Discord servers, in GitHub repositories and in coworking spaces from Lisbon to Medellín. These builders are not ignoring governance because they do not care, but because nobody has shown up in their world to make it legible.

A project that starts on a laptop in a Caribbean coworking space is a global compliance task the moment it touches users across jurisdictions. Market-reach principles do not care where a developer is sitting when they push to production. The frameworks do not have carve-outs for independent developers or first-time builders. Retrofitting compliance into a system that has already been deployed is significantly harder, and more expensive, than understanding the guardrails before building past them.

The privacy and governance community has two options. We can keep doing what we are doing: writing for each other, advising the enterprises that seek us out and waiting for builders to find their way to us. Or we can start showing up where the builders actually are. This is not to slow them down, but to give them a fighting chance at building something that survives contact with the real world.

I do not have a tidy answer for how to close this gap. But I think the first step is admitting that those who need this information most are not coming to us. Waiting for them to show up at a conference is not a strategy.

I want to crowdsource this. What are the top three things you would want every independent AI builder to understand before or while they build, in plain enough language to fit in a project README file? This is exactly the kind of problem that gets solved in informal spaces and I look forward to continuing the conversation.