For a long stretch of this cycle, the assumed moats in AI were the obvious ones. More parameters. More tokens. More compute. More proprietary data. The story has been told often enough that it is easy to forget the story is about a curve everyone is on. Parameter counts converge. Public corpora are exhausted. Compute is rented. Model architectures diffuse across the field in months. Whatever is scarce today is on a known schedule to be commodity by next year.

What does not commoditise is the record of decisions that were nearly wrong. As soon as an AI agent stops answering questions and starts acting — placing orders, routing care, signing on someone's behalf — every action it takes either lands or gets corrected. The corrections are the substrate of the next, better agent. They are also the asset that almost nobody is collecting properly.

We call this asset the override log. It is the calibrated, structured record of every time a human in the loop said no to a proposed action — and, critically, why. Not a vague thumbs-down. Not a softmax score over a label set. A timestamped, contextual entry: the agent proposed X, in the following state, with the following supporting evidence; a qualified human overrode it; the override carried a reason inside a small, disciplined taxonomy; the action that actually happened was Y; the downstream consequence was Z. Repeat that, in a regulated environment, across hundreds of thousands of decisions. What accumulates is something no public dataset can imitate.

There are three properties of the override log that make it a durable moat where weights and corpora are not.

First, it is endogenous to deployment. You cannot scrape it. You cannot buy it. You cannot synthesise it convincingly because the prior — what a qualified human in a specific operating context would actually flag — is not in the public distribution. The only way to generate the log is to be the operator of the surface where the decisions get made and the overrides get entered. That is a position earned over years of access, not weeks of fine-tuning.

Second, the override log is the cheapest possible form of high-grade supervision. Most labelling regimes pay people to read examples out of context and assign labels they would never use in real work. The override log inverts this: the labels come from people doing their actual jobs at the moment they reject the agent's suggestion. The signal is dense, the cost is amortised against work that would have been done anyway, and the distribution is exactly the distribution that matters — the operating distribution, not a benchmark proxy.

Third, the override log compounds asymmetrically with the safety frontier. A model trained against a richer override corpus does not just get more accurate; it gets more accurately calibrated about when not to act. That second property is the one regulators, auditors, and counterparties actually care about. Capability without calibrated abstention is a liability. Calibrated abstention is the licence to operate. Whoever owns the deepest override corpus owns the actionable safety frontier — the boundary between automation that is allowed to run and automation that is not.

There is a temptation to dismiss this as a labelling story dressed up. It is not. Three things separate a real override log from a labelling pipeline. The taxonomy of override reasons has to be small enough that humans can use it under load, but expressive enough that the agent can learn the difference between "this action is illegal here," "this action is legal but inappropriate for this person," and "this action is fine but the timing is wrong." Each of those produces different downstream behaviour. The capture surface has to be ergonomic enough that overrides happen at the moment of decision rather than reconstructed after the fact. And the loop back into the model has to respect the fact that some overrides reflect persistent policy, others reflect a one-off context that the model should not generalise from.

Get those three details right and you have built something competitors cannot shortcut. They can match your model. They cannot match the record of every time a serious human in a serious domain said no, in a way structured enough to teach the next agent. Get them wrong and you have a noisy thumbs-down stream that adds nothing.

The strategic implication for any team building agents that act in consequential domains is straightforward. Treat the override log as the primary product artefact, not the model. Design the deployment surface so that overrides are easy, taxonomised, and faithfully recorded. Audit the log as carefully as you audit financial statements. And recognise that the value of the log is not in any single entry but in the slope: how quickly the override rate falls on actions the operator has seen before, while the agent's coverage of new action types expands. That slope is the only growth curve in this industry that competitors cannot simply spend their way onto.

The moat in AI is not the model. It never was. It is the record of restraint.

当 AI 智能体开始在现实世界中行动，真正具有持久性的护城河，并非模型规模或数据体量，而是覆写日志——即每一次人类说「不」时所留下的、经过校准与结构化的记录，以及背后的理由。这一记录无法被爬取、购买或合成，只能由部署运营方在受监管环境中逐步累积。它是最低成本的高质量监督来源，也是可执行安全边界的根本资产。谁拥有最深的覆写语料，谁便拥有可被允许投入运行的自动化边界。智能体团队应将覆写日志，而非模型权重，视为首要产品资产。

覆写日志区别于一般标注流程的三个关键特性：其一，覆写理由的分类体系须足够精简以供高负荷下使用，但须足够表达性，使智能体能区分「此行为在此处违法」、「此行为合法但不适合此人」与「此行为合理但时机不对」三类情形——每一类均产生不同的后续行为。其二，捕捉界面须足够符合人体工程学，确保覆写发生于决策时刻，而非事后重建。其三，回馈模型的循环须区分反映持久政策的覆写与一次性情境覆写，避免不当泛化。

这条护城河的价值，不在于单条记录，而在于其斜率：智能体在曾见过的行动类型上的覆写率下降速度，以及其覆盖新行动类型的扩展速度。这是这个行业中唯一一条竞争者无法靠资本跨越的增长曲线。AI 的护城河从来不是模型本身，而是克制的记录。

當 AI 智能體開始於現實世界中行動，真正具有持久性的護城河，並非模型規模或數據體量，而是覆寫日誌——即每一次人類說「不」時所留下的、經過校準與結構化的記錄，以及背後的理由。此一記錄無法被爬取、購買或合成，只能由部署營運方在受監管環境中逐步累積。它是最低成本的高品質監督來源，亦是可執行安全邊界的根本資產。誰擁有最深的覆寫語料，誰便擁有可被允許投入運行的自動化邊界。智能體團隊應將覆寫日誌，而非模型權重，視為首要產品資產。

覆寫日誌區別於一般標注流程的三個關鍵特性：其一，覆寫理由的分類體系須足夠精簡以供高負荷下使用，但須足夠表達性，使智能體能區分「此行為在此處違法」、「此行為合法但不適合此人」與「此行為合理但時機不對」三類情形——每一類均產生不同的後續行為。其二，捕捉介面須足夠符合人體工程學，確保覆寫發生於決策時刻，而非事後重建。其三，回饋模型的迴圈須區分反映持久政策的覆寫與一次性情境覆寫，避免不當泛化。

這條護城河的價值，不在於單條記錄，而在於其斜率：智能體在曾見過的行動類型上的覆寫率下降速度，以及其覆蓋新行動類型的擴展速度。這是這個行業中唯一一條競爭者無法靠資本跨越的增長曲線。AI 的護城河從來不是模型本身，而是克制的記錄。